# frozen_string_literal: true
class MessagesController < ApplicationController
  before_action :require_user, except: [:show]
  after_action :verify_authorized

  # GET /messages/1.json
  def show
    @message = Message.find(params[:id])
    authorize @message

    respond_to do |format|
      format.json { render json: @message }
    end
  end

  # POST /messages
  # POST /messages.json
  def create
    @message = Message.new(message_params)
    @message.user = current_user
    authorize @message

    respond_to do |format|
      if @message.save
        format.json { render json: @message, status: :created, location: messages_url }
      else
        format.json { render json: @message.errors, status: :unprocessable_entity }
      end
    end
  end

  # PUT /messages/1
  # PUT /messages/1.json
  def update
    @message = Message.find(params[:id])
    authorize @message

    respond_to do |format|
      if @message.update_attributes(message_params)
        format.json { head :no_content }
      else
        format.json { render json: @message.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /messages/1
  # DELETE /messages/1.json
  def destroy
    @message = Message.find(params[:id])
    authorize @message

    @message.destroy

    respond_to do |format|
      format.json { head :no_content }
    end
  end

  private

  # Never trust parameters from the scary internet, only allow the white list through.
  def message_params
    # params.require(:message).permit(:id, :resource_id, :message)
    params.permit(:id, :resource_id, :resource_type, :message)
  end
end