class ResourceController < ApplicationController

  # GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
  verify :method => :post, :only => [ :create, :update ],
         :redirect_to => { :action => :list }

  def index
    store_location    
    @webpage_title = 'List of Resources'
    @resources = Resource.find(:all)
    render :action => 'list'
  end

  def list
    store_location
    @webpage_title = 'List of Resources'
    @resources = Resource.find(:all)
  end

  def goto
    @resource = Resource.find(params[:id])
    @resource.without_revision do
      ActiveRecord::Base.record_timestamps = false
      @resource.update_attribute(:outclicks, @resource.outclicks + 1)
      ActiveRecord::Base.record_timestamps = true
    end
    redirect_to @resource.project_url
  rescue
    flash[:notice] = 'Could not goto given resource'
    redirect_to :action => 'list'
  end


  def flag
    @resource = Resource.find(params[:id])
    @flag_type = params[:flag_type]
    return unless request.post?
    @newflag = Flag.create
    @newflag.resource_id = @resource.id
    @newflag.flag_type = params[:flag_type]
    @t = params[:flag][:comment]
    @t.tr_s!("<", "")      
    @t.tr_s!(">", "")      
    @t.tr_s!("'", "")      
    @newflag.comment = @t
    if current_user
      @newflag.submit_user_id = current_user.id
    end
    @newflag.save
    flash[:notice] = 'Feedback Saved.  Thank you.'
    redirect_back_or_default(:action => 'show', :id=>@resource)
    store_location
  end

  def show
    @resource = Resource.find(params[:id])

    @resource.without_revision do
      ActiveRecord::Base.record_timestamps = false
      @resource.update_attribute(:hits, @resource.hits + 1)
      ActiveRecord::Base.record_timestamps = true
    end      
    
    @rating_comment = @resource.review_from_user( current_user )

    @webpage_title = 'Resource: '+ @resource.name
    render :action => 'unviewable' if not (permit?("site_admin or owner of :resource") or @resource.viewable?)
    store_location

  rescue
    flash[:notice] = 'Could not show given resource'
    redirect_to :action => 'list'
  end

  def new
    store_location
    permit 'site_admin or authenticated' do
      @webpage_title = 'Enter New Resource'
      if request.post?
        @resource = Resource.new(params[:resource])
        @resource.contact_name = current_user.fullname
        @resource.contact_email = current_user.email
        client_side_list_sync @resource.orgs, Org, :naming => 'org', :create_entry => true
        client_side_list_sync @resource.tags, Tag, :naming => 'tag', :create_entry => true
        current_selections = @resource.orgs.collect { |org| org.name }
        client_side_list_for :orgs, :initialize => current_selections
        current_tags = @resource.tags.collect { |tag| tag.name }
        client_side_list_for :tags, :initialize => current_tags
        if @resource.save
          current_user.has_role "submitter", @resource
          flash[:notice] = 'Resource was successfully created.  A site administrator will review the content for posting.  You can edit the entry in the Action section.'
          redirect_to :action => 'list'
        end
      else
        client_side_list_for :orgs
        client_side_list_for :tags
        @resource = Resource.new        
        # these two lines will go away with a real ownership system
        @resource.contact_name = current_user.fullname
        @resource.contact_email = current_user.email
      end
    end
  end

  def edit
    store_location
    @resource = Resource.find(params[:id])
    if permit? 'site_admin' and @resource.viewable == false
      @resource.viewable = true
      flash[:notice] = 'This resource is viewable when you save.'  
    end

    permit 'site_admin or owner of :resource' do
      @webpage_title = 'Edit Resource'
      if request.post?
        client_side_list_sync @resource.orgs, Org, :naming => 'org', :create_entry => true
        client_side_list_sync @resource.related, Resource, :naming => 'related'
        client_side_list_sync @resource.similar, Resource, :naming => 'similar'
        client_side_list_sync @resource.tags, Tag, :naming => 'tag', :create_entry => true
        if @resource.update_attributes(params[:resource])
          if not permit? 'site_admin'
            @resource.update_attributes(:viewable => false)
          flash[:notice] = 'Resource was successfully updated.  Edits and changes will be reviewed by the curation team before posting online.'
          else
            if @resource.viewable?
              flash[:notice] = 'Resource was successfully updated.  This resource is now LIVE.'
            else
              flash[:notice] = 'Resource was successfully updated.  This resource is HIDDEN.'
            end
          end

#          UserNotifier.deliver_resource_updated(@resource)
          redirect_to :action => 'show', :id => @resource
          return
        end
      end
      current_orgs = @resource.orgs.collect { |org| org.name }
      client_side_list_for :orgs, :initialize => current_orgs
      current_tags = @resource.tags.collect { |tag| tag.name }
      client_side_list_for :tags, :initialize => current_tags
      current_related = @resource.related.collect { |project| project.name }
      client_side_list_for :resources, :naming => 'related', :initialize => current_related
      current_similar = @resource.similar.collect { |project| project.name }
      client_side_list_for :resources, :naming => 'similar', :initialize => current_similar
    end
  rescue
    flash[:notice] = 'Could not edit given resource'
    redirect_to :action => 'list'
  end

# in admin
#   def destroy
# #    CheckAuth?
#     Resource.find(params[:id]).destroy
#     redirect_to :action => 'list'
#   end
#

end