From 63bc00e8da554224d68b96c7cd9e8abaae1965dc Mon Sep 17 00:00:00 2001
From: James <james@trbl.design>
Date: Tue, 18 Aug 2020 14:50:07 -0400
Subject: [PATCH] fixese bug in auth update operation

---
 src/auth/operations/update.js | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/src/auth/operations/update.js b/src/auth/operations/update.js
index a8a1efa53a..a2420f2341 100644
--- a/src/auth/operations/update.js
+++ b/src/auth/operations/update.js
@@ -30,15 +30,24 @@ async function update(args) {
   // 2. Retrieve document
   // /////////////////////////////////////
 
-  let query = { _id: id };
+  const queryToBuild = {
+    where: {
+      and: [
+        {
+          id: {
+            equals: id,
+          },
+        },
+      ],
+    },
+  };
 
   if (hasWhereAccess) {
-    query = {
-      ...query,
-      ...accessResults,
-    };
+    queryToBuild.where.and.push(hasWhereAccess);
   }
 
+  const query = await Model.buildQuery(queryToBuild, locale);
+
   let user = await Model.findOne(query);
 
   if (!user && !hasWhereAccess) throw new NotFound();
@@ -112,8 +121,8 @@ async function update(args) {
   const { password } = dataToUpdate;
 
   if (password) {
-    delete dataToUpdate.password;
     await user.setPassword(password);
+    delete dataToUpdate.password;
   }
 
   // /////////////////////////////////////
@@ -130,7 +139,7 @@ async function update(args) {
   // 9. Execute field-level hooks and access
   // /////////////////////////////////////
 
-  user = this.performFieldOperations(collectionConfig, {
+  user = await this.performFieldOperations(collectionConfig, {
     data: user,
     hook: 'afterRead',
     operation: 'read',