/*\
title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/post-acl.js
type: application/javascript
module-type: mws-route

POST /admin/post-acl

\*/
(function () {

/*jslint node: true, browser: true */
/*global $tw: false */
"use strict";

exports.method = "POST";

exports.path = /^\/admin\/post-acl\/?$/;

exports.bodyFormat = "www-form-urlencoded";

exports.csrfDisable = true;

exports.handler = function (request, response, state) {
	var sqlTiddlerDatabase = state.server.sqlTiddlerDatabase;
	var entity_type = state.data.entity_type;
	var recipe_name = state.data.recipe_name;
	var bag_name = state.data.bag_name;
	var role_id = state.data.role_id;
	var permission_id = state.data.permission_id;
	var isRecipe = entity_type === "recipe"

	var entityAclRecords = sqlTiddlerDatabase.getACLByName(entity_type, isRecipe ? recipe_name : bag_name, true);

	var aclExists = entityAclRecords.some((record) => (
		record.role_id == role_id && record.permission_id == permission_id
	))

	// This ensures that the user attempting to modify the ACL has permission to do so
	// if(!state.authenticatedUser || (entityAclRecords.length > 0 && !sqlTiddlerDatabase[isRecipe ? 'hasRecipePermission' : 'hasBagPermission'](state.authenticatedUser.user_id, isRecipe ? recipe_name : bag_name, 'WRITE'))){
	// 	response.writeHead(403, "Forbidden");
	// 	response.end();
	// 	return
	// }

	if (aclExists) {
		// do nothing, return the user back to the form
		response.writeHead(302, { "Location": "/admin/acl/" + recipe_name + "/" + bag_name });
		response.end();
		return
	}

	sqlTiddlerDatabase.createACL(
		isRecipe ? recipe_name : bag_name,
		entity_type,
		role_id,
		permission_id
	)

	response.writeHead(302, { "Location": "/admin/acl/" + recipe_name + "/" + bag_name });
	response.end();
};

}());