/*Canopy - The next generation of stoner streaming software
Copyright (C) 2024  Rainbownapkin and the TTN Community

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program.  If not, see <https://www.gnu.org/licenses/>.*/

//npm imports
const {validationResult, matchedData} = require('express-validator');

//local imports
const {exceptionHandler, errorHandler} = require('../../../utils/loggerUtils');
const permissionModel = require('../../../schemas/permissionSchema');
const {userModel} = require('../../../schemas/userSchema');

//api change rank functions
module.exports.post = async function(req, res){
    try{
        //Get validation results
        const validResult = validationResult(req);

        //If we don't have any validation errors
        if(validResult.isEmpty()){
            //get validated/sanatized data and use it to find our user from the Database.
            const data = matchedData(req);
            const userDB = await userModel.findOne({user: data.user});

            if(userDB == null){
                //If the user is null, scream and shout
                return errorHandler(res, 'User not found.', 'Bad Query');
            }else if(userDB.user == req.session.user.user){
                //If some smart-ass is trying self-privelege escalation
                return errorHandler(res, "No, you can't change your own rank, fuck off.", 'Unauthorized', 401);
            }else if(permissionModel.rankToNum(data.rank) >= permissionModel.rankToNum(req.session.user.rank)){
                //If the user is below the new rank of the user they're setting, scream and shout
                return errorHandler(res, "New rank must be below that of the user changing it.", 'Unauthorized', 401);
            }else if(permissionModel.rankToNum(userDB.rank) >= permissionModel.rankToNum(req.session.user.rank)){
                //If the user is below the original rank of the user they're setting, scream and shout
                return errorHandler(res, "You cannot promote/demote peer/outranking users.", 'Unauthorized', 401);
            }

            userDB.rank = data.rank;
            await userDB.save();

            res.status(200);
            return res.send({user: userDB.user, id: userDB.id, rank: userDB.rank});
        }else{
            res.status(400);
            res.send({errors: validResult.array()})
        }
    }catch(err){
        return exceptionHandler(res, err);
    }
}