test(salix): refs #6427 fix test back

2024-05-23 17:54:14 +02:00 · 2024-05-23 17:54:14 +02:00 · a01637414e
parent 56444b3d33
commit a01637414e
2 changed files with 29 additions and 2 deletions
--- a/back/models/specs/vn-user.spec.js
+++ b/back/models/specs/vn-user.spec.js
@ -34,7 +34,7 @@ describe('loopback model VnUser', () => {
            await models.VnUser.userSecurity(ctx, employeeId);
        });

-        it('should throw an error if you have medium privileges and the users email is verified', async() => {
+        it('should throw an error when update emailVerified field if you have medium privileges and the users email is verified', async() => {
            const tx = await models.VnUser.beginTransaction({});
            const ctx = {options: {accessToken: {userId: hrId}}};
            try {
@ -50,5 +50,32 @@ describe('loopback model VnUser', () => {
                expect(error).toEqual(new ForbiddenError());
            }
        });
+
+        it('should throw an error when update recoveryPhone if you have medium privileges and the users email is verified', async() => {
+            const tx = await models.VnUser.beginTransaction({});
+            const ctx = {options: {accessToken: {userId: hrId}}};
+            try {
+                const options = {transaction: tx};
+                const userToUpdate = await models.VnUser.findById(1, null, options);
+                userToUpdate.updateAttribute('recoveryPhone', 123456789, options);
+
+                await models.VnUser.userSecurity(ctx, employeeId, options);
+                await tx.rollback();
+            } catch (error) {
+                await tx.rollback();
+
+                expect(error).toEqual(new ForbiddenError());
+            }
+        });
+
+        it('should update recoveryPhone if you are the same user', async() => {
+            const ctx = {options: {accessToken: {userId: employeeId}}};
+            const newRecoveryPhone = 123456789;
+
+            const userToUpdate = await models.VnUser.findById(1, null);
+            userToUpdate.updateAttribute('recoveryPhone', newRecoveryPhone);
+
+            await models.VnUser.userSecurity(ctx, employeeId);
+        });
    });
 });
--- a/back/models/vn-user.js
+++ b/back/models/vn-user.js
@ -232,7 +232,7 @@ module.exports = function(Self) {
        const user = await models.VnUser.findById(userId, {fields: ['id', 'emailVerified']}, myOptions);
        if (!user.emailVerified && hasMediumPrivileges) return;

-        if (ctx.args.recoveryPhone) throw new ForbiddenError();
+        if (ctx.args?.recoveryPhone) throw new ForbiddenError();

        throw new ForbiddenError();
    };