class NotesController < ApplicationController
  before_filter :project

  # Authorize
  before_filter :add_project_abilities

  before_filter :authorize_read_note!
  before_filter :authorize_write_note!, :only => [:create]

  respond_to :js

  def index
    notes
    respond_with(@notes)
  end

  def create
    @note = Notes::CreateContext.new(project, current_user, params).execute

    respond_to do |format|
      format.html {redirect_to :back}
      format.js
    end
  end

  def destroy
    @note = @project.notes.find(params[:id])
    return access_denied! unless can?(current_user, :admin_note, @note)
    @note.destroy

    respond_to do |format|
      format.js { render :nothing => true }
    end
  end

  protected 

  def notes
    @notes = Notes::LoadContext.new(project, current_user, params).execute
  end
end