import HttpCodes from "@Common/system/controller-pattern/HttpCodes";
import { NextFunction, Request, Response } from "express";
import Container from "typedi";
import UsersService from "@Services/super-admin/UsersService/UsersService";

export default async function userHandler(req: Request, response: Response, next: NextFunction) {
	const officeId = req.body.user.office_Id;
	const uid = req.path && req.path.split("/")[5];
	const office = req.body.office_membership;

	if (office && office.uid != officeId) {
		response.sendStatus(HttpCodes.UNAUTHORIZED);
		return;
	}

	if (uid) {
		const userService = Container.get(UsersService);
		const user = await userService.getByUidWithOffice(uid!);

		if (!user) {
			response.sendStatus(HttpCodes.NOT_FOUND);
			return;
		}

		if (user.office_membership.uid != officeId) {
			response.sendStatus(HttpCodes.UNAUTHORIZED);
			return;
		}
	}
		
	next();
}