module.exports = Self => { Self.remoteMethodCtx('updateBillingData', { description: 'Updates billing data of a client', accessType: 'WRITE', accepts: [{ arg: 'data', type: 'Object', required: true, description: 'Params to update', http: {source: 'body'} }, { arg: 'id', type: 'string', required: true, description: 'Model id', http: {source: 'path'} }], returns: { arg: 'data', type: 'Worker', root: true }, http: { path: `/:id/updateBillingData`, verb: 'PATCH' } }); Self.updateBillingData = async(ctx, params, id) => { let userId = ctx.req.accessToken.userId; let isAdministrative = await Self.app.models.Account.hasRole(userId, 'administrative'); let [taxData] = await Self.app.models.Client.find({where: {id: id}, fields: ['isTaxDataChecked']}); if (!isAdministrative && taxData.isTaxDataChecked) throw new Error(`You don't have enough privileges to do that`); let validUpdateParams = [ 'payMethodFk', 'dueDay', 'iban', 'hasLcr', 'hasCoreVnl', 'hasSepaVnl' ]; for (const key in params) { if (validUpdateParams.indexOf(key) === -1) throw new Error(`You don't have enough privileges to do that`); } return await Self.app.models.Client.update({id: id}, params); }; };