From 9cf4ef04c5a013a25746ead10fca1840bc947f67 Mon Sep 17 00:00:00 2001
From: Javier Segarra <jsegarra@verdnatura.es>
Date: Mon, 6 May 2024 14:53:41 +0200
Subject: [PATCH] feat(salix): refs #6427 #6427 Use UserSecurity instead
 validation

---
 .../components/recover-password/index.html    |  7 ----
 .../components/recover-password/locale/es.yml |  2 +-
 loopback/locale/es.json                       |  7 ++--
 modules/worker/back/models/worker.js          | 36 ++++++++++---------
 modules/worker/front/basic-data/index.html    |  1 -
 5 files changed, 25 insertions(+), 28 deletions(-)

diff --git a/front/salix/components/recover-password/index.html b/front/salix/components/recover-password/index.html
index 4348cb1eb..935ab497c 100644
--- a/front/salix/components/recover-password/index.html
+++ b/front/salix/components/recover-password/index.html
@@ -4,13 +4,6 @@
     ng-model="$ctrl.user"
     vn-focus>
 </vn-textfield>
-<!-- <vn-textfield
-    ng-if="$ctrl.sms"
-    disabled="$ctrl.otp"
-    label="User's phone"
-    ng-model="$ctrl.user"
-    required="true">
-</vn-textfield> -->
 <vn-textfield
     ng-if="$ctrl.otp"
     label="Verification code"
diff --git a/front/salix/components/recover-password/locale/es.yml b/front/salix/components/recover-password/locale/es.yml
index 0fb6a2ba6..e95401b65 100644
--- a/front/salix/components/recover-password/locale/es.yml
+++ b/front/salix/components/recover-password/locale/es.yml
@@ -3,7 +3,7 @@ We will sent you an email to recover your password: Te enviaremos un correo para
 We will sent you a sms to recover your password: Te enviaremos un sms para restablecer tu contraseña
 We will sent you a item to recover your password: Te enviaremos un {{mode}} para restablecer tu contraseña
 Notification sent!: ¡Notificación enviada!
-User or recovery email: Usuario, télefono o correo de recuperación
+User or recovery email: Usuario, móvil o email recuperación
 User's phone: Móvil del usuario
 User's id: Id del usuario
 Credentials not valid: Credenciales no válidas
diff --git a/loopback/locale/es.json b/loopback/locale/es.json
index 571fa3296..ed0bcf1ac 100644
--- a/loopback/locale/es.json
+++ b/loopback/locale/es.json
@@ -355,11 +355,12 @@
 	"No results found": "No se han encontrado resultados",
 	"InvoiceIn is already booked": "La factura recibida está contabilizada",
 	"This workCenter is already assigned to this agency": "Este centro de trabajo ya está asignado a esta agencia",
-    "Select ticket or client": "Elija un ticket o un client",
+	"Select ticket or client": "Elija un ticket o un client",
 	"It was not able to create the invoice": "No se pudo crear la factura",
 	"Phone not valid": "Teléfono no es válido",
 	"User not valid": "Usuario no válido",
 	"Credentials not valid": "Credenciales no válidas",
 	"This worker cant be modified": "This worker cant be modified",
-	"Phone can't be updated": "Phone can't be updated"
-}
+	"Phone can't be updated": "Phone can't be updated",
+	"ReferenceError: models is not defined": "ReferenceError: models is not defined"
+}
\ No newline at end of file
diff --git a/modules/worker/back/models/worker.js b/modules/worker/back/models/worker.js
index 61ad63ce2..3f7c6f32e 100644
--- a/modules/worker/back/models/worker.js
+++ b/modules/worker/back/models/worker.js
@@ -45,29 +45,33 @@ module.exports = Self => {
 
     Self.observe('before save', async function(ctx, next) {
         if (ctx.isNewInstance) return;
-        const isOwner = await checkModifyPermission(ctx);
+        const instanceId = ctx.currentInstance.id;
+        const userId = ctx.options.accessToken.userId;
+        const isOwner = instanceId === userId;
         const phoneHasChanged = !!ctx.data.user?.recoveryPhone;
-
-        const {models} = Self.app;
+        try {
+            await Self.app.models.VnUser.userSecurity(ctx, ctx.where.id);
+        } catch (error) {
+            throw new UserError('Phone can\'t be updated');
+        }
         if (!isOwner) {
-            if (phoneHasChanged)
-                throw new UserError('Phone can\'t be updated');
-            else {
+            if (phoneHasChanged) {
                 const {recoveryPhone} = ctx.data.user;
                 const {id} = ctx.currentInstance;
-                await models.VnUser.updateAll({id}, {recoveryPhone});
+                await Self.app.models.VnUser.updateAll({id}, {recoveryPhone});
                 ctx.data.code = ctx.currentInstance.code;
             }
         }
         delete ctx.data.user;
     });
-    async function checkModifyPermission(ctx) {
-        const instanceId = ctx.currentInstance.id;
-        const userId = ctx.options.accessToken.userId;
-        try {
-            return (instanceId == userId);
-        } catch (error) {
-            throw new UserError(error);
-        }
-    }
+//   async function checkModifyPermission(ctx) {
+//         const instanceId = ctx.currentInstance.id;
+//         const userId = ctx.options.accessToken.userId;
+//         try {
+//             if (instanceId === userId) return true;
+//             return
+//         } catch (error) {
+//             throw new UserError(error);
+//         }
+//     }
 };
diff --git a/modules/worker/front/basic-data/index.html b/modules/worker/front/basic-data/index.html
index a8b404da6..f764b3137 100644
--- a/modules/worker/front/basic-data/index.html
+++ b/modules/worker/front/basic-data/index.html
@@ -79,7 +79,6 @@
                     vn-one
                     label="Recovery phone"
                     ng-model="$ctrl.worker.user.recoveryPhone"
-                    disabled="$root.user.id !== $ctrl.worker.id"
                     >
                 </vn-textfield>
                 <vn-input-number