let UserError = require('../../helpers').UserError; module.exports = Self => { Self.remoteMethodCtx('updateFiscalData', { description: 'Updates billing data of a client', accessType: 'WRITE', accepts: [{ arg: 'data', type: 'Object', required: true, description: 'Params to update', http: {source: 'body'} }, { arg: 'id', type: 'string', required: true, description: 'Model id', http: {source: 'path'} }], returns: { arg: 'res', type: 'String', root: true }, http: { path: `/:id/updateFiscalData`, verb: 'PATCH' } }); Self.updateFiscalData = async(ctx, params, id) => { let userId = ctx.req.accessToken.userId; let isAdministrative = await Self.app.models.Account.hasRole(userId, 'administrative'); let [taxData] = await Self.app.models.Client.find({where: {id: id}, fields: ['isTaxDataChecked']}); if (!isAdministrative && taxData.isTaxDataChecked) throw new UserError(`You don't have enough privileges to do that`); let validUpdateParams = [ 'socialName', 'fi', 'street', 'postcode', 'city', 'countryFk', 'provinceFk', 'isActive', 'isFreezed', 'hasToInvoice', 'isVies', 'isToBeMailed', 'hasToInvoiceByAddress', 'isEqualizated', 'isTaxDataVerified', 'isTaxDataChecked' ]; for (const key in params) { if (validUpdateParams.indexOf(key) === -1) throw new UserError(`You don't have enough privileges to do that`); } params.id = id; let client = await Self.app.models.Client.findById(id); return await client.updateAttributes(params); }; };