module Locomotive
  module Public
    class ContentEntriesController < BaseController

      before_filter :set_content_type

      before_filter :sanitize_entry_params, :only => :create

      skip_before_filter :verify_authenticity_token

      self.responder = Locomotive::ActionController::PublicResponder # custom responder

      respond_to :html, :json

      def create
        @entry = @content_type.entries.create(params[:entry] || params[:content])
        flash[@content_type.slug.singularize] = @entry.to_presenter(:include_errors => true).as_json
        respond_with @entry, :location => self.callback_url
      end

      protected

      def set_content_type
        @content_type = current_site.content_types.where(:slug => params[:slug]).first

        # check if ability to receive public submissions
        unless @content_type.public_submission_enabled?
          respond_to do |format|
            format.json { render :json => { :error => 'Public submissions not accepted' }, :status => :forbidden }
            format.html { render :text => 'Public submissions not accepted', :status => :forbidden }
          end
          return false
        end
      end

      def callback_url
        (@entry.errors.empty? ? params[:success_callback] : params[:error_callback]) || main_app.root_path
      end

      def sanitize_entry_params
        entry_params = params[:entry] || params[:content] || {}
        entry_params.each do |key, value|
          next unless value.is_a?(String)
          entry_params[key] = Sanitize.clean(value, Sanitize::Config::BASIC)
        end
      end

    end
  end
end