salix/modules/worker/back/methods/worker-time-control/deleteTimeEntry.js

49 lines
1.7 KiB
JavaScript
Raw Normal View History

2019-11-14 13:20:05 +00:00
const UserError = require('vn-loopback/util/user-error');
2019-11-05 07:59:48 +00:00
module.exports = Self => {
Self.remoteMethodCtx('deleteTimeEntry', {
description: 'Deletes a manual time entry for a worker if the user role is above the worker',
accessType: 'READ',
accepts: [{
arg: 'id',
type: 'number',
required: true,
description: 'The time entry id',
http: {source: 'path'}
}],
returns: {
type: 'boolean',
root: true
},
http: {
path: `/:id/deleteTimeEntry`,
verb: 'POST'
}
});
2021-06-17 13:09:04 +00:00
Self.deleteTimeEntry = async(ctx, id, options) => {
2023-06-20 06:20:13 +00:00
const userId = ctx.req.accessToken.userId;
2021-06-17 13:09:04 +00:00
const models = Self.app.models;
2019-11-05 07:59:48 +00:00
2023-06-20 06:20:13 +00:00
const myOptions = {userId};
2021-06-17 13:09:04 +00:00
if (typeof options == 'object')
Object.assign(myOptions, options);
2019-11-14 13:20:05 +00:00
2021-06-17 13:09:04 +00:00
const targetTimeEntry = await Self.findById(id, null, myOptions);
const isSubordinate = await models.Worker.isSubordinate(ctx, targetTimeEntry.userFk, myOptions);
const isTeamBoss = await models.ACL.checkAccessAcl(ctx, 'Worker', 'isTeamBoss', 'WRITE');
2023-06-20 06:20:13 +00:00
const isHimself = userId == targetTimeEntry.userFk;
2019-11-05 07:59:48 +00:00
2021-06-17 13:09:04 +00:00
if (isSubordinate === false || (isSubordinate && isHimself && !isTeamBoss))
2019-11-05 07:59:48 +00:00
throw new UserError(`You don't have enough privileges`);
const response = await Self.rawSql('CALL vn.workerTimeControl_remove(?, ?)', [
2021-06-17 13:09:04 +00:00
targetTimeEntry.userFk, targetTimeEntry.timed], myOptions);
await models.WorkerTimeControl.resendWeeklyHourEmail(ctx, targetTimeEntry.userFk, targetTimeEntry.timed, myOptions);
return response;
2019-11-05 07:59:48 +00:00
};
};