class <%= config[:class_name] %> < Eucalypt::Controller(route: '<%= config[:route] %>')
  helpers <%= config[:helper_class_name] %> if defined? <%= config[:helper_class_name] %>

  # You can use the following authentication helper methods in your views:
  # `current_user` - The User model object for the current user.
  # `authenticated?` (alias `logged_in?`) - Whether or not a user is logged in.

  # You can also use authorization helpers in your views.
  # These are useful for conditional displays to users with the correct permissions.
  # - e.g. Showing a form for editing <%= config[:resources] %>
  <% if config[:headless] %>
  # Authorization helpers are used in the following way (if using headless policies):
  # - `authorized?(:<%= config[:resource] %>, :read?)`
  # - `authorized?(:<%= config[:resource] %>, :add?)`
  # - `authorized?(:<%= config[:resource] %>, :edit?)`
  # - `authorized?(:<%= config[:resource] %>, :delete?)`
  <% else %>
  # Authorization helpers are used in the following way:
  # - `authorized?(<%= config[:constant] %>, :read?)`
  # - `authorized?(<%= config[:constant] %>, :add?)`
  # - `authorized?(<%= config[:constant] %>, :edit?)`
  # - `authorized?(<%= config[:constant] %>, :delete?)`
  <% end %>
  # GET - Browse
  get '/' do
    # NOTE: To skip browse permission checks, comment out the `authenticate` and `authorize` lines.
    authenticate
    authorize <%= config[:constant] %>, :read?
    @<%= config[:resources] %> = <%= config[:constant] %>.all
    # Render the <%= config[:resources] %> as JSON, or create a view
    content_type :json
    @<%= config[:resources] %>.to_json
  rescue Pundit::NotAuthorizedError
    status 401 # Unauthorized
    redirect '/'
  end

  # GET - Read
  get '/:id' do |id|
    # NOTE: To skip read permission checks, comment out the `authenticate` and `authorize` lines.
    authenticate
    @<%= config[:resource] %> = <%= config[:constant] %>.find id
    authorize @<%= config[:resource] %>, :read?
    # Render the <%= config[:resource] %> as JSON, or create a view
    content_type :json
    @<%= config[:resource] %>.to_json
  rescue ActiveRecord::RecordNotFound
    status 404 # Resource not found
    redirect to '/'
  rescue Pundit::NotAuthorizedError
    status 401 # Unauthorized
    redirect to '/'
  end

  # POST - Edit
  post '/:id/edit' do |id|
    authenticate
    <%= config[:resource] %> = <%= config[:constant] %>.find id
    authorize <%= config[:resource] %>, :edit?
    <%= config[:resource] %>.update! params['<%= config[:resource] %>']
    redirect to "/#{id}"
  rescue ActiveRecord::RecordNotFound
    status 404 # Resource not found
    redirect to "/#{id}"
  rescue Pundit::NotAuthorizedError
    status 401 # Unauthorized
    redirect to '/'
  end

  # POST - Add
  post '/' do
    authenticate
    <%= config[:resource] %> = <%= config[:constant] %>.new params['<%= config[:resource] %>']
    authorize <%= config[:resource] %>, :add?
    <%= config[:resource] %>.save!
    redirect to "/#{<%= config[:resource] %>.id}"
  rescue Pundit::NotAuthorizedError
    status 401 # Unauthorized
    redirect to '/'
  end

  # POST - Delete
  post '/:id/delete' do |id|
    authenticate
    <%= config[:resource] %> = <%= config[:constant] %>.find id
    authorize <%= config[:resource] %>, :delete?
    <%= config[:resource] %>.destroy!
    redirect to '/'
  rescue ActiveRecord::RecordNotFound
    status 404 # Resource not found
    redirect to "/#{id}"
  rescue Pundit::NotAuthorizedError
    status 401 # Unauthorized
    redirect to '/'
  end
end