module Suppliers
  class EmployeesController < Suppliers::ApplicationController
    after_authentication only: [:show, :update, :destroy] do
      @employee = current_supplier.get_employee params[:id]
      render json: {}, status: 404 unless @employee.present?
    end
    # GET /employees
    # GET /employees.json
    def index
      @employees = current_supplier.employees
      render json: @employees, each_serializer: Suppliers::EmployeeSerializer
    end

    # GET /employees/1
    # GET /employees/1.json
    def show
      render json: @employee, serializer: Suppliers::EmployeeSerializer
    end

    # POST /employees
    # POST /employees.json
    def create
      @employee = Employee.find_by_email(employee_params[:email]) if employee_params[:email].present?

      if @employee.save
        current_supplier.add_employee @employee unless current_supplier.employee_ids.include? @employee.id # already linked
        render json: @employee, serializer: Suppliers::EmployeeSerializer, status: :created
      else
        render json: {errors: @employee.errors}, status: :unprocessable_entity
      end
    end

    # PUT /employees/1
    # PUT /employees/1.json
    def update
      #current_supplier.settings_for(@employee).update!(employee_params)
      respond_to do |format|
        if @employee.update_attributes(employee_params)
          format.json { head :no_content }
        else
          format.json { render json: {errors: @employee.errors}, status: :unprocessable_entity }
        end
      end
    end

    # DELETE /employees/1
    # DELETE /employees/1.json
    def destroy
      head :forbidden and return if @employee == current_employee # do not remove self at the moment
      current_supplier.remove_employee @employee

      respond_to do |format|
        format.json { head :no_content }
      end
    end

    private

    def employee_params
      params.require(:employee).permit(:name, :email, :active, :manager, :color)
    end
  end
end