require_dependency "api/v<%= api_version %>/application_controller"
require 'authorization'

class Api::V<%= api_version %>::<%= HorsePower.get_camel_plural(resource_name) %>Controller < Api::V<%= api_version %>::ApplicationController
  before_action :set_<%= HorsePower.get_singular(resource_name) %>, only: [:show, :update, :destroy]
  before_action :index_authorize, only: [:index]
  before_action :show_authorize, only: [:show]
  before_action :create_authorize, only: [:create]
  before_action :update_authorize, only: [:update]
  before_action :destroy_authorize, only: [:destroy]

	# GET /api/<%= api_version %>/<%= HorsePower.get_plural(resource_name) %>
  def index
    @<%= HorsePower.get_plural(resource_name) %> = ::<%= HorsePower.get_camel(resource_name) %>.all
    render json: @<%= HorsePower.get_plural(resource_name) %>, each_serializer: ::V<%= api_version %>::<%= HorsePower.get_camel(resource_name) %>Serializer
  end

  # GET /api/<%= api_version %>/<%= HorsePower.get_plural(resource_name) %>/1
  def show
  	render json: @<%= HorsePower.get_singular(resource_name) %>, serializer: ::V<%= api_version %>::<%= HorsePower.get_camel(resource_name) %>Serializer
  end

  # POST /api/<%= api_version %>/<%= HorsePower.get_plural(resource_name) %>
  def create
    @<%= HorsePower.get_singular(resource_name) %> = ::<%= HorsePower.get_camel(resource_name) %>.new(<%= HorsePower.get_singular(resource_name) %>_params)
    if @<%= HorsePower.get_singular(resource_name) %>.save
      render json: @<%= HorsePower.get_singular(resource_name) %>, serializer: ::V<%= api_version %>::<%= HorsePower.get_camel(resource_name) %>Serializer
    else
      render :json => {errors: @<%= HorsePower.get_singular(resource_name) %>.errors.full_messages}, status: :unprocessable_entity
    end
  end

  # PATCH/PUT /api/<%= api_version %>/<%= HorsePower.get_plural(resource_name) %>/1
  def update
  	if @<%= HorsePower.get_singular(resource_name) %>.update(<%= HorsePower.get_singular(resource_name) %>_params)
      render json: @<%= HorsePower.get_singular(resource_name) %>, serializer: ::V<%= api_version %>::<%= HorsePower.get_camel(resource_name) %>Serializer
    else
      render :json => {errors: @<%= HorsePower.get_singular(resource_name) %>.errors.full_messages}, status: :unprocessable_entity
    end
  end

  # DELETE /api/<%= api_version %>/<%= HorsePower.get_plural(resource_name) %>/1
  def destroy
    @<%= HorsePower.get_singular(resource_name) %>.destroy
    render json: {}
  end

  private

    # Use callbacks to share common setup or constraints between actions.

    def set_<%= HorsePower.get_singular(resource_name) %>
      @<%= HorsePower.get_singular(resource_name) %> = ::<%= HorsePower.get_camel(resource_name) %>.find_by_id(params[:id])
      if @<%= HorsePower.get_singular(resource_name) %>.nil?
        render :json => {errors: "<%= HorsePower.get_camel(resource_name) %> was not found"}, status: :not_found
      end
    end

    # Only allow a trusted parameter "white list" through.

    def <%= HorsePower.get_singular(resource_name) %>_params
      params.require(:<%= HorsePower.get_singular(resource_name) %>).permit(<%= HorsePower.params_list(attributes) %>)
    end

    # Authorizations below here

    def index_authorize
      if !::Authorization::V<%= api_version %>::<%= HorsePower.get_camel(resource_name) %>.index?(current_user)
        render :json => {errors: "User is not authorized for this action"}, status: :forbidden
      end
    end

    def show_authorize
      if !::Authorization::V<%= api_version %>::<%= HorsePower.get_camel(resource_name) %>.show?(@<%= HorsePower.get_singular(resource_name) %>,current_user)
        render :json => {errors: "User is not authorized for this action"}, status: :forbidden
      end
    end

    def create_authorize
      if !::Authorization::V<%= api_version %>::<%= HorsePower.get_camel(resource_name) %>.create?(<%= HorsePower.get_singular(resource_name) %>_params,current_user)
        render :json => {errors: "User is not authorized for this action"}, status: :forbidden
      end
    end

    def update_authorize
      if !::Authorization::V<%= api_version %>::<%= HorsePower.get_camel(resource_name) %>.update?(@<%= HorsePower.get_singular(resource_name) %>,<%= HorsePower.get_singular(resource_name) %>_params,current_user)
        render :json => {errors: "User is not authorized for this action"}, status: :forbidden
      end
    end

    def destroy_authorize
      if !::Authorization::V<%= api_version %>::<%= HorsePower.get_camel(resource_name) %>.destroy?(@<%= HorsePower.get_singular(resource_name) %>,current_user)
        render :json => {errors: "User is not authorized for this action"}, status: :forbidden
      end
    end
end