'use strict'
import userService from '../../src/data/users/{id}'
import { isAuthEnabled, initAllowedUsers, authenticate, checkRole } from '../../auth'
import { Operation } from 'express-openapi'

export default function() {
  const PATCH: Operation = async (req, res, next) => {
    const { isAllowedUser, role } = req.user

    if (!isAllowedUser && !checkRole(role, 'admin')) {
      const msg = 'No permission to patch user'
      console.error(msg)
      res.status(401).send(msg)
    } else {
      try {
        res.status(200).json(await userService.patchUser(req))
        if (isAuthEnabled()) {
          await initAllowedUsers()
        }
      } catch (error) {
        console.error(error)
        res.status(error.code || 500).json(error.message)
      }
    }
  }

  const DELETE: Operation = async (req, res, next) => {
    const { isAllowedUser, role } = req.user

    if (!isAllowedUser && !checkRole(role, 'admin')) {
      const msg = 'No permission to delete user'
      console.error(msg)
      res.status(401).send(msg)
    } else {
      try {
        res.status(200).json(await userService.deleteUser(req))
        if (isAuthEnabled()) {
          await initAllowedUsers()
        }
      } catch (error) {
        console.error(error)
        res.status(error.code || 500).json(error.message)
      }
    }
  }

  return {
    PATCH: [authenticate(['allowed-users', 'bot-token']), PATCH],
    DELETE: [authenticate(['allowed-users', 'bot-token']), DELETE]
  }
}