module Suppliers
  class EmployeesController < Suppliers::ApplicationController

    # GET /employees
    # GET /employees.json
    def index
      @employees = current_supplier.employees
      render json: @employees, each_serializer: Suppliers::EmployeeSerializer
    end

    # GET /employees/1
    # GET /employees/1.json
    def show
      @employee = Employee.find(params[:id])
      render json: @employee, serializer: Suppliers::EmployeeSerializer
    end

    # POST /employees
    # POST /employees.json
    def create
      @employee = Employee.new(employee_params)
      @employee.supplier = current_supplier

      respond_to do |format|
        if @employee.save
          render json: @employee, serializer: Suppliers::EmployeeSerializer, status: :created
        else
          render json: {errors: @employee.errors}, status: :unprocessable_entity
        end
      end
    end

    # PUT /employees/1
    # PUT /employees/1.json
    def update
      @employee = Employee.find(params[:id])
      render json: {}, status: 404 unless @employee.supplier_id == current_supplier.id
      respond_to do |format|
        if @employee.update_attributes(employee_params)
          format.json { head :no_content }
        else
          format.json { render json: {errors: @employee.errors}, status: :unprocessable_entity }
        end
      end
    end

    # DELETE /employees/1
    # DELETE /employees/1.json
    def destroy
      @employee = Employee.find(params[:id])
      render json: {}, status: :forbidden unless @employee.supplier_id == current_supplier.id
      @employee.destroy

      respond_to do |format|
        format.json { head :no_content }
      end
    end

    private

    def employee_params
      params.require(:employee).permit(:name, :email)
    end
  end
end