/**
 * Contract source: https://git.io/Jte3T
 *
 * Feel free to let us know via PR, if you find something broken in this config
 * file.
 */

import Bouncer from '@ioc:Adonis/Addons/Bouncer'
import User from 'App/Models/User'
import Employee from 'App/Models/Employee'

/*
|--------------------------------------------------------------------------
| Bouncer Actions
|--------------------------------------------------------------------------
|
| Actions allows you to separate your application business logic from the
| authorization logic. Feel free to make use of policies when you find
| yourself creating too many actions
|
| You can define an action using the `.define` method on the Bouncer object
| as shown in the following example
|
| ```
| 	Bouncer.define('deletePost', (user: User, post: Post) => {
|			return post.user_id === user.id
| 	})
| ```
|
|****************************************************************
| NOTE: Always export the "actions" const from this file
|****************************************************************
*/
export const { actions } = Bouncer

    .define('employees.index', (user: User) => {
        if(user.role !== 'admin') return Bouncer.deny('You are not allowed to view all employees')
        return true
    })

    .define('employees.show', (user: User, employee : Employee) => {
        if(user.role !== 'admin' && user.id !== employee.userId){
            return Bouncer.deny('You are not allowd to view employees other than yourself')
        }
        return true
    })

    .define('employees.store', (user: User) => {
        if(user.role !== 'admin') return Bouncer.deny('You are not allowd to create any employees')
        return true
    })

    .define('employees.destroy', (user: User) => {
        if(user.role !== 'admin') return Bouncer.deny('You are not allowed to delete any employees')
        return true
    })

    .define('employees.update', (user: User, editContractHours : boolean, employee: Employee) => {
        if(user.id !== employee.userId && user.role !== 'admin'){
            return Bouncer.deny('You are not allowed to edit employees other than yourself.')
        } else if (editContractHours && user.role !== 'admin'){
            return Bouncer.deny('You are not allowed to edit your contract hours.')
        }
        return true
    })

/*
|--------------------------------------------------------------------------
| Bouncer Policies
|--------------------------------------------------------------------------
|
| Policies are self contained actions for a given resource. For example: You
| can create a policy for a "User" resource, one policy for a "Post" resource
| and so on.
|
| The "registerPolicies" accepts a unique policy name and a function to lazy
| import the policy
|
| ```
| 	Bouncer.registerPolicies({
|			UserPolicy: () => import('App/Policies/User'),
| 		PostPolicy: () => import('App/Policies/Post')
| 	})
| ```
|
|****************************************************************
| NOTE: Always export the "policies" const from this file
|****************************************************************
*/
export const { policies } = Bouncer.registerPolicies({})