class ApplicationController < ActionController::Base
  protect_from_forgery

  after_action :set_content_type_to_xhtml, :tidy_response_body
  helper_method :logged_in?, :current_user
  helper_method :authorized_to_show_user?, :authorized_to_show_user_best?

  protected
  def logged_in?
    !!session[:user_id]
  end

  def current_user
    @_current_user ||= begin
      if logged_in?
        User.find(session[:user_id])
      else
        nil
      end
    end
  end

  def authorized_to_show_user?(user)
    !user.protected? || (logged_in? && current_user.permitted_to_see?(user))
  end

  def authorized_to_show_user_best?(user)
    (!user.private? || current_user == user) && authorized_to_show_user?(user)
  end

  def authorize_to_show_user!(user)
    authorized_to_show_user?(user) || raise(Aclog::Exceptions::UserProtected, user)
  end

  def authorize_to_show_user_best!(user)
    authorized_to_show_user_best?(user) || raise(Aclog::Exceptions::AccountPrivate, user)
  end

  private
  def set_content_type_to_xhtml
    if request.format == :html
      response.content_type = "application/xhtml+xml"
    end
  end

  def tidy_response_body
    if [:html, :xml, :rss, :atom].any? {|s| request.format == s }
      response.body = ActiveSupport::Multibyte::Unicode.tidy_bytes(response.body)
    end
  end
end