import { Request, Router } from "express";
import { GetUserMiddleware } from "../middlewares/user";
import RequestError, { HttpStatusCode } from "../../helper/request_error";
import promiseMiddleware from "../../helper/promiseMiddleware";
import Permission from "../../models/permissions";
import verify, { Types } from "../middlewares/verify";
import Client from "../../models/client";
import { ObjectID } from "bson";

const PermissionRoute: Router = Router();
PermissionRoute.route("/")
   /**
    * @api {get} /admin/permission
    * @apiName AdminGetPermissions
    * 
    * @apiParam client Optionally filter by client _id
    * 
    * @apiGroup admin_permission
    * @apiPermission admin
    * 
    * @apiSuccess {Object[]} permissions
    * @apiSuccess {String} permissions._id The ID
    * @apiSuccess {String} permissions.name Permission name
    * @apiSuccess {String} permissions.description A description, that makes it clear to the user, what this Permission allows to do
    * @apiSuccess {String} permissions.client The ID of the owning client
    */
   .get(promiseMiddleware(async (req, res) => {
      let query = {};
      if (req.query.client) {
         query = { client: new ObjectID(req.query.client) }
      }
      let permission = await Permission.find(query);
      res.json(permission);
   }))
   /**
    * @api {post} /admin/permission
    * @apiName AdminAddPermission
    * 
    * @apiParam client The ID of the owning client
    * @apiParam name Permission name
    * @apiParam description A description, that makes it clear to the user, what this Permission allows to do
    * 
    * @apiGroup admin_permission
    * @apiPermission admin
    * 
    * @apiSuccess {Object[]} permissions
    * @apiSuccess {String} permissions._id The ID
    * @apiSuccess {String} permissions.name Permission name
    * @apiSuccess {String} permissions.description A description, that makes it clear to the user, what this Permission allows to do
    * @apiSuccess {String} permissions.client The ID of the owning client
    */
   .post(verify({
      client: {
         type: Types.STRING
      },
      name: {
         type: Types.STRING
      },
      description: {
         type: Types.STRING
      }
   }, true), promiseMiddleware(async (req, res) => {
      let client = await Client.findById(req.body.client);
      if (!client) {
         throw new RequestError("Client not found", HttpStatusCode.BAD_REQUEST);
      }
      let permission = Permission.new({
         description: req.body.description,
         name: req.body.name,
         client: client._id
      });
      await Permission.save(permission);
      res.json(permission);
   }))
   /**
    * @api {delete} /admin/permission
    * @apiName AdminDeletePermission
    * 
    * @apiParam id The permission ID
    * 
    * @apiGroup admin_permission
    * @apiPermission admin
    * 
    * @apiSuccess {Boolean} success
    */
   .delete(promiseMiddleware(async (req, res) => {
      let { id } = req.query;
      await Permission.delete(id);
      res.json({ success: true });
   }));

export default PermissionRoute;