loopback/locale/en.json

@@ -209,5 +209,6 @@
     "You cannot update these fields": "You cannot update these fields",
     "CountryFK cannot be empty": "Country cannot be empty",
     "You are not allowed to modify the alias": "You are not allowed to modify the alias",
-    "You already have the mailAlias": "You already have the mailAlias"
+    "You already have the mailAlias": "You already have the mailAlias",
+    "The email has been already verified": "The email has been already verified" 
 }

loopback/locale/es.json

@@ -344,5 +344,6 @@
     "CountryFK cannot be empty": "El país no puede estar vacío",
     "Cmr file does not exist": "El archivo del cmr no existe",
     "You are not allowed to modify the alias": "No estás autorizado a modificar el alias",
-    "No tickets to invoice": "No hay tickets para facturar"
+    "No tickets to invoice": "No hay tickets para facturar",
+    "The email has been already verified": "El correo ya ha sido verificado"
 }

modules/account/back/models/account.js

@@ -1,4 +1,7 @@
 
+const ForbiddenError = require('vn-loopback/util/forbiddenError');
+const {models} = require('vn-loopback/server/server');
+
 module.exports = Self => {
     require('../methods/account/sync')(Self);
     require('../methods/account/sync-by-id')(Self);
@@ -7,4 +10,12 @@ module.exports = Self => {
     require('../methods/account/logout')(Self);
     require('../methods/account/change-password')(Self);
     require('../methods/account/set-password')(Self);
+
+    Self.setUnverifiedPassword = async(id, pass, options) => {
+        const user = await models.VnUser.findById(id, null, options);
+        if (user.emailVerified) throw new ForbiddenError('The email has been already verified');
+
+        await models.VnUser.setPassword(id, pass, options);
+        await user.updateAttribute('emailVerified', true, options);
+    };
 };

modules/worker/back/methods/worker/setPassword.js

@@ -19,8 +19,7 @@ module.exports = Self => {
             verb: 'PATCH'
         }
     });
-    Self.setPassword = async(ctx, workerId, newPass, options) => {
+    Self.setPassword = async(ctx, id, newPass, options) => {
-        const userId = ctx.req.accessToken.userId;
         const models = Self.app.models;
         const myOptions = {};
         let tx;
@@ -31,17 +30,11 @@ module.exports = Self => {
             tx = await Self.beginTransaction({});
             myOptions.transaction = tx;
         }
-
         try {
-            const isHimself = userId === workerId;
+            const isSubordinate = await Self.isSubordinate(ctx, id, myOptions);
-            const isSubordinate = await Self.isSubordinate(ctx, workerId, myOptions);
+            if (!isSubordinate) throw new UserError('You don\'t have enough privileges.');
-            const {emailVerified} = await models.VnUser.findById(workerId, {fields: ['emailVerified']}, myOptions);
 
-            if (isHimself || (isSubordinate && !emailVerified)) {
+            await models.Account.setUnverifiedPassword(id, newPass, myOptions);
-                await models.VnUser.setPassword(workerId, newPass, myOptions);
-                await models.VnUser.updateAll({id: workerId}, {emailVerified: true}, myOptions);
-            } else
-                throw new UserError('You don\'t have enough privileges.');
 
             if (tx) await tx.commit();
         } catch (e) {

modules/worker/back/methods/worker/specs/setPassword.spec.js

@@ -42,23 +42,7 @@ describe('worker setPassword()', () => {
 
             await tx.rollback();
         } catch (e) {
-            expect(e.message).toEqual(`You don't have enough privileges.`);
+            expect(e.message).toEqual(`The email has been already verified`);
-            await tx.rollback();
-        }
-    });
-
-    it('should change the password if it is himself', async() => {
-        const tx = await models.Worker.beginTransaction({});
-
-        try {
-            const options = {transaction: tx};
-            await models.VnUser.updateAll({id: managerId}, {emailVerified: true}, options);
-            await models.Worker.setPassword(ctx, managerId, newPass, options);
-            const isNewPass = await passHasBeenChanged(managerId, newPass, options);
-
-            expect(isNewPass).toBeTrue();
-            await tx.rollback();
-        } catch (e) {
             await tx.rollback();
         }
     });

modules/worker/front/descriptor/index.html

@@ -11,7 +11,7 @@
                 ? 'Click to allow the user to be disabled'
                 : 'Click to exclude the user from getting disabled'}}
           </vn-item>
-          <vn-item ng-if="!$ctrl.worker.user.emailVerified || $ctrl.id == $ctrl.userFk" ng-click="setPassword.show()" translate>
+          <vn-item ng-if="!$ctrl.worker.user.emailVerified && $ctrl.vnConfig.storage.currentUserWorkerId !=$ctrl.worker.id" ng-click="setPassword.show()" translate>
             Change password 
           </vn-item>
     </slot-menu>

modules/worker/front/descriptor/index.js

@@ -5,9 +5,6 @@ class Controller extends Descriptor {
     constructor($element, $, $rootScope) {
         super($element, $);
         this.$rootScope = $rootScope;
-
-        this.$http.get(`UserConfigs/getUserConfig`)
-            .then(res => this.userFk = res.data.userFk);
     }
 
     get worker() {
@@ -93,11 +90,11 @@ class Controller extends Descriptor {
             `Workers/${this.entity.id}/setPassword`, {newPass: this.newPassword}
         ) .then(() => {
             this.vnApp.showSuccess(this.$translate.instant('Password changed!'));
-        });
+        }).then(() => this.loadData());
     }
 }
 
-Controller.$inject = ['$element', '$scope', '$rootScope'];
+Controller.$inject = ['$element', '$scope', '$rootScope', 'vnConfig'];
 
 ngModule.vnComponent('vnWorkerDescriptor', {
     template: require('./index.html'),