<?php

/*
 * AVSDev UF Tweaks (https://avsdev.uk)
 *
 * @link      https://git.avsdev.uk/avsdev/sprinkle-uf-tweaks
 * @license   https://git.avsdev.uk/avsdev/sprinkle-uf-tweaks/blob/master/LICENSE.md (LGPL-3.0 License)
 */

namespace UserFrosting\Sprinkle\UFTweaks\Controller;

use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
use UserFrosting\Sprinkle\Account\Database\Models\Role;
use UserFrosting\Sprinkle\Core\Controller\SimpleController;
use UserFrosting\Support\Exception\ForbiddenException;

/**
 * Override role controller class to tweak the list of available user roles
 *
 * @author Craig Williams (craig@avsdev.uk)
 */
class RoleController extends SimpleController
{
    /**
     * Returns a list of Roles.
     *
     * Generates a list of roles, optionally paginated, sorted and/or filtered.
     * This page requires authentication.
     *
     * Request type: GET
     *
     * @param Request  $request
     * @param Response $response
     * @param array    $args
     *
     * @throws ForbiddenException If user is not authorized to access page
     */
    public function getList(Request $request, Response $response, $args)
    {
        // GET parameters
        $params = $request->getQueryParams();

        /** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
        $authorizer = $this->ci->authorizer;

        /** @var \UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */
        $classMapper = $this->ci->classMapper;

        /** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
        $currentUser = $this->ci->currentUser;

        // Access-controlled page
        $adminRole = $authorizer->checkAccess($currentUser, 'uri_roles');
        $userRole = $authorizer->checkAccess($currentUser, 'role_list');

        if (!$adminRole && !$userRole) {
            throw new ForbiddenException();
        }

        $sprunje = $classMapper->createInstance('role_sprunje', $classMapper, $params);
        if ($userRole) {
            $siteAdminId = Role::where('slug', 'site-admin')->first()->id;
            $sprunje->extendQuery(function($query) {
                $query->where('role_id', '!=', $siteAdminId);
            });
        }

        // Be careful how you consume this data - it has not been escaped and contains untrusted user-supplied content.
        // For example, if you plan to insert it into an HTML DOM, you must escape it on the client side (or use client-side templating).
        return $sprunje->toResponse($response);
    }
}