scinote-web/app/controllers/api/v1/projects_controller.rb

# frozen_string_literal: true

module Api
  module V1
    class ProjectsController < BaseController
      before_action :load_team
      before_action only: :show do
        load_project(:id)
      end
      before_action :load_project, only: :activities
      before_action :load_project_for_managing, only: %i(update)

      def index
        projects = @team.projects
                        .visible_to(current_user, @team)
                        .page(params.dig(:page, :number))
                        .per(params.dig(:page, :size))

        render jsonapi: projects, each_serializer: ProjectSerializer, include: include_params
      end

      def show
        render jsonapi: @project, serializer: ProjectSerializer, include: include_params
      end

      def create
        raise PermissionError.new(Project, :create) unless can_create_projects?(@team)

        project = @team.projects.build(project_params.merge!(created_by: current_user))

        if project.visible? # set default viewer role for public projects
          project.default_public_user_role = UserRole.predefined.find_by(name: I18n.t('user_roles.predefined.viewer'))
        end

        project.save!

        render jsonapi: project, serializer: ProjectSerializer, status: :created
      end

      def update
        @project.assign_attributes(project_params)

        return render body: nil, status: :no_content unless @project.changed?

        if @project.archived_changed?
          if @project.archived?
            @project.archived_by = current_user
          else
            @project.restored_by = current_user
          end
        end
        @project.last_modified_by = current_user
        @project.save!
        render jsonapi: @project, serializer: ProjectSerializer, status: :ok
      end

      def activities
        activities = @project.activities
                             .page(params.dig(:page, :number))
                             .per(params.dig(:page, :size))
        render jsonapi: activities,
               each_serializer: ActivitySerializer
      end

      private

      def project_params
        raise TypeError unless params.require(:data).require(:type) == 'projects'

        params.require(:data).require(:attributes).permit(:name, :visibility, :archived, :project_folder_id)
      end

      def permitted_includes
        %w(comments)
      end

      def load_project_for_managing
        @project = @team.projects.find(params.require(:id))
        raise PermissionError.new(Project, :manage) unless can_manage_project?(@project)
      end
    end
  end
end