refs #6427 feat: not update phone when is not owner
gitea/salix/pipeline/pr-dev This commit looks good
Details
gitea/salix/pipeline/pr-dev This commit looks good
Details
This commit is contained in:
parent
f0eeb2e28b
commit
a1a6e483cf
|
@ -355,5 +355,7 @@
|
|||
"No results found": "No se han encontrado resultados",
|
||||
"Phone not valid": "Teléfono no es válido",
|
||||
"User not valid": "Usuario no válido",
|
||||
"Credentials not valid": "Credenciales no válidas"
|
||||
"Credentials not valid": "Credenciales no válidas",
|
||||
"This worker cant be modified": "This worker cant be modified",
|
||||
"Phone can't be updated": "Phone can't be updated"
|
||||
}
|
|
@ -1,3 +1,4 @@
|
|||
const UserError = require('vn-loopback/util/user-error');
|
||||
module.exports = Self => {
|
||||
const validateTin = require('vn-loopback/util/validateTin');
|
||||
require('../methods/worker/filter')(Self);
|
||||
|
@ -42,24 +43,23 @@ module.exports = Self => {
|
|||
done();
|
||||
}
|
||||
|
||||
Self.observe('before save', async function(ctx) {
|
||||
// if (ctx.isNewInstance) return;
|
||||
// const isOwner = await checkModifyPermission(ctx);
|
||||
Self.observe('before save', async function(ctx, next) {
|
||||
if (ctx.isNewInstance) return;
|
||||
const isOwner = await checkModifyPermission(ctx);
|
||||
const phoneHasChanged = !!ctx.data.user?.recoveryPhone;
|
||||
|
||||
// const worker = await Self.findById(ctx.currentInstance.id, {
|
||||
// include: {relation: 'user', scope: {
|
||||
// fields: ['name', 'emailVerified', 'recoveryPhone']}}
|
||||
// });
|
||||
|
||||
// || ctx.data.user.recoveryPhone !== worker.user().recoveryPhone;
|
||||
// const phoneHasChanged = !!ctx.data.user?.recoveryPhone;
|
||||
// if (!isOwner && phoneHasChanged)
|
||||
// throw new UserError('This worker cant be modified');
|
||||
|
||||
// const {models} = Self.app;
|
||||
// if (phoneHasChanged)
|
||||
// await models.VnUser.updateAll({id: ctx.currentInstance.id}, {recoveryPhone: ctx.data.user.recoveryPhone});
|
||||
// return;
|
||||
const {models} = Self.app;
|
||||
if (!isOwner) {
|
||||
if (phoneHasChanged)
|
||||
throw new UserError('Phone can\'t be updated');
|
||||
else {
|
||||
const {recoveryPhone} = ctx.data.user;
|
||||
const {id} = ctx.currentInstance;
|
||||
await models.VnUser.updateAll({id}, {recoveryPhone});
|
||||
ctx.data.code = ctx.currentInstance.code;
|
||||
}
|
||||
}
|
||||
delete ctx.data.user;
|
||||
});
|
||||
async function checkModifyPermission(ctx) {
|
||||
const instanceId = ctx.currentInstance.id;
|
||||
|
|
Loading…
Reference in New Issue