package Test::TestController;
use Dancer ':syntax';
use strict;

use Test::Model::Test;

our $VERSION = '0.1';

prefix '/test';

route();

sub route {
	hook 'before' => sub {
		if (! session('user') && request->path_info =~ /^\/test\// && request->path_info !~ m{^/login}) {
			var requested_path => request->path_info;
			request->path_info('/test/login');
		}

	};

	get '/login' => sub {
		template 'login_test.tt', {
		};
	};


	##log user in. Validate authentication then redirect to user base route
	post '/login' => sub {
		session user => {id => 1, role =>{ id => 1} };
		redirect '/test/website/get/1';
	};

	get '/website/get/:id' => sub {

		##check we're not being passed non id stuff
		unless (params->{id} =~ /^[\d]+$/) { redirect '/test/login'; return }

		my $website = Test::Model::Test::get_website(params->{id});	

		##only for admin for all websites
		##check that the website is owned by this user otherwise
		unless (session('user')->{role}->{id} eq Test::Model::Test::ROLE_ADMIN ||
				$website->{created_by} eq session('user')->{id}) { 
		
			redirect '/login'; 
		}

		template 'website_test.tt', {
				'values' => $website,
				'form_url' => '/test/website/edit/'.params->{id},
		};
	};

	post '/website/edit/:id' => sub {

		##check we're not being passed non id stuff
		unless (params->{id} =~ /^[\d]+$/) { redirect '/test/login'; return }

		my $website = Test::Model::Test::get_website(params->{id});	

		##only for admin for all websites
		##check that the website is owned by this user otherwise
		unless (session('user')->{role}->{id} eq Test::Model::Test::ROLE_ADMIN ||
				$website->{created_by} eq session('user')->{id}) { 
		
			redirect '/login'; 
		}

		my $param_ref = params;
		Test::Model::Test::edit_website(session('user'), $param_ref);

		##Redirect to add a new website with a flash message
		#flash message => 'Website successfully edited!';
		redirect '/test/website/get/'.params->{id};

	};


}

true;