package arn

import (
	"errors"

	"github.com/aerogo/aero"
)

// AuthorizeIfLoggedInAndOwnData authorizes the given request if a user is logged in
// and the user ID matches the ID in the request.
func AuthorizeIfLoggedInAndOwnData(ctx aero.Context, userIDParameterName string) error {
	err := AuthorizeIfLoggedIn(ctx)

	if err != nil {
		return err
	}

	userID := ctx.Session().Get("userId").(string)

	if userID != ctx.Get(userIDParameterName) {
		return errors.New("Can not modify data from other users")
	}

	return nil
}

// AuthorizeIfLoggedIn authorizes the given request if a user is logged in.
func AuthorizeIfLoggedIn(ctx aero.Context) error {
	if !ctx.HasSession() {
		return errors.New("Neither logged in nor in session")
	}

	userID, ok := ctx.Session().Get("userId").(string)

	if !ok || userID == "" {
		return errors.New("Not logged in")
	}

	return nil
}