68 lines
2.0 KiB
JavaScript
68 lines
2.0 KiB
JavaScript
const UserError = require('vn-loopback/util/user-error');
|
|
module.exports = Self => {
|
|
Self.remoteMethodCtx('updateUser', {
|
|
description: 'Updates the user information',
|
|
accessType: 'WRITE',
|
|
accepts: [
|
|
{
|
|
arg: 'id',
|
|
type: 'number',
|
|
description: 'The user id'
|
|
},
|
|
{
|
|
arg: 'name',
|
|
type: 'string',
|
|
description: 'the user name'
|
|
},
|
|
{
|
|
arg: 'email',
|
|
type: 'any',
|
|
description: 'the user email'
|
|
},
|
|
{
|
|
arg: 'active',
|
|
type: 'boolean',
|
|
description: 'whether the user is active or not'
|
|
},
|
|
],
|
|
http: {
|
|
path: '/:id/updateUser',
|
|
verb: 'PATCH'
|
|
}
|
|
});
|
|
|
|
Self.updateUser = async function(ctx, id, options) {
|
|
const models = Self.app.models;
|
|
let tx;
|
|
const myOptions = {};
|
|
|
|
if (typeof options == 'object')
|
|
Object.assign(myOptions, options);
|
|
|
|
if (!myOptions.transaction) {
|
|
tx = await models.VnUser.beginTransaction({});
|
|
myOptions.transaction = tx;
|
|
}
|
|
|
|
try {
|
|
const canEdit = await models.ACL.checkAccessAcl(ctx, 'Client', 'updateUser', 'WRITE');
|
|
if (!canEdit)
|
|
throw new UserError(`Not enough privileges to edit a client`);
|
|
|
|
const isClient = await models.Client.findById(id, null, myOptions);
|
|
const isAccount = await models.Account.findById(id, null, myOptions);
|
|
|
|
if (isClient && !isAccount) {
|
|
const user = await models.VnUser.findById(id, null, myOptions);
|
|
await user.updateAttributes(ctx.args, myOptions);
|
|
} else
|
|
throw new UserError(`Modifiable user details only by an administrator`);
|
|
|
|
if (tx) await tx.commit();
|
|
} catch (e) {
|
|
if (tx) await tx.rollback();
|
|
throw e;
|
|
}
|
|
};
|
|
};
|