class API::SettingsController < API::ApiController
  before_action :authenticate_user!, only: :update

  def index
    @settings = Setting.where(name: names_as_string_to_array)
  end

  def update
    authorize Setting
    @setting = Setting.find_by(name: params[:name])
    if @setting.update(setting_params)
      render status: :ok
    else
      render json: @setting.errors.full_messages, status: :unprocessable_entity
    end
  end

  def show
    @setting = Setting.find_or_create_by(name: params[:name])
  end

  private
    def setting_params
      params.require(:setting).permit(:value)
    end

    def names_as_string_to_array
      params[:names][1..-2].split(',').map(&:strip).map { |param| param[1..-2] }.map(&:strip)
    end
end