<?php
/**
 * Restserver controller
 * 
 * Posts controller
 * 
 * @author Pierre HUBERT
 */

class postsController {

	/**
	 * Visibility levels for the API
	 */
	const VISIBILITY_LEVELS_API = array(
		Posts::VISIBILITY_PUBLIC => "public",
		Posts::VISIBILITY_FRIENDS => "friends",
		Posts::VISIBILITY_USER => "private"
	);

	/**
	 * Access levels for the POST for the api
	 */
	const ACCESS_LEVEL_API = array(
		Posts::NO_ACCESS => "no-access",
		Posts::BASIC_ACCESS => "basic",
		Posts::INTERMEDIATE_ACCESS => "intermediate",
		Posts::FULL_ACCESS => "full"
	);

	/**
	 * Get user posts
	 * 
	 * @url POST /posts/get_user
	 */
	public function getUserPosts(){

		//Get user ID
		$userID = getPostUserID("userID");

		//Check if user is allowed to access informations or not
		if(!CS::get()->components->user->userAllowed(userID, $userID))
			Rest_fatal_error(401, "You are not allowed to access this user posts !");

		//Check if there is a startpoint for the posts
		if(isset($_POST['startFrom'])){
			$startFrom = toInt($_POST['startFrom']);
		}
		else
			$startFrom = 0; //No start point

		//Get the post of the user
		$posts = CS::get()->components->posts->getUserPosts(userID, $userID, $startFrom);

		//Process the list of posts
		foreach($posts as $num => $infos){

			//Get access level to the post
			$access_level = CS::get()->components->posts->access_level_with_infos($infos, userID);

			//Save level access in the response
			$posts[$num]["user_access"] = $this::ACCESS_LEVEL_API[$access_level];

			//Update visibility level
			$posts[$num]['visibility_level'] = $this::VISIBILITY_LEVELS_API[$infos['visibility_level']];

		}

		return $posts;
	}

	/**
	 * Create a post
	 * 
	 * @url POST /posts/create
	 */
	public function createPost(){

		user_login_required(); //Need login

		//Get the kind of page
		if(!isset($_POST['kind-page']) || !isset($_POST['kind-id']))
			Rest_fatal_error(400, "Please specify the kind of target page and its ID !");
		
		//Make the kind of page match with one of those locally stored
		switch($_POST['kind-page']){
			
			//In case of user
			case "user":

				//Get the values
				$kind_page = Posts::PAGE_KIND_USER;
				$kind_page_id = getPostUserID('kind-id');

				//Check if user is allowed to create post on user page
				if(!CS::get()->components->user->canCreatePosts(userID, $kind_page_id))
					Rest_fatal_error(401, "You are not allowed to create post on this page !");

				break;
			
			//Unsupported kind of page
			default:
				Rest_fatal_error(500, "Unsupported kind of page !");
		}

		//Get the kind of post
		if(!isset($_POST['kind']))
			Rest_fatal_error(400, "Please specify the kind of post !");
		$kind = $_POST['kind'];

		//Get the content of the post
		$content = getPostContent("content");

		//Get the visibility of the post
		$visibility = $this->getPostVisibilityLevel("visibility");

		//Act differently depending of the post content
		//For text post
		if($kind === Posts::POST_KIND_TEXT){

			//The post content must be valid
			if(!check_string_before_insert($content))
				Rest_fatal_error(400, "Specified post content invalid !");

		}

		//For image posts
		else if($kind === Posts::POST_KIND_IMAGE){

			//Check if it is a valid file
			if(!check_post_file("image"))
				Rest_fatal_error(400, "An error occured while receiving image !");

			//Generate target file name
			$target_userdata_folder = prepareFileCreation(userID, "imgpost");
			$target_file_path = $target_userdata_folder.generateNewFileName(path_user_data($target_userdata_folder, true), "png");
			$target_file_sys_path = path_user_data($target_file_path, true);

			//Try to resize, convert image and put it in its new location
			if(!reduce_image($_FILES['image']["tmp_name"], $target_file_sys_path, 2000, 2000, "image/png")){
				//Returns error
				Rest_fatal_error(500, "Couldn't resize sent image !");
			}

