fix: refs #6889 allocate 'productionReviewer' role to revision dep. workers & check if is owner or reviewer
gitea/salix/pipeline/pr-dev This commit looks good
Details
gitea/salix/pipeline/pr-dev This commit looks good
Details
This commit is contained in:
parent
5158017edd
commit
002111d8d1
|
@ -8,4 +8,11 @@ INSERT INTO account.role
|
||||||
|
|
||||||
-- UPDATE salix.ACL
|
-- UPDATE salix.ACL
|
||||||
-- SET principalId = 'productionReviewer'
|
-- SET principalId = 'productionReviewer'
|
||||||
-- WHERE property = 'isInPreparing';
|
-- WHERE property = 'isInPreparing';
|
||||||
|
|
||||||
|
UPDATE account.user u
|
||||||
|
JOIN vn.workerDepartment wd ON wd.workerFk = u.id
|
||||||
|
JOIN vn.department d ON wd.departmentFk = d.id
|
||||||
|
JOIN account.role r ON r.name = 'productionReviewer'
|
||||||
|
SET u.role = r.id
|
||||||
|
WHERE d.name = 'REVISION';
|
|
@ -28,7 +28,7 @@ describe('route getSuggestedTickets()', () => {
|
||||||
|
|
||||||
const result = await models.Route.getSuggestedTickets(routeID, options);
|
const result = await models.Route.getSuggestedTickets(routeID, options);
|
||||||
|
|
||||||
const length = result.length; // cambiar agenciaMode de los tickets por el 8 y ver si da algún problema
|
const length = result.length;
|
||||||
const anyResult = result[Math.floor(Math.random() * Math.floor(length))];
|
const anyResult = result[Math.floor(Math.random() * Math.floor(length))];
|
||||||
|
|
||||||
expect(result.length).toEqual(4);
|
expect(result.length).toEqual(4);
|
||||||
|
|
|
@ -8,18 +8,13 @@ module.exports = Self => {
|
||||||
if (typeof options == 'object')
|
if (typeof options == 'object')
|
||||||
Object.assign(myOptions, options);
|
Object.assign(myOptions, options);
|
||||||
|
|
||||||
const state = await models.TicketState.findOne({
|
const state = await models.TicketState.findOne({where: {ticketFk: id}}, myOptions);
|
||||||
where: {ticketFk: id}
|
|
||||||
}, myOptions);
|
|
||||||
|
|
||||||
const isRoleAdvanced = await models.ACL.checkAccessAcl(ctx, 'Ticket', 'isRoleAdvanced', '*');
|
const isRoleAdvanced = await models.ACL.checkAccessAcl(ctx, 'Ticket', 'isRoleAdvanced', '*');
|
||||||
|
const isProductionReviewer = await models.ACL.checkAccessAcl(ctx, 'Sale', 'isInPreparing', '*');
|
||||||
const canEditWeeklyTicket = await models.ACL.checkAccessAcl(ctx, 'Ticket', 'canEditWeekly', 'WRITE');
|
const canEditWeeklyTicket = await models.ACL.checkAccessAcl(ctx, 'Ticket', 'canEditWeekly', 'WRITE');
|
||||||
const alertLevel = state ? state.alertLevel : null;
|
const alertLevel = state ? state.alertLevel : null;
|
||||||
const ticket = await models.Ticket.findById(id, {
|
const ticket = await models.Ticket.findById(id, {
|
||||||
fields: ['clientFk'],
|
fields: ['clientFk'], include: {relation: 'client'}
|
||||||
include: {
|
|
||||||
relation: 'client'
|
|
||||||
}
|
|
||||||
}, myOptions);
|
}, myOptions);
|
||||||
|
|
||||||
const isLocked = await models.Ticket.isLocked(id, myOptions);
|
const isLocked = await models.Ticket.isLocked(id, myOptions);
|
||||||
|
@ -29,10 +24,25 @@ module.exports = Self => {
|
||||||
const isNormalClient = ticket && ticket.client().typeFk == 'normal';
|
const isNormalClient = ticket && ticket.client().typeFk == 'normal';
|
||||||
const isEditable = !(alertLevelGreaterThanZero && isNormalClient);
|
const isEditable = !(alertLevelGreaterThanZero && isNormalClient);
|
||||||
|
|
||||||
|
const ticketCollection = await models.TicketCollection.findOne({
|
||||||
|
include: {relation: 'collection'}, where: {ticketFk: id}
|
||||||
|
}, myOptions);
|
||||||
|
let workerId = ticketCollection?.collection()?.workerFk;
|
||||||
|
|
||||||
|
if (!workerId) {
|
||||||
|
const saleGroup = await models.SaleGroup.findOne({fields: ['id'], where: {ticketFk: id}}, myOptions);
|
||||||
|
const sectorCollectionSaleGroup = saleGroup && await models.SectorCollectionSaleGroup.findOne({
|
||||||
|
include: {relation: 'sectorCollection'}, where: {saleGroupFk: saleGroup.id}
|
||||||
|
}, myOptions);
|
||||||
|
|
||||||
|
workerId = sectorCollectionSaleGroup?.sectorCollection()?.userFk;
|
||||||
|
}
|
||||||
|
const isOwner = workerId === ctx.req.accessToken.userId;
|
||||||
|
|
||||||
if (!ticket)
|
if (!ticket)
|
||||||
throw new ForbiddenError(`The ticket doesn't exist.`);
|
throw new ForbiddenError(`The ticket doesn't exist.`);
|
||||||
|
|
||||||
if (!isEditable && !isRoleAdvanced)
|
if (!isEditable && !isRoleAdvanced && !isProductionReviewer && !isOwner)
|
||||||
throw new ForbiddenError(`This ticket is not editable.`);
|
throw new ForbiddenError(`This ticket is not editable.`);
|
||||||
|
|
||||||
if (isLocked && !isWeekly)
|
if (isLocked && !isWeekly)
|
||||||
|
|
Loading…
Reference in New Issue