Message controller

1. class MessagesController < ApplicationController
2.   before_action :set_message, except: %i(index create)
3.   before_action :set_sender, except: :index
4.   # before_action :set_receiverable, only: :create
5.   before_action :autorize_action, only: %i(update destroy)
6.   before_action :authenticate_role, only: %i(create update)
7.  
8.   def index
9.     messages = Message.where(status: params[:status]).recent if params[:status]&.in?(Message::statuses.keys)
10.     messages ||= Message.recent
11.  
12.     render json: messages
13.   end
14.  
15.   def create
16.     p "params[:message][:receiverable]: #{params[:message][:receiverable]}"
17.     invalidate(params[:message][:receiverable])
18.  
19.     receiverables = []
20.     params[:message][:receiverable].each do |object|
21.       klass = object.keys.join.to_s.remove('_id').classify.constantize
22.       id = object.values.join.to_i
23.       receiverables << klass.find(id)
24.     end
25.  
26.     create_errors = []
27.     receiverables.each do |receiver|
28.       message = @sender.sended_messages.build(message_params)
29.       message.receiverable = receiver
30.  
31.       unless message.save
32.         create_errors << { message: "An error occurred: #{message.errors.full_messages.join('; ')}" }
33.       end
34.     end
35.  
36.     render json: { errors: create_errors }, status: 422 if create_errors.any?
37.   end
38.  
39.  
40.   def update
41.     if @message.update(message_params)
42.       render json: @message, status: :ok
43.     else
44.       render json: { message: "An error occurred: #{@message.errors.full_messages.join('; ')}" }, status: 422
45.     end
46.   end
47.  
48.   def destroy
49.     @message.destroy
50.     render json: { status: :ok }
51.   end
52.  
53.   private
54.  
55.   def authenticate_role
56.     # authenticate_customer! || authenticate_respondent! || authenticate_admin!
57.     current_admin || current_customer || current_respondent
58.   end
59.  
60.   def set_message
61.     @message = Message.find_by_id(params[:id])
62.   end
63.  
64.   def set_sender
65.     @sender = current_admin || current_customer || current_respondent
66.     p "@sender: #{@sender}"
67.   end
68.  
69.   def message_params
70.     params.require(:message).permit(:customer_id,
71.                                     :admin_id,
72.                                     :respondent_id,
73.                                     :receiverable_id,
74.                                     :receiverable_type,
75.                                     :status,
76.                                     :subject,
77.                                     :text)
78.   end
79.  
80.   def autorize_action
81.     unless current_customer == @message.senderable || current_respondent == @message.senderable || current_admin # admin_signed_in?
82.       return render json: { error: 'An unauthorized!' }, status: 401
83.     end
84.   end
85.  
86.   def invalidate(params)
87.     errors = []
88.     errors << 'invalid type params' if params.blank? || !params.is_a?(Array) # || !params.all?(Hash)
89.     params.each do |entry|
90.       errors << "Incorrect params object: #{entry}" unless entry.keys.join.in?(['customer_id', 'respondent_id', 'admin_id'])
91.     end
92.     return render json: { error: errors }, status: 422 if errors.any?
93.   end
94. end
95.