module Scrivito
  class WorkspacesController < WebserviceController
    around_action :authorize_current_workspace_read,    only: :show
    around_action :authorize_current_workspace_write,   only: [:update, :destroy, :rebase]
    around_action :authorize_current_workspace_publish, only: [:check, :publish]

    def index
      workspaces = Workspace.all.select do |workspace|
        can_user_access_workspace?(:read, workspace) || workspace.published?
      end
      render json: workspaces
    end

    def show
      render json: current_workspace
    end

    def create
      create_workspace_params = workspace_params.dup
      create_workspace_params.deep_merge!(memberships: {scrivito_user.id => {role: 'owner'}})
      render json: Workspace.create(create_workspace_params)
    end

    def update
      render json: current_workspace.update(workspace_params)
    end

    def destroy
      current_workspace.destroy
      render_empty_json
    end

    def rebase
      current_workspace.rebase
      render_empty_json
    end

    def check
      render json: publish_checker.call(params[:from].to_i)
    end

    def publish
      if valid_publish_request?
        current_workspace.conditional_publish
        render_empty_json
      else
        concurrent_content_change_response
      end
    rescue Workspace::PublishPreventedDueToContentChange
      concurrent_content_change_response
    rescue ScrivitoError => e
      raise ClientError.new(e.message, 400)
    end

    private

    def valid_publish_request?
      publish_checker.passing_certificates?(certificates_param)
    end

    def publish_checker
      Workspace::PublishChecker.new(current_workspace, scrivito_user)
    end

    def authorize_current_workspace_read(&block)
      authorize_current_workspace_access(:read, &block)
    end

    def authorize_current_workspace_write(&block)
      authorize_current_workspace_access(:write, &block)
    end

    def authorize_current_workspace_publish(&block)
      authorize_current_workspace_access(:publish, &block)
    end

    def authorize_current_workspace_access(verb, &block)
      authorize_workspace_access(verb, current_workspace, &block)
    end

    def current_workspace
      @current_workspace ||= Workspace.find(params[:id])
    end

    def workspace_params
      assert_valid_workspace_params
      params[:workspace]
    end

    def certificates_param
      assert_valid_certificates_param
      params[:certificates]
    end

    def assert_valid_certificates_param
      if params[:certificates].blank?
        raise ClientError.new("Required parameter 'certificates' is missing.", 400)
      end
      unless params[:certificates].is_a?(Array)
        raise ClientError.new("Parameter 'certificates' is not an array.", 400)
      end
    end

    def assert_valid_workspace_params
      raise "Required parameter 'workspace' is missing." unless params[:workspace].present?
      raise "Parameter 'workspace' is not a hash." unless params[:workspace].is_a?(Hash)
    end

    def concurrent_content_change_response
      render text: 'Concurrent content change', status: 409
    end
  end
end