'use strict';

var mongoose = require('mongoose'),
User = mongoose.model('User');

exports.list_all = function(req, res) {
    User.find({}, function(err, user) {
    if (err) {
        res.send(err);
    }
    res.json(user);
  });
};

exports.add_user = function(req, res) {
    var new_user = new User(req.body);
    new_user.save(function(err, user) {
        if (err) {
            res.send(err);
        }
        res.json(user);
    });
};

exports.get_user = function(req, res) {
    User.findById(req.params.userId, function(err, user) {
        if (err) {
            res.send(err);
        }
        res.json(user);
    });
};

// TODO modify to update user permitions
exports.update_user = function(req, res) {
    User.findOneAndUpdate({_id: req.params.userId}, req.body, {new: true}, function(err, user) {
        if (err) {
            res.send(err);
        }
        res.json(user);
    });
};

// TODO modify to remove user permitions / group
exports.remove_user = function(req, res) {
    User.remove({
        _id: req.params.userId
    }, function(err, user) {
        if (err) {
            res.send(err);
        }
        res.json({ message: 'User successfully deleted' });
    });
};

// where should you place this: 
// TODO for testing if a particular user has a particular permission over a particular object
// TODO for querying what permissions a particular user has over a particular object