diff --git a/modules/worker/back/methods/worker/setPassword.js b/modules/worker/back/methods/worker/setPassword.js index 43d3d946f..0f6905e80 100644 --- a/modules/worker/back/methods/worker/setPassword.js +++ b/modules/worker/back/methods/worker/setPassword.js @@ -2,42 +2,49 @@ const UserError = require('vn-loopback/util/user-error'); module.exports = Self => { Self.remoteMethodCtx('setPassword', { description: 'Set a new password', - accepts: [ - { - arg: 'workerFk', - type: 'number', - required: true, - description: 'The worker id', - }, - { - arg: 'newPass', - type: 'String', - required: true, - description: 'The new worker password' - } + accepts: [{ + arg: 'workerFk', + type: 'number', + required: true, + description: 'The worker id', + }, { + arg: 'newPass', + type: 'String', + required: true, + description: 'The new worker password' + }, { + arg: 'emailVerified', + type: 'Boolean', + required: true, + }, ], http: { path: `/:id/setPassword`, verb: 'PATCH' } }); - Self.setPassword = async(ctx, options) => { + Self.setPassword = async(ctx, workerFk, newPass, emailVerified, options) => { + const userId = ctx.req.accessToken.userId; const models = Self.app.models; const myOptions = {}; - const {args} = ctx; let tx; + if (typeof options == 'object') Object.assign(myOptions, options); if (!myOptions.transaction) { tx = await Self.beginTransaction({}); myOptions.transaction = tx; } - try { - const isSubordinate = await models.Worker.isSubordinate(ctx, args.workerFk, myOptions); - if (!isSubordinate) throw new UserError('You don\'t have enough privileges.'); - await models.VnUser.setPassword(args.workerFk, args.newPass, myOptions); - await models.VnUser.updateAll({id: args.workerFk}, {emailVerified: true}, myOptions); + try { + const ishimself = userId === workerFk; + const isSubordinate = await models.Worker.isSubordinate(ctx, workerFk, myOptions); + + if (ishimself || (isSubordinate && !emailVerified)) { + await models.VnUser.setPassword(workerFk, newPass, myOptions); + await models.VnUser.updateAll({id: workerFk}, {emailVerified: true}, myOptions); + } else + throw new UserError('You don\'t have enough privileges.'); if (tx) await tx.commit(); } catch (e) { diff --git a/modules/worker/front/descriptor/index.html b/modules/worker/front/descriptor/index.html index 8290e2a15..67776ce47 100644 --- a/modules/worker/front/descriptor/index.html +++ b/modules/worker/front/descriptor/index.html @@ -11,8 +11,8 @@ ? 'Click to allow the user to be disabled' : 'Click to exclude the user from getting disabled'}} - - Change password + + Change password diff --git a/modules/worker/front/descriptor/index.js b/modules/worker/front/descriptor/index.js index 13ffa6f2f..4ef98fe3b 100644 --- a/modules/worker/front/descriptor/index.js +++ b/modules/worker/front/descriptor/index.js @@ -15,6 +15,8 @@ class Controller extends Descriptor { this.entity = value; if (value) this.getIsExcluded(); + this.$http.get(`UserConfigs/getUserConfig`) + .then(res => this.userFk = res.data.userFk); if (this.entity && !this.entity.user.emailVerified) this.getPassRequirements(); @@ -69,6 +71,7 @@ class Controller extends Descriptor { } ] }; + return this.getData(`Workers/${this.id}`, {filter}) .then(res => this.entity = res.data); } @@ -87,7 +90,7 @@ class Controller extends Descriptor { throw new UserError(`Passwords don't match`); this.$http.patch( `Workers/${this.entity.id}/setPassword`, - {workerFk: this.entity.id, newPass: this.newPassword} + {workerFk: this.entity.id, newPass: this.newPassword, emailVerified: !!this.entity.user.emailVerified} ) .then(() => { this.vnApp.showSuccess(this.$translate.instant('Password changed!')); });