refs #6427 feat: not update phone when is not owner

2024-04-10 15:06:03 +02:00 · 2024-04-10 15:06:03 +02:00 · a1a6e483cf
parent f0eeb2e28b
commit a1a6e483cf
2 changed files with 23 additions and 21 deletions
--- a/loopback/locale/es.json
+++ b/loopback/locale/es.json
@ -353,7 +353,9 @@
 	"This password can only be changed by the user themselves": "Esta contraseña solo puede ser modificada por el propio usuario",
 	"They're not your subordinate": "No es tu subordinado/a.",
 	"No results found": "No se han encontrado resultados",
-    "Phone not valid": "Teléfono no es válido",
-    "User not valid": "Usuario no válido",
-    "Credentials not valid": "Credenciales no válidas"
+	"Phone not valid": "Teléfono no es válido",
+	"User not valid": "Usuario no válido",
+	"Credentials not valid": "Credenciales no válidas",
+	"This worker cant be modified": "This worker cant be modified",
+	"Phone can't be updated": "Phone can't be updated"
 }
--- a/modules/worker/back/models/worker.js
+++ b/modules/worker/back/models/worker.js
@ -1,3 +1,4 @@
+const UserError = require('vn-loopback/util/user-error');
 module.exports = Self => {
    const validateTin = require('vn-loopback/util/validateTin');
    require('../methods/worker/filter')(Self);
@ -42,24 +43,23 @@ module.exports = Self => {
        done();
    }

-    Self.observe('before save', async function(ctx) {
-        // if (ctx.isNewInstance) return;
-        // const isOwner = await checkModifyPermission(ctx);
+    Self.observe('before save', async function(ctx, next) {
+        if (ctx.isNewInstance) return;
+        const isOwner = await checkModifyPermission(ctx);
+        const phoneHasChanged = !!ctx.data.user?.recoveryPhone;

-        // const worker = await Self.findById(ctx.currentInstance.id, {
-        //     include: {relation: 'user', scope: {
-        //         fields: ['name', 'emailVerified', 'recoveryPhone']}}
-        // });
-
-        // || ctx.data.user.recoveryPhone !== worker.user().recoveryPhone;
-        // const phoneHasChanged = !!ctx.data.user?.recoveryPhone;
-        // if (!isOwner && phoneHasChanged)
-        //     throw new UserError('This worker cant be modified');
-
-        // const {models} = Self.app;
-        // if (phoneHasChanged)
-        //     await models.VnUser.updateAll({id: ctx.currentInstance.id}, {recoveryPhone: ctx.data.user.recoveryPhone});
-        // return;
+        const {models} = Self.app;
+        if (!isOwner) {
+            if (phoneHasChanged)
+                throw new UserError('Phone can\'t be updated');
+            else {
+                const {recoveryPhone} = ctx.data.user;
+                const {id} = ctx.currentInstance;
+                await models.VnUser.updateAll({id}, {recoveryPhone});
+                ctx.data.code = ctx.currentInstance.code;
+            }
+        }
+        delete ctx.data.user;
    });
    async function checkModifyPermission(ctx) {
        const instanceId = ctx.currentInstance.id;