const UserError = require('vn-loopback/util/user-error'); module.exports = Self => { Self.remoteMethodCtx('deleteTimeEntry', { description: 'Deletes a manual time entry for a worker if the user role is above the worker', accessType: 'READ', accepts: [{ arg: 'id', type: 'number', required: true, description: 'The time entry id', http: {source: 'path'} }], returns: { type: 'boolean', root: true }, http: { path: `/:id/deleteTimeEntry`, verb: 'POST' } }); Self.deleteTimeEntry = async(ctx, id, options) => { const userId = ctx.req.accessToken.userId; const models = Self.app.models; const myOptions = {userId}; if (typeof options == 'object') Object.assign(myOptions, options); const targetTimeEntry = await Self.findById(id, null, myOptions); const isSubordinate = await models.Worker.isSubordinate(ctx, targetTimeEntry.userFk, myOptions); const isTeamBoss = await models.ACL.checkAccessAcl(ctx, 'Worker', 'isTeamBoss', 'WRITE'); const isHimself = userId == targetTimeEntry.userFk; if (isSubordinate === false || (isSubordinate && isHimself && !isTeamBoss)) throw new UserError(`You don't have enough privileges`); const response = await Self.rawSql('CALL vn.workerTimeControl_remove(?, ?)', [ targetTimeEntry.userFk, targetTimeEntry.timed], myOptions); await models.WorkerTimeControl.resendWeeklyHourEmail(ctx, targetTimeEntry.userFk, targetTimeEntry.timed, myOptions); return response; }; };