class V1::UsersController < ApplicationController
  include ::FollowableController
  include ::DeletedObjectsController
  include ::Paginator
  include ::PublisherController
	include ::SubjectableController

  before_action :set_user, only: [:show, :update, :destroy, :following, :own_reviews, :received_reviews, :followers]
  before_action :authenticate_user!, only: [:create, :update, :destroy, :following, :own_reviews, :received_reviews, :followers]
  before_action :authorize_user, only: [:own_reviews, :received_reviews, :update, :destroy]

  # GET /v1/users
  # GET /v1/users.json
  def index
    users = paginate User
    render json: users
  end

  # GET /v1/users/1
  # GET /v1/users/1.json
  def show
    render json: @user
  end

  # POST /v1/users
  # POST /v1/users.json
  def create
    user = User.new(user_params)
    authorize user

    if user.save
      render json: user, status: :created
    else
      render json: user.errors, status: :unprocessable_entity
    end
  end

  # PUT/PATCH /v1/users/1
  # PUT/PATCH /v1/users/1.json
  def update
    if user_params[:role_ids].blank? || current_user.is_admin?
      if @user.update(user_params)
        user_associations(@user)

        render json: @user, status: :ok
      else
        render json: @user.errors, status: :unprocessable_entity
      end
    else
      render status: :forbidden
    end
  end

  # DELETE /v1/users/1
  # DELETE /v1/users/1.json
  def destroy
    @user.destroy
    render status: :ok
  end

  def following
    type = params[:object_type]
    is_current = (@user.id == current_user.id) unless current_user.nil?
    return render status: :bad_request unless type.in? %w(User Collection)
    w = @user.following(type, is_current)
    render json: w, root: 'follows', status: :ok
  end

  def own_reviews
    render json: @user.own_reviews
  end

  def received_reviews
    render json: @user.received_reviews
  end

  def followers
    render json: @user.followers
  end

  private

  def deleted_resource
    User
  end

  def followable
    set_user
  end

  def authorize_user
    authorize @user
  end

  def set_user
    @user = User.find(params[:id])
  end

  # Never trust parameters from the scary internet, only allow the white list through.
  def user_params
    params.require(:user).permit(
      :name,
      :email,
      :description,
      :education,
      :password,
      :password_confirmation,
      :terms_of_service,
      :avatar,
      :cover,
      role_ids: []
    )
  end

  def association_params
    return {} if params[:user].nil?
    params[:user].permit(subjects: [])
  end

  def user_associations(user)
    user.add_subjects(ids: association_params[:subjects]) unless association_params[:subjects].nil?
  end

end