class CustomWizard::StepsController < ApplicationController
  before_action :ensure_logged_in

  def update
    params.require(:step_id)
    params.require(:wizard_id)
    field_ids = CustomWizard::Wizard.field_ids(params[:wizard_id], params[:step_id])

    permitted = params.permit(:wizard_id, :step_id)
    if params[:fields]
      permitted[:fields] = params[:fields].select { |k, v| field_ids.include? k }
      permitted.permit!
    end

    wizard = CustomWizard::Builder.new(current_user, permitted[:wizard_id].underscore).build
    updater = wizard.create_updater(permitted[:step_id], permitted[:fields])
    updater.update

    if updater.success?
      result = success_json
      result.merge!(updater.result) if updater.result
      result[:refresh_required] = true if updater.refresh_required?
      render json: result
    else
      errors = []
      updater.errors.messages.each do |field, msg|
        errors << { field: field, description: msg.join }
      end
      render json: { errors: errors }, status: 422
    end
  end
end