module Users
  class OrdersController < Users::ApplicationController
    respond_to :json

    # /nested resource
    def index
      render json: {}, status: :not_found and return unless params[:list_id].present?
      @list = List.find(params[:list_id])
      render json: {}, status: :not_found and return unless @list.present? && Array.wrap(@list.user_ids).include?(current_user.id)
      orders = @list.orders.include_relation(:product_orders)
      render json: JSONAPI::Serializer.serialize(orders, serializer: Users::OrderSerializer, include: %w[list product_orders product_orders.order], is_collection: true)
    end

    # Used by the user Ember app
    # POST /user/orders
    def create
      # render json: {}, status: :unprocessable_entity and return unless params[:order].present? && params[:order][:product_orders].present?
      if list = current_user.active_list
        render json: {}, status: :not_acceptable and return unless list.supplier.open?
      else
        #TODO: More logic about creating a new list!!!!!, usercontroller table_info should become irrelevant
        #NOTE: security bug here!!!!!!
        # - supplier.open?
        # - etc....
        render json: {}, status: :unprocessable_entity and return unless params[:table_id].present?
        table = Table.find(params[:table_id])
        render json: {}, status: :not_acceptable and return unless table.supplier.open?

        if table.occupied?
          #render json: json_alert('messages.table_is_occupied', location: :join_occupied_table, location_params: {table_id: @table.id})
          render json: {}, status: :not_acceptable and return
        end

        list = List.from_table( table, current_user )
      end
      order = list.place_order product_orders: params[:product_orders], user: current_user
      render json: order, serializer: Users::OrderSerializer
      #render nothing: true
    end
  end
end