			//Save image information
			$file_type = "image/png";
			$file_size = filesize($target_file_sys_path);
			$file_path = $target_file_path;
		}

		//For YouTube posts
		else if($kind === Posts::POST_KIND_YOUTUBE){

			//Check if Youtube ID was specified
			if(!isset($_POST['youtube_id']))
				Rest_fatal_error(400, "Please specify the Youtube video ID in your request !");
			$youtube_id = $_POST['youtube_id'];

			//Check the video ID
			if(!check_youtube_id($youtube_id))
				Rest_fatal_error(400, "Specified YouTube video ID is invalid !");
			
			//Save video informations
			$file_path = $youtube_id;
		}


		//For personnal movies posts
		else if($kind === Posts::POST_KIND_MOVIE){

			//Get movie ID
			$movieID = getPostMovieID("movieID");

			//Check if the current user is the owner the movie or not
			if(userID != CS::get()->components->movies->get_owner($movieID))
				Rest_fatal_error(400, "You are not allowed to use this movie in your posts !");
			
			//Save movie informations
			$video_id = $movieID;
		}

		//For weblinks
		else if($kind === Posts::POST_KIND_WEBLINK){

			//Check if we have a valid url
			if(!check_post_url("url"))
				Rest_fatal_error(400, "Invalid URL specified with request !");
			$url = $_POST['url'];

			//Get informations about the webpage
			$page_infos = URLAnalyzer::analyze($url, 15);

			//Save URL informations
			$link_url = $url;
			$link_title = isset($page_infos["title"]) ? $page_infos["title"] : null;
			$link_description = isset($page_infos["description"]) ? $page_infos["description"] : null;
			$link_image = isset($page_infos["image"]) ? $page_infos["image"] : null;
		}

		//For PDFs
		else if($kind === Posts::POST_KIND_PDF){

			//Check if it is a valid file
			if(!check_post_file("pdf"))
				Rest_fatal_error(400, "An error occured while receiving pdf !");

			//Check file type
			if($_FILES['pdf']['type'] != "application/pdf")
				Rest_fatal_error(400, "The file sent is not a PDF !");
			
			//Generate target file name
			$target_userdata_folder = prepareFileCreation(userID, "post_pdf");
			$target_file_path = $target_userdata_folder.generateNewFileName(path_user_data($target_userdata_folder, true), "pdf");
			$target_file_sys_path = path_user_data($target_file_path, true);

			//Try to move the file to its final location
			if(!move_uploaded_file($_FILES["pdf"]["tmp_name"], $target_file_sys_path))
				Rest_fatal_error(500, "Could save the PDF !");

			//Save pdf information
			$file_type = "application/pdf";
			$file_size = filesize($target_file_sys_path);
			$file_path = $target_file_path;
		}

		//For countdown timer
		else if($kind === Posts::POST_KIND_COUNTDOWN){

			//Get end timestamp
			$time_end = getPostTimeStamp("time-end");

		}

		//For survey
		else if($kind === Posts::POST_KIND_SURVEY){

			//Process the question
			if(!isset($_POST['question']))
				Rest_fatal_error(400, "Please specify the question of the survey !");
			$question = $_POST['question'];

			//Check the length of the question
			if(strlen($question) < 5)
				Rest_fatal_error(400, "Please specify a valid question for the survey !");

			//Process the answers
			if(!isset($_POST['answers']))
				Rest_fatal_error(400, "Please specify the ansers of the survey !");
			$str_answers = $_POST["answers"];
			
			//Process the ansers
			$answers = explode("<>", $str_answers);

			//Remove empty questions and make other secure to insert
			foreach($answers as $num=>$val){
				if($val == "" || $val == " ")
					unset($answers[$num]);
				else
					$answers[$num] = removeHTMLnodes($val);
			}

			//Check the minimum number of question is valid
			if(count($answers) < 2)
				Rest_fatal_error(400, "Please specify at least two valid answers for the survey !");

			//Save informations about the survey
			$survey_question = removeHTMLnodes($question);
			$survey_answers = $answers;
		}

		//The content type is not supported
		else {
			Rest_fatal_error(500, "This kind of post is not supported !");
		}

