From a1a6e483cf4175e484fd72b3661d7086386459e0 Mon Sep 17 00:00:00 2001
From: Javier Segarra <jsegarra@verdnatura.es>
Date: Wed, 10 Apr 2024 15:06:03 +0200
Subject: [PATCH] refs #6427 feat: not update phone when is not owner

---
 loopback/locale/es.json              | 10 ++++----
 modules/worker/back/models/worker.js | 34 ++++++++++++++--------------
 2 files changed, 23 insertions(+), 21 deletions(-)

diff --git a/loopback/locale/es.json b/loopback/locale/es.json
index 51c46270a..72a2099bd 100644
--- a/loopback/locale/es.json
+++ b/loopback/locale/es.json
@@ -353,7 +353,9 @@
 	"This password can only be changed by the user themselves": "Esta contraseña solo puede ser modificada por el propio usuario",
 	"They're not your subordinate": "No es tu subordinado/a.",
 	"No results found": "No se han encontrado resultados",
-    "Phone not valid": "Teléfono no es válido",
-    "User not valid": "Usuario no válido",
-    "Credentials not valid": "Credenciales no válidas"
-}
+	"Phone not valid": "Teléfono no es válido",
+	"User not valid": "Usuario no válido",
+	"Credentials not valid": "Credenciales no válidas",
+	"This worker cant be modified": "This worker cant be modified",
+	"Phone can't be updated": "Phone can't be updated"
+}
\ No newline at end of file
diff --git a/modules/worker/back/models/worker.js b/modules/worker/back/models/worker.js
index b33f10a09..4a495ff08 100644
--- a/modules/worker/back/models/worker.js
+++ b/modules/worker/back/models/worker.js
@@ -1,3 +1,4 @@
+const UserError = require('vn-loopback/util/user-error');
 module.exports = Self => {
     const validateTin = require('vn-loopback/util/validateTin');
     require('../methods/worker/filter')(Self);
@@ -42,24 +43,23 @@ module.exports = Self => {
         done();
     }
 
-    Self.observe('before save', async function(ctx) {
-        // if (ctx.isNewInstance) return;
-        // const isOwner = await checkModifyPermission(ctx);
+    Self.observe('before save', async function(ctx, next) {
+        if (ctx.isNewInstance) return;
+        const isOwner = await checkModifyPermission(ctx);
+        const phoneHasChanged = !!ctx.data.user?.recoveryPhone;
 
-        // const worker = await Self.findById(ctx.currentInstance.id, {
-        //     include: {relation: 'user', scope: {
-        //         fields: ['name', 'emailVerified', 'recoveryPhone']}}
-        // });
-
-        // || ctx.data.user.recoveryPhone !== worker.user().recoveryPhone;
-        // const phoneHasChanged = !!ctx.data.user?.recoveryPhone;
-        // if (!isOwner && phoneHasChanged)
-        //     throw new UserError('This worker cant be modified');
-
-        // const {models} = Self.app;
-        // if (phoneHasChanged)
-        //     await models.VnUser.updateAll({id: ctx.currentInstance.id}, {recoveryPhone: ctx.data.user.recoveryPhone});
-        // return;
+        const {models} = Self.app;
+        if (!isOwner) {
+            if (phoneHasChanged)
+                throw new UserError('Phone can\'t be updated');
+            else {
+                const {recoveryPhone} = ctx.data.user;
+                const {id} = ctx.currentInstance;
+                await models.VnUser.updateAll({id}, {recoveryPhone});
+                ctx.data.code = ctx.currentInstance.code;
+            }
+        }
+        delete ctx.data.user;
     });
     async function checkModifyPermission(ctx) {
         const instanceId = ctx.currentInstance.id;