class Api::V1::TaskListsController < Api::V1::BaseController
  CANNOT_MANAGE = "You do not have permission to manage this task list."
  NOT_FOUND = "The task list could not be found."

  before_filter :get_task_list
  before_filter :check_task_list_permission, except: :show

  def show
  end

  private
    def get_task_list
      @task_list = TaskList.find_by_id(params[:id])
      if @task_list.nil?
        render json: { errors: [NOT_FOUND] }, status: 404 and return
      end
    end

    def check_task_list_permission
      if cannot? :manage, Bike and @task_list.item != current_user.bike
        render json: { errors: [CANNOT_MANAGE]}, status: 403 and return
      end
    end
end