class Competitions::PrizeLeaderAccountsController < Competitions::BaseController
  before_action :require_prize_team_leader!

  def update
    Competitions::SavePrizeTeamAccountService.call(current_competition, current_prize_user, update_params)
    render_ok
  rescue ApplicationService::Error => ex
    render_error(ex.message)
  end

  private

  def require_prize_team_leader!
    prize_user = current_competition.competition_prize_users.joins(:competition_prize)
                   .where(competition_prizes: { category: :bonus })
                   .find_by(leader: true, user_id: current_prize_user.id)
    return if prize_user.present? && (current_user.admin_or_business? || current_user.id == current_prize_user.id)

    render_forbidden
  end

  def update_params
    params.permit(:bank, :second_bank, :card_no)
  end

  def current_prize_user
    @_current_prize_user ||= User.find(params[:user_id])
  end
end