salix/services/loopback/common/methods/client/updateBillingData.js

let UserError = require('../../helpers').UserError;

module.exports = Self => {
    Self.remoteMethodCtx('updateBillingData', {
        description: 'Updates billing data of a client',
        accessType: 'WRITE',
        accepts: [{
            arg: 'data',
            type: 'Object',
            required: true,
            description: 'Params to update',
            http: {source: 'body'}
        }, {
            arg: 'id',
            type: 'string',
            required: true,
            description: 'Model id',
            http: {source: 'path'}
        }],
        returns: {
            arg: 'data',
            type: 'Worker',
            root: true
        },
        http: {
            path: `/:id/updateBillingData`,
            verb: 'POST'
        }
    });

    Self.updateBillingData = async(ctx, params, id) => {
        let userId = ctx.req.accessToken.userId;
        let isAdministrative = await Self.app.models.Account.hasRole(userId, 'administrative');

        let client = await Self.app.models.Client.findOne({where: {id: id}});

        if (!isAdministrative && client.isTaxDataChecked)
            throw new UserError(`You don't have enough privileges to do that`);

        let validUpdateParams = [
            'payMethodFk',
            'dueDay',
            'iban',
            'hasLcr',
            'hasCoreVnl',
            'hasSepaVnl'
        ];

        for (const key in params) {
            if (validUpdateParams.indexOf(key) === -1)
                throw new UserError(`You don't have enough privileges to do that`);
        }

        return client.updateAttributes({
            payMethodFk: params.payMethodFk,
            dueDay: params.dueDay,
            iban: params.iban,
            hasLcr: params.hasLcr,
            hasCoreVnl: params.hasCoreVnl,
            hasSepaVnl: params.hasSepaVnl
        });
    };
};