#6744 fix worker setPassword #2027
|
|
@ -3,27 +3,23 @@ module.exports = Self => {
|
|||
Self.remoteMethodCtx('setPassword', {
|
||||
description: 'Set a new password',
|
||||
accepts: [{
|
||||
arg: 'workerFk',
|
||||
arg: 'id',
|
||||
type: 'number',
|
||||
required: true,
|
||||
description: 'The worker id',
|
||||
http: {source: 'path'}
|
||||
}, {
|
||||
arg: 'newPass',
|
||||
type: 'String',
|
||||
required: true,
|
||||
description: 'The new worker password'
|
||||
}, {
|
||||
arg: 'emailVerified',
|
||||
type: 'Boolean',
|
||||
required: true,
|
||||
},
|
||||
],
|
||||
}],
|
||||
http: {
|
||||
path: `/:id/setPassword`,
|
||||
verb: 'PATCH'
|
||||
}
|
||||
});
|
||||
Self.setPassword = async(ctx, workerFk, newPass, emailVerified, options) => {
|
||||
Self.setPassword = async(ctx, workerId, newPass, options) => {
|
||||
const userId = ctx.req.accessToken.userId;
|
||||
const models = Self.app.models;
|
||||
const myOptions = {};
|
||||
|
|
@ -37,12 +33,13 @@ module.exports = Self => {
|
|||
}
|
||||
|
||||
try {
|
||||
|
jorgep marked this conversation as resolved
Outdated
|
||||
const ishimself = userId === workerFk;
|
||||
const isSubordinate = await models.Worker.isSubordinate(ctx, workerFk, myOptions);
|
||||
const ishimself = userId === workerId;
|
||||
|
jorgep marked this conversation as resolved
Outdated
jgallego
commented
isHimself isHimself
juan
commented
No pondría aquí No pondría aquí `isHimself`, para cambiarse la contraseña uno mismo que se utilice el método tradicional que yahace las comprobaciones de seguridad correspondientes
|
||||
const isSubordinate = await Self.isSubordinate(ctx, workerId, myOptions);
|
||||
|
jorgep marked this conversation as resolved
jgallego
commented
no podemos poner aquí el contenido de setUnverifiedPassword? no podemos poner aquí el contenido de setUnverifiedPassword?
es necesario crear ese método?
jorgep
commented
me lo pidio exprasemente @juan me lo pidio exprasemente @juan
|
||||
const {emailVerified} = await models.VnUser.findById(workerId, {fields: ['emailVerified']}, myOptions);
|
||||
|
||||
if (ishimself || (isSubordinate && !emailVerified)) {
|
||||
await models.VnUser.setPassword(workerFk, newPass, myOptions);
|
||||
await models.VnUser.updateAll({id: workerFk}, {emailVerified: true}, myOptions);
|
||||
await models.VnUser.setPassword(workerId, newPass, myOptions);
|
||||
await models.VnUser.updateAll({id: workerId}, {emailVerified: true}, myOptions);
|
||||
} else
|
||||
throw new UserError('You don\'t have enough privileges.');
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,9 @@ class Controller extends Descriptor {
|
|||
constructor($element, $, $rootScope) {
|
||||
super($element, $);
|
||||
this.$rootScope = $rootScope;
|
||||
|
||||
this.$http.get(`UserConfigs/getUserConfig`)
|
||||
.then(res => this.userFk = res.data.userFk);
|
||||
}
|
||||
|
||||
get worker() {
|
||||
|
|
@ -15,8 +18,6 @@ class Controller extends Descriptor {
|
|||
this.entity = value;
|
||||
if (value)
|
||||
this.getIsExcluded();
|
||||
this.$http.get(`UserConfigs/getUserConfig`)
|
||||
.then(res => this.userFk = res.data.userFk);
|
||||
|
||||
if (this.entity && !this.entity.user.emailVerified)
|
||||
this.getPassRequirements();
|
||||
|
|
@ -89,8 +90,7 @@ class Controller extends Descriptor {
|
|||
if (this.newPassword != this.repeatPassword)
|
||||
throw new UserError(`Passwords don't match`);
|
||||
this.$http.patch(
|
||||
`Workers/${this.entity.id}/setPassword`,
|
||||
{workerFk: this.entity.id, newPass: this.newPassword, emailVerified: !!this.entity.user.emailVerified}
|
||||
`Workers/${this.entity.id}/setPassword`, {newPass: this.newPassword}
|
||||
) .then(() => {
|
||||
this.vnApp.showSuccess(this.$translate.instant('Password changed!'));
|
||||
});
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Lanzar ForbiddenError indicando en el mensaje que no es subordinado.