module.exports = Self => { Self.remoteMethodCtx('isEditable', { description: 'Check if the ticket state is editable', accessType: 'READ', accepts: [{ arg: 'stateId', type: 'number', required: true, http: {source: 'path'} }], returns: { type: 'boolean', root: true }, http: { path: `/:stateId/isEditable`, verb: 'get' } }); Self.isEditable = async(ctx, stateId) => { const accessToken = ctx.req.accessToken; const models = Self.app.models; const userId = accessToken.userId; let isProduction = await models.Account.hasRole(userId, 'production'); let isSalesPerson = await models.Account.hasRole(userId, 'salesPerson'); let isAdministrative = await models.Account.hasRole(userId, 'administrative'); let state = await models.State.findById(stateId); let salesPersonAllowed = (isSalesPerson && state.code == 'PICKER_DESIGNED'); let isAllowed = isProduction || isAdministrative || salesPersonAllowed || state.alertLevel == 0; return isAllowed; }; };