require 'securerandom'
class Api::V1::UsersController < Api::V1::BaseController

  def password_reset
    if can? :manage, User
      user = User.find_by_id(params[:user_id])
      render :json => { "error" => "User not found"}, :status => 404 and return if user.nil?
      render :json => { "error" => "Not allowed to reset your own password in this fashion."}, :status => 403 and return if user.id == current_user.id

      new_pass = SecureRandom.hex[0,8]
      user.password = new_pass
      user.save
      render :json => { "password" => new_pass}, :status => 200 and return
    else
      render :json => { "error" => "You do not have the permission"}, :status => 403 and return
    end
  end

  def checkout
    #must use @current_user since user may not have signed in
    if !@current_user.checked_in?
      render :json => { "error" => "You were not even checked in."}, :status => 404 and return
    else
      @current_user.checkout
      render :nothing => true, :status => 204 and return
    end
  end
end