class ApiRetailersController < ApiController

  before_filter :api_signed_in_user, :except => [:customer_email]
  before_filter :lookup_retailer, :only => [:show, :update, :update_avatar, :delete_avatar, :generate_filepicker_policy, :remove_student, :remove_teacher, :customer_email]
  before_filter :auth_retailer, :only => [:show, :update, :update_avatar, :delete_avatar, :generate_filepicker_policy, :remove_student, :remove_teacher]

  respond_to :json

  def show

  end

  def update
    @retailer.update_from_params(params)

    respond_with_model(@retailer)
  end

  def update_avatar
    original_fpfile = params[:original_fpfile]
    cropped_fpfile = params[:cropped_fpfile]
    cropped_large_fpfile = params[:cropped_large_fpfile]
    crop_selection = params[:crop_selection]

    # public bucket to allow images to be available to public
    @retailer.update_avatar(original_fpfile, cropped_fpfile, cropped_large_fpfile, crop_selection, Rails.application.config.aws_bucket_public)

    if @retailer.errors.any?
      respond_with @retailer, status: :unprocessable_entity
      return
    end


  end

  def delete_avatar
    @retailer.delete_avatar(Rails.application.config.aws_bucket_public)

    if @retailer.errors.any?
      respond_with @retailer, status: :unprocessable_entity
      return
    end
  end

  def generate_filepicker_policy
    # generates a soon-expiring filepicker policy so that a user can only upload to their own folder in their bucket

    handle = params[:handle]

    call = 'pick,convert,store'

    policy = { :expiry => (DateTime.now + 5.minutes).to_i(),
               :call => call,
               #:path => 'avatars/' + @user.id + '/.*jpg'
    }

    # if the caller specifies a handle, add it to the hash
    unless handle.nil?
      start = handle.rindex('/') + 1
      policy[:handle] = handle[start..-1]
    end

    policy = Base64.urlsafe_encode64( policy.to_json )
    digest  = OpenSSL::Digest::Digest.new('sha256')
    signature = OpenSSL::HMAC.hexdigest(digest, Rails.application.config.fp_secret, policy)

    render :json => {
               :signature => signature,
               :policy => policy
           }, :status => :ok
  end

  def remove_student
    user = User.find(params[:user_id])
    user.retailer_id = nil
    if !user.save
      respond_with user, status: :unprocessable_entity
      return
    end
  end

  def remove_teacher
    teacher = User.find(params[:teacher_id])
    teacher.teacher.retailer_id = nil
    if !teacher.teacher.save
      respond_with teacher.teacher, status: :unprocessable_entity
      return
    end
  end

  def customer_email
    if !User::VALID_EMAIL_REGEX.match(params[:email])
      raise JamRuby::JamArgumentError.new('is not valid', :email)
    end

    UserMailer.retailer_customer_blast(params[:email], @retailer).deliver_now

    render :json => {}, status: 200
  end
  private
  def lookup_retailer
    @retailer = Retailer.find_by_id(params[:id])
    raise ActiveRecord::RecordNotFound, "Can't find retailer" if @retailer.nil?
  end

  def auth_retailer
    if current_user.id != @retailer.owner.id && current_user.id != @retailer.owner.id
      raise JamPermissionError, "You do not have access to this retailer"
    end
  end
end