{-# LANGUAGE OverloadedStrings #-}

module Secure
  ( loggedAction
  ) where

import Web.Scotty

import Network.HTTP.Types.Status (forbidden403)

import Database.Persist (Entity)

import Model.Database (User, runDb)
import Model.User (getUser)

import Control.Monad.IO.Class (liftIO)

import qualified Data.Text as T
import qualified Data.Text.IO as TIO

import qualified LoginSession

loggedAction :: (Entity User -> ActionM ()) -> ActionM ()
loggedAction action = do
  maybeLogin <- LoginSession.get
  case maybeLogin of
    Just login -> do
      maybeUser <- liftIO . runDb $ getUser login
      case maybeUser of
        Just user ->
          action user
        Nothing -> do
          status forbidden403
          liftIO . TIO.putStrLn . T.concat $ ["Could not find the user which login is ", login]
          html "Could not find a user from your login"
    Nothing -> do
      status forbidden403
      html "You need to be logged in to perform this action"