class API::V1::<%= resource.pluralize %>Controller < APIController
<% if allowed_fields_provided? %>allow_query_on <%= allowed_fields %><% end %>
after_action :verify_authorized, :except => :index

# GET /api/v1/<%= resource.pluralize.underscore %>
  def index
    @<%= resource.pluralize.underscore %> = <%= resource.camelize %>.all
    authorize @<%= resource.pluralize.underscore %>
    respond_with(@<%= resource.pluralize.underscore %>)
  end

  def create
    authorize <%= resource.camelize %>, :create?
    @<%= resource.underscore %> = <%= resource.camelize %>.new(resource_params)
<% fields.each do |name, type| %><% if type == "has_many" %>
    <%= name.underscore %> = <%= name.singularize.camelize %>.where({:id => params[:<%= resource.underscore %>][:<%= name %>]})
    @<%= resource.underscore %>.<%= name.underscore %> = <%= name.underscore %><% end %><% end %>
    if @<%= resource.underscore %>.save
      respond_with(@<%= resource.underscore %>)
    else
      respond_to do |format|
        format.json { render :json => {:fields => @<%= resource.underscore %>.errors}, :status => :unprocessable_entity }
      end
    end
  end

  def show
    @<%= resource.underscore %> = <%= resource.camelize %>.find(params[:id])
    authorize @<%= resource.underscore %>
    respond_with(@<%= resource.underscore %>)
  end

  def update
    @<%= resource.underscore %> = <%= resource.camelize %>.find(params[:id])
    authorize @<%= resource.underscore %>, :update?
  <% fields.each do |name, type| %><% if type == "has_many" %>
    <%= name.underscore %> = <%= name.singularize.camelize %>.where({:id => params[:<%= resource.underscore %>][:<%= name %>]})
    @<%= resource.underscore %>.<%= name.underscore %> = <%= name.underscore %><% end %><% end %>

    if @<%= resource.underscore %>.update(resource_params)
      respond_with(@<%= resource.underscore %>)
    else
      respond_to do |format|
         format.json { render :json => {:fields => @<%= resource.underscore %>.errors}, :status => :unprocessable_entity }
      end
    end
  end

  def destroy
    ids = params[:id].split(",")
    @<%= resource.pluralize.underscore %> = <%= resource.camelize%>.where(:id => ids)

    authorize @<%= resource.pluralize.underscore %>
    @<%= resource.pluralize.underscore %>.destroy_all
  end

  def resource_params
    params.require(:<%= resource.underscore %>).permit(:id<%= fields_as_params(:relations => true) %>)
  end
end