class AccountsController < ApplicationController
  before_action :set_user, only: [:show, :edit, :update, :destroy]
  before_action :admin?

  def index
    @users = User.all
  end

  def show
  end

  def new
    @user = User.new
  end

  def edit
    if @user.is_admin?
      redirect_to users_path, notice: 'Admins are not editable by other admins.'
    end
  end

  def create
    @user = User.new(user_params)

    respond_to do |format|
      if @user.save
        format.html { redirect_to @user, notice: 'User was successfully created.' }
        format.json { render action: 'show', status: :created, location: @user }
      else
        format.html { render action: 'new' }
        format.json { render json: @user.errors, status: :unprocessable_entity }
      end
    end
  end

  def update
     password = params[:user][:current_password]
     params[:user].delete(:current_password)
     respond_to do |format|
       if @user.update(user_params)
         format.html { redirect_to @user, notice: 'User was successfully updated.' }
         format.json { head :no_content }
       else
         format.html { render action: 'edit', notice: @user.errors }
         format.json { render json: @user.errors, status: :unprocessable_entity }
       end
    end
  end

  # DELETE /users/1
  # DELETE /users/1.json
  def destroy
    @user.destroy
    respond_to do |format|
      format.html { redirect_to users_url }
      format.json { head :no_content }
    end
  end

  private
  # Use callbacks to share common setup or constraints between actions.
  def set_user
    @user = User.find(params[:id])
  end

  # Never trust parameters from the scary internet, only allow the white list through.
  def user_params
    params.require(:user).permit(:email, :password, :password_confirmation, :current_password)
  end


  def admin?
    if current_admin.nil?
      redirect_to new_admin_session_path, notice: 'Please login as an Admin.'
    end

  end
end