from django.http import HttpResponseForbidden
from django.shortcuts import redirect
from django.views.decorators.http import require_POST

from symposion.boxes.authorization import load_can_edit
from symposion.boxes.forms import BoxForm
from symposion.boxes.models import Box


# @@@ problem with this is that the box_edit.html and box_create.html won't have domain objects in context
def get_auth_vars(request):
    auth_vars = {}
    if request.method == "POST":
        keys = [k for k in request.POST.keys() if k.startswith("boxes_auth_")]
        for key in keys:
            auth_vars[key.replace("boxes_auth_", "")] = request.POST.get(key)
        auth_vars["user"] = request.user
    return auth_vars


@require_POST
def box_edit(request, label):
    
    if not load_can_edit()(request, **get_auth_vars(request)):
        return HttpResponseForbidden()
    
    next = request.GET.get("next")
    
    try:
        box = Box.objects.get(label=label)
    except Box.DoesNotExist:
        box = None
    
    form = BoxForm(request.POST, instance=box, prefix=label)

    if form.is_valid():
        if box is None:
            box = form.save(commit=False)
            box.label = label
            box.created_by = request.user
            box.last_updated_by = request.user
            box.save()
        else:
            form.save()
        return redirect(next)