class ApiSchoolsController < ApiController

  before_filter :api_signed_in_user
  before_filter :lookup_school, :only => [:show, :update, :update_avatar, :delete_avatar, :generate_filepicker_policy, :remove_student, :remove_teacher]
  before_filter :auth_school, :only => [:show, :update, :update_avatar, :delete_avatar, :generate_filepicker_policy, :remove_student, :remove_teacher]

  respond_to :json

  def show
    @owner_viewing = @school.owner == current_user
  end

  def update
    @school.update_from_params(params)

    respond_with_model(@school)
  end

  def update_avatar
    original_fpfile = params[:original_fpfile]
    cropped_fpfile = params[:cropped_fpfile]
    cropped_large_fpfile = params[:cropped_large_fpfile]
    crop_selection = params[:crop_selection]

    # public bucket to allow images to be available to public
    @school.update_avatar(original_fpfile, cropped_fpfile, cropped_large_fpfile, crop_selection, Rails.application.config.aws_bucket_public)

    if @school.errors.any?
      respond_with @school, status: :unprocessable_entity
      return
    end


  end

  def delete_avatar
    @school.delete_avatar(Rails.application.config.aws_bucket_public)

    if @school.errors.any?
      respond_with @school, status: :unprocessable_entity
      return
    end
  end

  def generate_filepicker_policy
    # generates a soon-expiring filepicker policy so that a user can only upload to their own folder in their bucket

    handle = params[:handle]

    call = 'pick,convert,store'

    policy = { :expiry => (DateTime.now + 5.minutes).to_i(),
               :call => call,
               #:path => 'avatars/' + @user.id + '/.*jpg'
    }

    # if the caller specifies a handle, add it to the hash
    unless handle.nil?
      start = handle.rindex('/') + 1
      policy[:handle] = handle[start..-1]
    end

    policy = Base64.urlsafe_encode64( policy.to_json )
    digest  = OpenSSL::Digest::Digest.new('sha256')
    signature = OpenSSL::HMAC.hexdigest(digest, Rails.application.config.fp_secret, policy)

    render :json => {
               :signature => signature,
               :policy => policy
           }, :status => :ok
  end

  def remove_student
    user = User.find(params[:user_id])
    user.school_id = nil
    if !user.save
      respond_with user, status: :unprocessable_entity
      return
    end
  end

  def remove_teacher
    teacher = User.find(params[:teacher_id])
    teacher.teacher.school_id = nil
    if !teacher.teacher.save
      respond_with teacher.teacher, status: :unprocessable_entity
      return
    end
  end

  private
  def lookup_school
    @school = School.find_by_id(params[:id])
    raise ActiveRecord::RecordNotFound, "Can't find school" if @school.nil?
  end

  def auth_school
    if current_user.id != @school.owner.id && current_user.id != @school.owner.id
      raise JamPermissionError, "You do not have access to this school"
    end
  end
end