class V1::ReviewsController < ApplicationController
  before_action :set_review, only: [:destroy, :rate]
  before_action :authenticate_user!, only: [:create, :rate, :destroy]

  # GET /v1/learning_objects/1/reviews
  # GET /v1/learning_objects/1/reviews.json
  def index
    render json: Review.where(reviewable: reviewable)
  end

  # POST /v1/learning_objects/1/reviews
  # POST /v1/learning_objects/1/reviews.json
  def create
    review = Review.new(review_params.merge(user: current_user))

    if review.save
      render json: review, status: :created
    else
      render json: review.errors, status: :unprocessable_entity
    end
  end

  # DELETE /v1/learning_objects/1/reviews/2
  # DELETE /v1/learning_objects/1/reviews/2.json
  def destroy
    @review.destroy
    render nothing: true, status: :ok
  end

  # User can rate the review to approve or not
  # POST /v1/learning_objects/1/reviews/2/rate
  # POST /v1/learning_objects/1/reviews/2/rate.json
  def rate
    approves = 'true' == params[:approves] ? true : false
    rate = Rate.where(user: current_user, review: @review).first_or_initialize

    if rate.update(approves: approves)
      render json: rate, status: :ok
    else
      render json: rate.errors, status: :unprocessable_entity
    end
  end

  protected

  # Never trust parameters from the scary internet, only allow the white list through.
  def review_params
    params.require(:review).permit(:name, :description, :pros, :cons, :reviewable_id, :reviewable_type)
  end

  def set_review
    @review ||= Review.find(params[:id])
  end

end