const aqp = require('api-query-params');
const errors = require('restify-errors');

const config = require('../config');
const User = require('../models/user');
const { PUBLIC, STAFF } = require('../strategies/selects/user');

module.exports = function (server, auth) {
	server.post('/users', auth.manager, (req, res, next) => {
		let { password = null, ...data } = req.body || {};

		let user = new User(data);
		user.save(function(err) {
			if (err) {
				console.error(err);
				return next(new errors.InternalError(err.message));
				next();
			}

      if (password) {
        user.setPassword(password);
      }

			res.send(201);
			next();
		});
	});

	server.get('/users', auth.basic, (req, res, next) => {
    const { filter } = aqp(req.query);
    const select = req.user.isManager ? STAFF : PUBLIC;

		User.find(filter, select, function (err, docs) {
			if (err) {
				console.error(err);
				return next(
					new errors.InvalidContentError(err),
				);
			}

			res.send(docs);
			next();
		});
	});

	server.get('/users/:user_id', auth.managerOrSelf, (req, res, next) => {
    const select = req.user.isManager ? STAFF : PUBLIC;

		User.findOne({ _id: req.params.user_id }, select, function (err, doc) {
			if (err) {
				console.error(err);
				return next(
					new errors.InvalidContentError(err),
				);
			}

			res.send(req.user.isManager ? doc : doc.toProfileJSON());
			next();
		});
	});

	server.put('/users/:user_id', auth.managerOrSelf, (req, res, next) => {
		let data = req.body || {};

		if (!data._id) {
			data = Object.assign({}, data, { _id: req.params.user_id });
		}

		User.findOne({ _id: req.params.user_id }, function (err, doc) {
			if (err) {
				console.error(err);
				return next(
					new errors.InvalidContentError(err),
				);
			} else if (!doc) {
				return next(
					new errors.ResourceNotFoundError(
						'The resource you requested could not be found.',
					),
				);
			}

			User.update({ _id: data._id }, data, function (err) {
				if (err) {
					console.error(err);
					return next(
						new errors.InvalidContentError(err),
					);
				}

				res.send(200, data);
				next();
			});
		});
	});

	server.del('/users/:user_id', auth.manager, (req, res, next) => {
		User.deleteOne({ _id: req.params.user_id }, function (err) {
			if (err) {
				console.error(err);
				return next(
					new errors.InvalidContentError(err),
				);
			}

			res.send(204);
			next();
		});
	});
};