const { Middleware } = require('libflitter')

class PermissionMiddleware extends Middleware {
    async test(req, res, next, { check }) {
        // If the request was authorized using an OAuth2 bearer token,
        // make sure the associated client has permission to access this endpoint.
        if ( req?.oauth?.client ) {
            if ( !req.oauth.client.can(check) )
                return res.status(401)
                    .message('Insufficient permissions (OAuth2 Client).')
                    .api()
        }

        // Make sure the user has permission
        if ( !req.user.can(check) )
            return res.status(401)
                .message('Insufficient permissions.')
                .api()

        return next()
    }
}

module.exports = exports = PermissionMiddleware