let UserError = require('../../helpers').UserError; module.exports = Self => { Self.remoteMethodCtx('updateBillingData', { description: 'Updates billing data of a client', accessType: 'WRITE', accepts: [{ arg: 'data', type: 'Object', required: true, description: 'Params to update', http: {source: 'body'} }, { arg: 'id', type: 'string', required: true, description: 'Model id', http: {source: 'path'} }], returns: { arg: 'data', type: 'Worker', root: true }, http: { path: `/:id/updateBillingData`, verb: 'POST' } }); Self.updateBillingData = async(ctx, params, id) => { let userId = ctx.req.accessToken.userId; let data = filterAttributes(params, [ 'payMethodFk', 'dueDay', 'iban', 'hasLcr', 'hasCoreVnl', 'hasSepaVnl']); if (!Object.keys(data).length) return; let isAdministrative = await Self.app.models.Account.hasRole(userId, 'administrative'); let client = await Self.app.models.Client.findOne({where: {id: id}}); if (!isAdministrative && client.isTaxDataChecked) throw new UserError(`You don't have enough privileges to do that`); return client.updateAttributes(data); }; function filterAttributes(params, allowed) { let newParams = {}; Object.keys(params).forEach(attribute => { if (allowed.indexOf(attribute) > -1) newParams[attribute] = params[attribute]; }); return newParams; } };