		//Create the post
		$postID = CS::get()->components->posts->create(
			
			//Informations about the kind of page
			$kind_page,
			$kind_page_id,

			//Generic informations about the post
			userID,
			$content,
			$visibility,
			$kind,

			//Specific informations about the post
			//Posts with files
			isset($file_size) ? $file_size : 0,
			isset($file_type) ? $file_type : null,
			isset($file_path) ? $file_path : null,

			//For video post
			isset($video_id) ? $video_id : 0,

			//For countdown post
			isset($time_end) ? $time_end : 0,

			//For weblink posts
			isset($link_url) ? $link_url : null,
			isset($link_title) ? $link_title : null,
			isset($link_description) ? $link_description : null,
			isset($link_image) ? $link_image : null,

			//For survey posts
			isset($survey_question) ? $survey_question : null,
			isset($survey_answers) ? $survey_answers : array()
		);

		//Check for errors
		if($postID < 0)
			Rest_fatal_error(400, "Couldn't create post !");

		//Success
		return array(
			"success" => "The post has been created !",
			"postID" => $postID
		);

	}

	/**
	 * Change the visibility level of a post
	 * 
	 * @url POST /posts/set_visibility_level
	 */
	public function set_visibility_level(){

		user_login_required();
		
		//Get the post ID
		$postID = $this->getFullAccessPostID("postID");
		
		//Get the visibility level
		$new_visibility = $this->getPostVisibilityLevel("new_level");

		//Try to update visibility level
		if(!CS::get()->components->posts->update_level($postID, $new_visibility))
			Rest_fatal_error(500, "Couldn't update visibility level !");

		//Success
		return array("success" => "The visibility level has been updated !");
	}

	/**
	 * Update the content of a post
	 * 
	 * @url POST /posts/update_content
	 */
	public function update_content(){

		user_login_required();
		
		//Get the post ID
		$postID = $this->getFullAccessPostID("postID");

		//Get the post content
		$new_content = getPostContent("new_content");

		//Try to update post content
		if(!components()->posts->update_content($postID, $new_content))
			Rest_fatal_error(500, "An error occured while trying to update post content !");

		//Success
		return array("success" => "The post content has been updated !");
	}

	/**
	 * Delete post
	 * 
	 * @url POST /posts/delete
	 */
	public function delete_post(){

		user_login_required();

		//Get the post ID
		$postID = getPostPostID("postID");

		//Get the user access over the post
		$user_access = CS::get()->components->posts->access_level($postID, userID);

		//Check if the user is allowed to delete the post or not
		if($user_access != Posts::FULL_ACCESS && $user_access != Posts::INTERMEDIATE_ACCESS)
			Rest_fatal_error(401, "You are not allowed to delete this post !");

		//Delete the post
		if(!CS::get()->components->posts->delete($postID))
			Rest_fatal_error(500, "Couldn't delete post!");

		//Success
		return array("success" => "The post has been deleted!");
	}


	/**
	 * Get the visibility level specified in a POST request
	 * 
	 * @param string $name The name of the POST parameter
	 * @return int The visibility level
	 */
	private function getPostVisibilityLevel(string $name) : int {

		if(!isset($_POST[$name]))
			Rest_fatal_error(400, "Please specify the visibility of the post !");
		$api_visibility = $_POST[$name];

		//Get the visibility levels of the API
		$post_visibility = array_flip($this::VISIBILITY_LEVELS_API);

		//Check for the existence of the visibility level
		if(!isset($post_visibility[$api_visibility]))
			Rest_fatal_error(400, "Specified visibility level not recognized !");

		//Return it
		return $post_visibility[$api_visibility];

	}

	/**
	 * This function is called to check if the current user has a full access
	 * other a post specified by its ID in a post request
	 * 
	 * @param string $name The name of the POST parameter
	 * @return int The ID of the POST (an error is thrown if the user can't be
	 * authenticated as post owner)
	 */
	private function getFullAccessPostID(string $name) : int {

		user_login_required();
		
		//Get the post ID
		$postID = getPostPostID($name);

		//Check if the user is allowed to change the visibility level of the post
		if(CS::get()->components->posts->access_level($postID, userID) != Posts::FULL_ACCESS)
			Rest_fatal_error(401, "You do not the full control of this post !");
		
		//Return post id
		return $postID;
	}
}