module Api
  module V0
    class PlansController < Api::V0::BaseController
      before_action :authenticate

      ##
      # Creates a new plan based on the information passed in JSON to the API
      def create
        @template = Template.live(params[:template_id])
        raise Pundit::NotAuthorizedError unless Api::V0::PlansPolicy.new(@user, @template).create?

        plan_user = User.find_by(email: params[:plan][:email])
        # ensure user exists
        if plan_user.blank?
          User.invite!({email: params[:plan][:email]}, ( @user))
          plan_user = User.find_by(email: params[:plan][:email])
          plan_user.org = @user.org
          plan_user.save
        end
        # ensure user's organisation is the same as api user's 
        raise Pundit::NotAuthorizedError, _("user must be in your organisation") unless plan_user.org == @user.org

        # initialize the plan
        @plan = Plan.new
        @plan.principal_investigator = plan_user.surname.blank? ? nil : "#{plan_user.firstname} #{plan_user.surname}"
        @plan.data_contact = plan_user.email
        # set funder name to template's org, or original template's org
        if @template.customization_of.nil?
          @plan.funder_name = @template.org.name
        else
          @plan.funder_name = Template.where(family_id: @template.customization_of).first.org.name
        end
        @plan.template = @template
        @plan.title = params[:plan][:title]
        if @plan.save
          @plan.assign_creator(plan_user)
          respond_with @plan
        else
          # the plan did not save 
          self.headers['WWW-Authenticate'] = "Token realm=\"\""
          render json: _("Bad Parameters"), status: 400
        end
      end


    end
  end
end