<?php

namespace SilverStripe\Control\Tests\HTTPCacheControlIntegrationTest;

use SilverStripe\Control\Controller;
use SilverStripe\Control\Middleware\HTTPCacheControlMiddleware;
use SilverStripe\Dev\TestOnly;
use SilverStripe\Forms\FieldList;
use SilverStripe\Forms\Form;
use SilverStripe\Forms\FormAction;
use SilverStripe\Forms\TextField;
use SilverStripe\Security\Permission;
use SilverStripe\Security\SecurityToken;

class SessionController extends Controller implements TestOnly
{
    private static $url_segment = 'HTTPCacheControlIntegrationTest_SessionController';

    private static $allowed_actions = [
        'showform',
        'privateaction',
        'publicaction',
        'showpublicform',
        'Form',
    ];

    protected function init()
    {
        parent::init();
        // Prefer public by default
        HTTPCacheControlMiddleware::singleton()->publicCache();
    }

    public function getContent()
    {
        return '<p>Hello world</p>';
    }

    public function showform()
    {
        // Form should be set to private due to CSRF
        SecurityToken::enable();
        return $this->renderWith('BlankPage');
    }

    public function showpublicform()
    {
        // Public form doesn't use CSRF and thus no session usage
        SecurityToken::disable();
        return $this->renderWith('BlankPage');
    }

    /**
     * @return string
     * @throws \SilverStripe\Control\HTTPResponse_Exception
     */
    public function privateaction()
    {
        if (!Permission::check('ANYCODE')) {
            $this->httpError(403, 'Not allowed');
        }
        return 'ok';
    }

    public function publicaction()
    {
        return 'Hello!';
    }

    public function Form()
    {
        $form = new Form(
            $this,
            'Form',
            new FieldList(new TextField('Name')),
            new FieldList(new FormAction('submit', 'Submit'))
        );
        $form->setFormMethod('GET');
        return $form;
    }
}