class Internal::Controller < ActionController::API
  include ResponseMethods
  include ApplicationHelper

  before_action :authenticate_session!
  before_action :require_admin!

  private
    def authenticate_session!
      return if validate_api_key && session.authenticated?

      render_error :forbidden, errors: 'Not Authenticated'
    end

    def require_admin!
      return if current_user.level?

      render_error :forbidden, errors: 'Not Authenticated'
    end

    def session
      @session ||= Session.find_by(id: params[:session_id])
    end

    def current_user
      @current_user ||= session.user
    end

    def current_school
      @current_school ||= session.school
    end

    def validate_api_key
      request.headers['key'] == Rails.application.secrets.internal_api_key
    end
end