using System.Net;
using System.Web.Mvc;
using Portoa.Web;
using Portoa.Web.ErrorHandling;
using VideoGameQuotes.Api;

namespace VideoGameQuotes.Web.Security {
	[NeedsBuildUp]
	public class IsValidUserAttribute : ActionFilterAttribute {
		public IsValidUserAttribute() {
			Group = UserGroup.User;
		}

		public ICurrentUserProvider UserProvider { get; set; }
		public UserGroup Group { get; set; }

		public override void OnActionExecuting(ActionExecutingContext filterContext) {
			var allowedToExecuteAction = UserProvider != null
				&& UserProvider.CurrentUser != null
					&& UserProvider.CurrentUser.Group >= Group;

			if (!allowedToExecuteAction) {
				filterContext.Result = new ErrorViewResult {
					Message = "You are not a verified user (are you hiding your IP address?)",
					StatusCode = HttpStatusCode.Forbidden,
					ViewName = "Forbidden"
				};
			}
		}
	}
}