class Api::V1::BikesController < Api::V1::BaseController
  CANNOT_MANAGE = "You do not have permission to manage bikes."
  EXPECTED_BIKE = "Expected bike in submitted data"
  NOT_FOUND = "The bike could not be found."

  before_filter :check_bike_permission, except: :show

  def create
    if params[:bikes] && bike = params[:bikes].first
      @bike = Bike.new(bike)
      if !@bike.save
        render json: { errors: @bike.errors }, status: 422 and return
      end
    else
        render json: { errors: [EXPECTED_BIKE]}, status: 422 and return
    end
  end

  def show
    @bike = Bike.find_by_id(params[:id])
    if @bike.nil?
      render json: { errors: [NOT_FOUND] }, status: 404 and return
    end
  end

  private
    def check_bike_permission
      if cannot? :manage, Bike
        render json: { errors: [CANNOT_MANAGE]}, status: 403 and return
      end
    end
end