2024-03-07 08:29:51 +00:00
|
|
|
const ForbiddenError = require('vn-loopback/util/forbiddenError');
|
2023-10-16 13:58:25 +00:00
|
|
|
module.exports = Self => {
|
|
|
|
|
Self.remoteMethodCtx('setPassword', {
|
|
|
|
|
description: 'Set a new password',
|
2024-02-12 15:10:58 +00:00
|
|
|
accepts: [{
|
2024-02-13 09:10:48 +00:00
|
|
|
arg: 'id',
|
2024-02-12 15:10:58 +00:00
|
|
|
type: 'number',
|
|
|
|
|
required: true,
|
|
|
|
|
description: 'The worker id',
|
2024-02-13 09:10:48 +00:00
|
|
|
http: {source: 'path'}
|
2024-02-12 15:10:58 +00:00
|
|
|
}, {
|
|
|
|
|
arg: 'newPass',
|
|
|
|
|
type: 'String',
|
|
|
|
|
required: true,
|
|
|
|
|
description: 'The new worker password'
|
2024-02-13 09:10:48 +00:00
|
|
|
}],
|
2023-10-16 13:58:25 +00:00
|
|
|
http: {
|
|
|
|
|
path: `/:id/setPassword`,
|
|
|
|
|
verb: 'PATCH'
|
|
|
|
|
}
|
|
|
|
|
});
|
2024-02-22 14:42:54 +00:00
|
|
|
Self.setPassword = async(ctx, id, newPass, options) => {
|
2023-10-16 13:58:25 +00:00
|
|
|
const models = Self.app.models;
|
|
|
|
|
const myOptions = {};
|
|
|
|
|
let tx;
|
2024-02-12 15:10:58 +00:00
|
|
|
|
2023-10-16 13:58:25 +00:00
|
|
|
if (typeof options == 'object')
|
|
|
|
|
Object.assign(myOptions, options);
|
|
|
|
|
if (!myOptions.transaction) {
|
|
|
|
|
tx = await Self.beginTransaction({});
|
|
|
|
|
myOptions.transaction = tx;
|
|
|
|
|
}
|
|
|
|
|
try {
|
2024-02-22 14:42:54 +00:00
|
|
|
const isSubordinate = await Self.isSubordinate(ctx, id, myOptions);
|
2024-03-07 08:29:51 +00:00
|
|
|
if (!isSubordinate) throw new ForbiddenError('They\'re not your subordinate');
|
2023-10-16 13:58:25 +00:00
|
|
|
|
2024-02-22 14:42:54 +00:00
|
|
|
await models.Account.setUnverifiedPassword(id, newPass, myOptions);
|
2023-10-16 13:58:25 +00:00
|
|
|
|
|
|
|
|
if (tx) await tx.commit();
|
|
|
|
|
} catch (e) {
|
|
|
|
|
if (tx) await tx.rollback();
|
|
|
|
|
throw e;
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
};
|
