// const { user } = require('../../../lib/db');
// const organisations = require('../../../lib/organisations');
const ServerUser = require('../../../lib/db/user/User');

module.exports = async function (req, res, next) {

	try {
		if (req.params.user_id == req.user?.id) {
			throw {status: 403, message: "Cannot self-delete"};
		} else {
			const requestor = new ServerUser(req.user);
			const target = await ServerUser.fromSQL(null, req.params.user_id);

			if (requestor.canEdit(target)) {
				if (await target.remove()) {
					res.status(204).send();
				} else {
					// Delete did not return a successful response. We assume this
					// is because the user did not exist in the first place so we
					// still return a success response
					res.status(202).send();
				}
			} else {
				throw {status: 403, message: "Access denied"};
			}
		}
	} catch (err) {
		next(err);
	}

};