hensei-api/app/controllers/api/v1/weapon_series_controller.rb

# frozen_string_literal: true

module Api
  module V1
    class WeaponSeriesController < Api::V1::ApiController
      before_action :set_weapon_series, only: %i[show update destroy]
      before_action :ensure_editor_role, only: %i[create update destroy]

      # GET /weapon_series
      def index
        weapon_series = WeaponSeries.ordered
        render json: WeaponSeriesBlueprint.render(weapon_series)
      end

      # GET /weapon_series/:id
      def show
        render json: WeaponSeriesBlueprint.render(@weapon_series, view: :full)
      end

      # POST /weapon_series
      def create
        weapon_series = WeaponSeries.new(weapon_series_params)

        if weapon_series.save
          render json: WeaponSeriesBlueprint.render(weapon_series, view: :full), status: :created
        else
          render_validation_error_response(weapon_series)
        end
      end

      # PATCH/PUT /weapon_series/:id
      def update
        if @weapon_series.update(weapon_series_params)
          render json: WeaponSeriesBlueprint.render(@weapon_series, view: :full)
        else
          render_validation_error_response(@weapon_series)
        end
      end

      # DELETE /weapon_series/:id
      def destroy
        if @weapon_series.weapons.exists?
          render json: ErrorBlueprint.render(nil, error: {
            message: 'Cannot delete series with associated weapons',
            code: 'has_dependencies'
          }), status: :unprocessable_entity
        else
          @weapon_series.destroy!
          head :no_content
        end
      end

      private

      def set_weapon_series
        # Support lookup by slug or UUID
        @weapon_series = WeaponSeries.find_by(slug: params[:id]) || WeaponSeries.find(params[:id])
      end

      def ensure_editor_role
        return if current_user&.role && current_user.role >= 7

        Rails.logger.warn "[WEAPON_SERIES] Unauthorized access attempt by user #{current_user&.id}"
        render json: { error: 'Unauthorized - Editor role required' }, status: :unauthorized
      end

      def weapon_series_params
        params.require(:weapon_series).permit(
          :name_en, :name_jp, :slug, :order,
          :extra, :element_changeable, :has_weapon_keys,
          :has_awakening, :has_ax_skills
        )
      end
    end
  end
end