const GrantedPermission = require("../models/GrantedPermission");
const Session = require("../models/Session");

module.exports = function(permissionNode) {
    return async function(req, res, next) {

        // Set the token
        let token = req.token;
        if (req.tokenType === "client") token = req.clientId;

        // Get permissions from client
        const clientPermissions = await GrantedPermission.findAll({where: {token: token}});

        // Check permission
        for (let permission in clientPermissions) {
            if (clientPermissions[permission].permissionNode === "*") return next();
            try {
                if (new RegExp(clientPermissions[permission].permissionNode).test(permissionNode)) return next();
            } catch {}
        }

        // Return if client has no permission
        res.status(403).json({message: `You need the permission '${permissionNode}' to perform this action.`});
    }
}