using System;
using System.Net;
using System.Net.Http;
using System.Web;
using System.Web.Http;
using System.Web.Http.Controllers;
using Kreta.BusinessLogic.Security;

namespace Kreta.Web.Security
{
    public class ApiRolePackageDenyAuthorizeAttribute : ApiRolePackageAuthorizeAttribute
    {
        public ApiRolePackageDenyAuthorizeAttribute(params string[] claimValue) : base(KretaSecurityActions.Deny, claimValue) { }
    }

    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
    public class ApiRolePackageAuthorizeAttribute : AuthorizeAttribute
    {
        private string[] claimPackages;
        private KretaSecurityActions actionType = KretaSecurityActions.Demand;

        public ApiRolePackageAuthorizeAttribute(params string[] claimValue)
        {
            claimPackages = claimValue;
        }

        public ApiRolePackageAuthorizeAttribute(KretaSecurityActions type, params string[] claimValue)
        {
            claimPackages = claimValue;
            actionType = type;
        }

        public override void OnAuthorization(HttpActionContext actionContext)
        {
            if (IsAuthorized(actionContext))
                return;
            HandleUnauthorizedRequest(actionContext);
        }

        protected override bool IsAuthorized(HttpActionContext actionContext)
        {
            var result = AuthorizeHelper.CheckPackageAccess(claimPackages);
            if (actionType == KretaSecurityActions.Deny)
            {
                result = !result;
            }

            return result;
        }

        protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
        {
            HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthorized");
            actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden);
        }
    }
}