class Api::CertsController < ApiController

  before_filter :require_login, :unless => :anonymous_access_allowed?
  before_filter :require_enabled

  # GET /cert
  # deprecated - we actually create a new cert and that can
  # be reflected in the action. GET /cert will eventually go
  # away and be replaced by POST /cert
  def show
    create
  end

  # POST /cert
  def create
    @cert = ClientCertificate.new(:prefix => service_level.cert_prefix)
    render text: @cert.to_s, content_type: 'text/plain'
  end

  protected

  def require_enabled
    if !current_user.is_anonymous? && !current_user.enabled?
      access_denied
    end
  end

  def service_level
    current_user.effective_service_level
  end
end