(function () {
    'use strict';

    angular.module('soter')
        .constant('AUTH_EVENTS', {
            loginSuccess: 'auth-login-success',
            loginFailed: 'auth-login-failed',
            logoutSuccess: 'auth-logout-success',
            sessionTimeout: 'auth-session-timeout',
            notAuthenticated: 'auth-not-authenticated',
            notAuthorized: 'auth-not-authorized'
        })
        .factory('AuthService', ['$http', 'Session', AuthService]);
    function AuthService($http, Session) {
        var authService = {};

        authService.login = function (credentials) {
            return $http
                .post('/v1/login', credentials)
                .success(function (data) {
                    Session.create(0, data.id, data.name, data.permissions);
                    return data;
                });
        };

        authService.logout = function () {
            return $http
                .post('/logout')
                .success(function (res) {
                    Session.destroy();
                });
        };

        authService.isAuthenticated = function () {
            return !!Session.userId;
        };

        authService.isAuthorized = function (permission) {
            return (authService.isAuthenticated() && Session.permissions.indexOf(permission) !== -1);
        };

        return authService;
    }

})();