37 lines
747 B
JavaScript
37 lines
747 B
JavaScript
const { Forbidden } = require('../../errors');
|
|
const executePolicy = require('../../auth/executePolicy');
|
|
|
|
const update = async (options) => {
|
|
try {
|
|
const {
|
|
id,
|
|
model,
|
|
data,
|
|
config,
|
|
user,
|
|
} = options;
|
|
|
|
const policy = config && config.policies && config.policies.update;
|
|
const hasPermission = await executePolicy(user, policy);
|
|
|
|
if (hasPermission) {
|
|
// Await validation here
|
|
|
|
// Await pre-hook here
|
|
|
|
const doc = await model.findOne({ _id: id });
|
|
Object.assign(doc, data);
|
|
await doc.save();
|
|
|
|
// Await post hook here
|
|
|
|
return doc.toJSON({ virtuals: true });
|
|
}
|
|
throw new Forbidden();
|
|
} catch (err) {
|
|
throw err;
|
|
}
|
|
};
|
|
|
|
module.exports = update;
|