var models = require('../models');
var User = models.User;
var Note = models.Note;
var userSafeParams = ['id', 'name', 'username', 'bio', 'twitter_handle', 'site'];

module.exports = function(app){
  app.get('/users', function(req, res){
    models.sequelize.sync().on('success', function(){
      User.findAll({attributes: userSafeParams}).success(function(users){
        res.json(users);
      })
    });
  });

  app.put('/users', function(req, res){
    var param;
    var updateParams = {};
    var userId = parseInt(req.param('id'));
    
    // Return an 401 aunauthorized if a user tries to editor another user's profile
    if(!req.user || req.user.id !== userId) {
      res.status(401);
      res.json({error: "You are not authorized to edit this user"});
      return
    }

    models.sequelize.sync().on('success', function(){
      User.find({where: {id: userId}}).success(function(user){
        for(var i=0, l = userSafeParams.length; i < l; i++ ){
          param = userSafeParams[i];
          updateParams[param] = req.param(param);
        }

        user.updateAttributes(updateParams).success(function(){
          res.json(user)
        })
      });
    });
  });

  app.get('/users/:id', function(req, res){
    var userId = parseInt(req.params.id, 10);
    
    if(!userId) {
      res.json({});
      return;
    }

    models.sequelize.sync().on('success', function(){
      User.find({where: {id: userId}, attributes: userSafeParams, include: [Note]}).success(function(user){
        res.json(user);
      })
    });
  });
};