class Api::V1::TasksController < Api::V1::BaseController
  EXPECTED_TASKS = "Expected a list of tasks in submitted data."
  CANNOT_MANAGE = "You do not have permission to manage this task."
  NOT_FOUND = "The task could not be found."

  before_filter :validate_params
  before_filter :get_tasks
  before_filter :check_task_permission, except: :show

  def update
    errors = []
    @tasks.each do |task_hash|
      task = task_hash[:record]
      attrs = task_hash[:new_attributes]
      task.update_attributes(attrs)
      if !task.errors.empty?
        errors << { id: task.id, errors: task.errors }
      end
    end

    if !errors.empty?
      render json: { errors: errors }, status: 422 and return
    end
  end

  private
    def validate_params
      if params[:tasks].nil? and not params[:tasks].kind_of?(Array)
        render json: { errors: [EXPECTED_TASKS]}, status: 422 and return
      end
    end

    def get_tasks
      @tasks = []
      errors = []

      params[:tasks].each do |task|
        t = Task.find_by_id(task[:id])
        if t.nil?
          errors << { id: task[:id], error: NOT_FOUND }
        else
          @tasks << { record: t, new_attributes: task }
        end
      end

      if !errors.empty?
          render json: { errors: errors }, status: 404 and return
      end
    end

    def check_task_permission
      errors = []
      @tasks.each do |task_hash|
        task = task_hash[:record]
        if task.task_list.item != current_user.bike
          errors << { id: task[:id], error: CANNOT_MANAGE }
        end
      end

      if cannot? :manage, Bike and !errors.empty?
        render json: { errors: errors}, status: 403 and return
      end
    end
end