refs #6427 feat: not update phone when is not owner
gitea/salix/pipeline/pr-dev This commit looks good Details

This commit is contained in:
Javier Segarra 2024-04-10 15:06:03 +02:00
parent f0eeb2e28b
commit a1a6e483cf
2 changed files with 23 additions and 21 deletions

View File

@ -353,7 +353,9 @@
"This password can only be changed by the user themselves": "Esta contraseña solo puede ser modificada por el propio usuario",
"They're not your subordinate": "No es tu subordinado/a.",
"No results found": "No se han encontrado resultados",
"Phone not valid": "Teléfono no es válido",
"User not valid": "Usuario no válido",
"Credentials not valid": "Credenciales no válidas"
}
"Phone not valid": "Teléfono no es válido",
"User not valid": "Usuario no válido",
"Credentials not valid": "Credenciales no válidas",
"This worker cant be modified": "This worker cant be modified",
"Phone can't be updated": "Phone can't be updated"
}

View File

@ -1,3 +1,4 @@
const UserError = require('vn-loopback/util/user-error');
module.exports = Self => {
const validateTin = require('vn-loopback/util/validateTin');
require('../methods/worker/filter')(Self);
@ -42,24 +43,23 @@ module.exports = Self => {
done();
}
Self.observe('before save', async function(ctx) {
// if (ctx.isNewInstance) return;
// const isOwner = await checkModifyPermission(ctx);
Self.observe('before save', async function(ctx, next) {
if (ctx.isNewInstance) return;
const isOwner = await checkModifyPermission(ctx);
const phoneHasChanged = !!ctx.data.user?.recoveryPhone;
// const worker = await Self.findById(ctx.currentInstance.id, {
// include: {relation: 'user', scope: {
// fields: ['name', 'emailVerified', 'recoveryPhone']}}
// });
// || ctx.data.user.recoveryPhone !== worker.user().recoveryPhone;
// const phoneHasChanged = !!ctx.data.user?.recoveryPhone;
// if (!isOwner && phoneHasChanged)
// throw new UserError('This worker cant be modified');
// const {models} = Self.app;
// if (phoneHasChanged)
// await models.VnUser.updateAll({id: ctx.currentInstance.id}, {recoveryPhone: ctx.data.user.recoveryPhone});
// return;
const {models} = Self.app;
if (!isOwner) {
if (phoneHasChanged)
throw new UserError('Phone can\'t be updated');
else {
const {recoveryPhone} = ctx.data.user;
const {id} = ctx.currentInstance;
await models.VnUser.updateAll({id}, {recoveryPhone});
ctx.data.code = ctx.currentInstance.code;
}
}
delete ctx.data.user;
});
async function checkModifyPermission(ctx) {
const instanceId = ctx.currentInstance.id;