class Admin::MasqueradesController < Admin::ApplicationController
  before_action :set_user, only: [:create]
  skip_before_action :require_admin_login, only: [:destroy]

  def create
    authorize :masquerade, :create?
    session[:admin_id] = current_user.id
    sign_in @user
    redirect_to signed_in_root_path
  end

  def destroy
    authorize :masquerade, :destroy?
    sign_in User.find session[:admin_id]
    session.delete(:admin_id)
    session.delete(:active_account)
    redirect_to admin_users_path
  end

  private

  def set_user
    @user = find_user
  end

  def users
    policy_scope User
  end

  def find_user
    authorize users.find(params[:user_id])
  end
end