diff --git a/modules/client/back/methods/client/setPassword.js b/modules/client/back/methods/client/setPassword.js index 2f0ebca5b..e3fc9bbf8 100644 --- a/modules/client/back/methods/client/setPassword.js +++ b/modules/client/back/methods/client/setPassword.js @@ -23,12 +23,6 @@ module.exports = Self => { Self.setPassword = async function(ctx, id, newPassword) { const models = Self.app.models; - const userId = ctx.req.accessToken.userId; - - const isSalesPerson = await models.Account.hasRole(userId, 'salesPerson'); - - if (!isSalesPerson) - throw new UserError(`Not enough privileges to edit a client`); const isClient = await models.Client.findById(id, null); const isUserAccount = await models.UserAccount.findById(id, null); diff --git a/modules/client/back/methods/client/specs/setPassword.spec.js b/modules/client/back/methods/client/specs/setPassword.spec.js index 13065ca12..03334918b 100644 --- a/modules/client/back/methods/client/specs/setPassword.spec.js +++ b/modules/client/back/methods/client/specs/setPassword.spec.js @@ -6,21 +6,6 @@ describe('Client setPassword', () => { req: {accessToken: {userId: salesPersonId}} }; - it(`should throw an error if you don't have enough permissions`, async() => { - let error; - const employeeId = 1; - const ctx = { - req: {accessToken: {userId: employeeId}} - }; - try { - await models.Client.setPassword(ctx, 1, 't0pl3v3l.p455w0rd!'); - } catch (e) { - error = e; - } - - expect(error.message).toEqual(`Not enough privileges to edit a client`); - }); - it('should throw an error the setPassword target is not just a client but a worker', async() => { let error;