const UserError = require('vn-loopback/util/user-error'); module.exports = Self => { Self.remoteMethodCtx('changeState', { description: 'Change the state of a ticket', accessType: 'WRITE', accepts: [{ arg: 'params', type: 'object', required: true, description: 'ticketFk, stateFk', http: {source: 'body'} }], returns: { type: 'string', root: true }, http: { path: `/changeState`, verb: 'post' } }); Self.changeState = async(ctx, params) => { let models = Self.app.models; let isProduction; let isEditable = await Self.app.models.Ticket.isEditable(params.ticketFk); let assignedState = await Self.app.models.State.findOne({where: {code: 'PICKER_DESIGNED'}}); let isAssigned = assignedState.id === params.stateFk; let currentUserId; if (ctx.req.accessToken) { let token = ctx.req.accessToken; currentUserId = token && token.userId; isProduction = await models.Account.hasRole(currentUserId, 'production'); isSalesperson = await models.Account.hasRole(currentUserId, 'salesPerson'); } if ((!isEditable && !isProduction) || (isEditable && !isAssigned && isSalesperson) || (!isSalesperson && !isProduction)) throw new UserError(`You don't have enough privileges to change the state of this ticket`); if (!isAssigned) { let worker = await models.Worker.findOne({where: {userFk: currentUserId}}); params.workerFk = worker.id; } return await Self.app.models.TicketTracking.create(params); }; };