const UserError = require('vn-loopback/util/user-error');

module.exports = Self => {
    Self.observe('before save', async function(ctx) {
        const models = Self.app.models;
        const userId = ctx.options.accessToken.userId;
        const user = await ctx.instance.userFk;
        const modifiedUser = await getUserToModify(null, user, models);

        if (userId != modifiedUser.id && userId != modifiedUser.bossFk)
            throw new UserError('You dont have permission to modify this user');
    });

    Self.remoteMethod('deleteNotification', {
        description: 'Deletes a notification subscription',
        accepts: [
            {
                arg: 'ctx',
                type: 'object',
                http: {source: 'context'}
            },
            {
                arg: 'notificationId',
                type: 'number',
                required: true
            },
        ],
        returns: {
            type: 'object',
            root: true
        },
        http: {
            verb: 'POST',
            path: '/deleteNotification'
        }
    });

    Self.deleteNotification = async function(ctx, notificationId) {
        const models = Self.app.models;
        const user = ctx.req.accessToken.userId;
        const modifiedUser = await getUserToModify(notificationId, null, models);

        if (user != modifiedUser.id && user != modifiedUser.bossFk)
            throw new UserError('You dont have permission to modify this user');

        await models.NotificationSubscription.destroyById(notificationId);
    };

    async function getUserToModify(notificationId, userFk, models) {
        let userToModify = userFk;
        if (notificationId) {
            const subscription = await models.NotificationSubscription.findById(notificationId);
            userToModify = subscription.userFk;
        }
        return await models.Worker.findOne({
            fields: ['id', 'bossFk'],
            where: {
                id: userToModify
            }
        });
    }
};