class API::RestfulController < ActionController::Base
  include Pundit
  include PunditExtra

  snorlax_used_rest!

  load_and_authorize_resource only: [:show, :update, :destroy]

  def create
    instantiate_resource
    resource.user = current_user
    authorize resource
    create_action
    respond_with_resource
  end

  private

  def resource_serializer
    "new_#{resource_name}_serializer".camelize.constantize
  end

  def accessible_records
    if current_user
      visible_records
    else
      public_records
    end
  end

  def current_user
    super || token_user || doorkeeper_user || nil
  end

  def token_user
    token = params[:access_token]
    access_token = Token.find_by_token(token)
    @token_user ||= access_token.user if access_token
  end

  def doorkeeper_user
    return unless doorkeeper_token.present?
    doorkeeper_render_error unless valid_doorkeeper_token?
    @doorkeeper_user ||= User.find(doorkeeper_token.resource_owner_id)
  end

  def permitted_params
    @permitted_params ||= PermittedParams.new(params)
  end
end