module MnoEnterprise
  class Jpi::V1::ShoppingCartController < ApplicationController
    # before_filter :authenticate_user!, except: [:apps]
    # before_filter :inject_cart_and_authorize, only: [:show,:upsert_item,:remove_item,:checkout]
    #
    # # When a user signs in from the shopping
    # # cart, the CSRF token seems to change therefore
    # # preventing any POST request later on
    # # TODO: We should be able to grab the new CSRF token on
    # # login and inject it in angular
    # skip_before_filter :verify_authenticity_token
    #
    # # GET /mnoe/jpi/v1/shopping_cart/apps
    # # params:
    # # - ensure_apps: [{ app: {id: 16 } }] (as string) -- ensure that some apps are present in the list
    # def apps
    #   @apps = App.active.to_a
    #
    #   if params[:ensure_apps].present?
    #     begin
    #       id_list = JSON.parse(params[:ensure_apps]).map { |h| (h['app']||{})['id'] }.compact
    #       @apps += App.where(id: id_list).to_a
    #       @apps.uniq!
    #     rescue
    #     end
    #   end
    #
    #   @apps.sort! { |a,b| a.name <=> b.name }
    #
    #   render json: @apps.map { |a| Shopping::Cart.hash_for_app(a) }
    # end
    #
    # # GET /mnoe/jpi/v1/shopping_cart/organizations
    # def organizations
    #   @orgs = Organization.accessible_by(Ability.new(current_user)).sort_by { |o| o.name }
    # end
    #
    # # GET /mnoe/jpi/v1/shopping_cart/1
    # def show
    # end
    #
    # # POST /mnoe/jpi/v1/shopping_cart
    # # TODO: add test for bundle parameter on create
    # def create
    #   organization = Organization.find(params[:shopping_cart][:organization_id])
    #   bundle = params[:shopping_cart][:bundle]
    #   authorize! :purchase, organization
    #
    #   @cart = Shopping::Cart.create(requestor: current_user, beneficiary: organization, bundle: bundle)
    #
    #   render 'show'
    # end
    #
    # # PUT /mnoe/jpi/v1/shopping_cart/1/upsert_item
    # def upsert_item
    #   @item = @cart.add_item!(params[:item])
    #   render 'show_item'
    # end
    #
    # # PUT /mnoe/jpi/v1/shopping_cart/1/remove_item
    # def remove_item
    #   @item = @cart.remove_item!(params[:item])
    #   render 'show_item'
    # end
    #
    # # PUT /mnoe/jpi/v1/shopping_cart/1/checkout
    # def checkout
    #   if @cart.checkout!(params[:credit_card])
    #     render 'show'
    #   else
    #     render json: @cart.errors, status: :bad_request
    #   end
    #
    # end
    #
    # #============================================
    # # Private Methods
    # #============================================
    # private
    #   # Inject @cart and authorize access
    #   # TODO: use CanCan for authorization
    #   def inject_cart_and_authorize
    #     @cart = Shopping::Cart.find(params[:id])
    #
    #     unless @cart.requestor == current_user
    #       render json: { errors: 'unauthorized' }, status: :unauthorized
    #       return false
    #     end
    #
    #     return true
    #   end
  end
end