42 lines
1.3 KiB
JavaScript
42 lines
1.3 KiB
JavaScript
const UserError = require('vn-loopback/util/user-error');
|
|
module.exports = Self => {
|
|
Self.remoteMethodCtx('setPassword', {
|
|
description: 'Sets the password of a non-worker client',
|
|
accepts: [
|
|
{
|
|
arg: 'id',
|
|
type: 'number',
|
|
description: 'The user id',
|
|
http: {source: 'path'}
|
|
}, {
|
|
arg: 'newPassword',
|
|
type: 'string',
|
|
description: 'The new password',
|
|
required: true
|
|
}
|
|
],
|
|
http: {
|
|
path: `/:id/setPassword`,
|
|
verb: 'PATCH'
|
|
}
|
|
});
|
|
|
|
Self.setPassword = async function(ctx, id, newPassword) {
|
|
const models = Self.app.models;
|
|
const userId = ctx.req.accessToken.userId;
|
|
|
|
const isSalesPerson = await models.Account.hasRole(userId, 'salesPerson');
|
|
|
|
if (!isSalesPerson)
|
|
throw new UserError(`Not enough privileges to edit a client`);
|
|
|
|
const isClient = await models.Client.findById(id, null);
|
|
const isUserAccount = await models.UserAccount.findById(id, null);
|
|
|
|
if (isClient && !isUserAccount)
|
|
await models.Account.setPassword(id, newPassword);
|
|
else
|
|
throw new UserError(`Modifiable password only via recovery or by an administrator`);
|
|
};
|
|
};
|