module Admin
  class UsersController < ApplicationController
    before_action :set_user, only: [:show, :edit, :update, :destroy]

    before_action :ensure_admin_user

    def index
      @users = User.order(:full_name)
      render json: UserSerializer.for(@users)
    end

    def show
    end

    def edit
    end

    def update
      @user.assign_attributes(user_params)

      if @user.save
        redirect_to admin_users_path, notice: 'User was successfully updated.'
      else
        render :edit
      end
    end

    def destroy
      @user.destroy
      redirect_to admin_users_path, notice: 'User was destroyed'
    end

    private
    # Use callbacks to share common setup or constraints between actions.
    def set_user
      @user = User.find(params[:id])
    end

    # Never trust parameters from the scary internet, only allow the white list through.
    def user_params
      params.require(:user).permit(:username, :email, :full_name, :admin, :password, :password_confirmation)
    end
  end
end