# frozen_string_literal: true

class UsersController < ApplicationController
  skip_before_action :authenticate, only: [ :new, :create ]
  before_action :set_user, only: [ :show, :edit, :update ]
  before_action :ensure_self, only: [ :edit, :update ]

  def new
    redirect_to :root and return unless ActiveModel::Type::Boolean.new.cast(ENV.fetch("ENABLE_SIGNUP") { false })

    @user = User.new
  end

  def create
    redirect_to :root and return unless ActiveModel::Type::Boolean.new.cast(ENV.fetch("ENABLE_SIGNUP") { false })

    @user = User.new(new_user_params)
    if @user.save
      token = @user.generate_token_for(:email_verification)
      UserMailer.with(user: @user, token: token).email_verification.deliver_later
      flash[:notice] = t(".success", name: @user.first_name)
      redirect_to login_path
    else
      flash[:alert] = t(".error", error: @user.errors.full_messages.to_sentence)
      render :new, status: :unprocessable_entity
    end
  end

  def show
    if @user == Current.user
      @table_invites = TableInvite.where(email: @user.email).not_responded
    end
  end

  def edit
  end

  def update
    if existing_user_params.present? && @user.update(existing_user_params)
      redirect_to @user, notice: t(".success")
    else
      flash.now[:alert] = t(".error")
      render :edit, status: :unprocessable_entity
    end
  end

  private

    def new_user_params
      params.require(:user).permit(
        :username,
        :password,
        :password_confirmation,
        :email,
        :first_name,
        :last_name,
      )
    end

    def existing_user_params
      params.require(:user).permit(
        :first_name,
        :last_name,
        :profile,
        :avatar,
        :delete_avatar,
      )
    end

    def set_user
      @user = User.find_by(username: params[:id])
    end

    def ensure_self
      head :forbidden unless @user == Current.user || Current.user.admin?
    end
end