require_dependency "<%= module_snake %>/api/v<%= api_version %>/application_controller"
require 'authorization'

module <%= module_camel %>
  class Api::V<%= api_version %>::<%= resource_camel.pluralize %>Controller < Api::V<%= api_version %>::ApplicationController
    before_action :set_<%= resource_singular %>, only: [:show, :update, :destroy]
    before_action :index_authorize, only: [:index]
    before_action :show_authorize, only: [:show]
    before_action :create_authorize, only: [:create]
    before_action :update_authorize, only: [:update]
    before_action :destroy_authorize, only: [:destroy]

		# GET /api/<%= api_version %>/<%= resource_plural %>
    def index
      @<%= resource_plural %> = ::<%= module_camel %>::V<%= api_version %>::<%= resource_camel %>.all
      render json: @<%= resource_plural %>
    end

    # GET /api/<%= api_version %>/<%= resource_plural %>/1
    def show
    	render json: @<%= resource_singular %>
    end

    # POST /api/<%= api_version %>/<%= resource_plural %>
    def create
      @<%= resource_singular %> = ::<%= module_camel %>::V<%= api_version %>::<%= resource_camel %>.new(<%= resource_singular %>_params)
      if @<%= resource_singular %>.save
        render json: @<%= resource_singular %>
      else
        render :json => {errors: @<%= resource_singular %>.errors.full_messages}, status: :unprocessable_entity
      end
    end

    # PATCH/PUT /api/<%= api_version %>/<%= resource_plural %>/1
    def update
    	if @<%= resource_singular %>.update(<%= resource_singular %>_params)
        render json: @<%= resource_singular %>
      else
        render :json => {errors: @<%= resource_singular %>.errors.full_messages}, status: :unprocessable_entity
      end
    end

    # DELETE /api/<%= api_version %>/<%= resource_plural %>/1
    def destroy
      @<%= resource_singular %>.destroy
      render json: {}
    end

    private

      # Use callbacks to share common setup or constraints between actions.

      def set_<%= resource_singular %>
        @<%= resource_singular %> = ::<%= module_camel %>::V<%= api_version %>::<%= resource_camel %>.find_by_id(params[:id])
        if @<%= resource_singular %>.nil?
          render :json => {errors: "<%= resource_camel %> was not found"}, status: :not_found
        end
      end

      # Only allow a trusted parameter "white list" through.

      def <%= resource_singular %>_params
        params.require(:<%= resource_singular %>).permit(<%= params_list %>)
      end

      # Authorizations below here

      def index_authorize
        if !::Authorization::<%= module_camel %>::V<%= api_version %>::<%= resource_camel %>.index?(current_user)
          render :json => {errors: "User is not authorized for this action"}, status: :forbidden
        end
      end

      def show_authorize
        if !::Authorization::<%= module_camel %>::V<%= api_version %>::<%= resource_camel %>.show?(@<%= resource_singular %>,current_user)
          render :json => {errors: "User is not authorized for this action"}, status: :forbidden
        end
      end

      def create_authorize
        if !::Authorization::<%= module_camel %>::V<%= api_version %>::<%= resource_camel %>.create?(current_user)
          render :json => {errors: "User is not authorized for this action"}, status: :forbidden
        end
      end

      def update_authorize
        if !::Authorization::<%= module_camel %>::V<%= api_version %>::<%= resource_camel %>.update?(@<%= resource_singular %>,current_user)
          render :json => {errors: "User is not authorized for this action"}, status: :forbidden
        end
      end

      def destroy_authorize
        if !::Authorization::<%= module_camel %>::V<%= api_version %>::<%= resource_camel %>.destroy?(@<%= resource_singular %>,current_user)
          render :json => {errors: "User is not authorized for this action"}, status: :forbidden
        end
      end
  end
end