class APITokensController < ApplicationController
  before_action :authenticate_administrateur!
  before_action :set_api_token, only: [:update, :destroy]

  def create
    @api_token, @packed_token = APIToken.generate(current_administrateur)

    render :index
  end

  def update
    if become_full_access?
      @api_token.become_full_access!
    elsif disallow_procedure_id.present?
      @api_token.untarget_procedure(disallow_procedure_id.to_i)
    else
      @api_token.update!(api_token_params)
    end

    render :index
  end

  def destroy
    @api_token.destroy

    render :index
  end

  private

  def set_api_token
    @api_token = current_administrateur.api_tokens.find(params[:id])
  end

  def become_full_access?
    api_token_params[:become_full_access].present?
  end

  def disallow_procedure_id
    api_token_params[:disallow_procedure_id]
  end

  def api_token_params
    params.require(:api_token).permit(:name, :write_access, :become_full_access, :disallow_procedure_id, allowed_procedure_ids: [])
  end
end