From 01daa253db474e749de938fa7d5e0cb11e9f8cfc Mon Sep 17 00:00:00 2001
From: alexandre <alexandre@verdnatura.es>
Date: Mon, 12 Jun 2023 08:49:00 +0200
Subject: [PATCH] refs #4074 minor fixes

---
 back/methods/vn-user/acls.js       | 32 +++++++++++++++++++++---------
 front/core/services/acl-service.js | 20 ++++++-------------
 loopback/server/model-config.json  |  9 ++++++++-
 3 files changed, 37 insertions(+), 24 deletions(-)

diff --git a/back/methods/vn-user/acls.js b/back/methods/vn-user/acls.js
index 4db60cb23..7da75ed2c 100644
--- a/back/methods/vn-user/acls.js
+++ b/back/methods/vn-user/acls.js
@@ -35,18 +35,32 @@ module.exports = Self => {
     });
 
     Self.acls = async function(ctx) {
+        const models = Self.app.models;
         const acls = [];
         const userId = ctx.req.accessToken.userId;
         if (userId) {
-            const dynamicAcls = await Self.rawSql(`
-            SELECT *
-            FROM salix.ACL a
-            WHERE a.principalId IN (
-                SELECT r.name COLLATE utf8mb3_general_ci
-                    FROM salix.RoleMapping rm
-                    JOIN account.role r ON r.id = rm.roleId
-                    WHERE rm.principalId = ?
-            )`, [userId]);
+            const roleMapping = await models.RoleMapping.find({
+                where: {
+                    principalId: userId
+                },
+                include: [
+                    {
+                        relation: 'role',
+                        scope: {
+                            fields: [
+                                'name'
+                            ]
+                        }
+                    }
+                ]
+            });
+            const dynamicAcls = await models.ACL.find({
+                where: {
+                    principalId: {
+                        inq: roleMapping.map(rm => rm.role().name)
+                    }
+                }
+            });
             dynamicAcls.forEach(acl => acls.push(acl));
             staticAcls.get('$authenticated').forEach(acl => acls.push(acl));
         } else
diff --git a/front/core/services/acl-service.js b/front/core/services/acl-service.js
index 508b7bc94..b8a681651 100644
--- a/front/core/services/acl-service.js
+++ b/front/core/services/acl-service.js
@@ -32,20 +32,12 @@ class AclService {
     }
 
     hasAnyACL(model, property, accessType) {
-        if (this.acls) {
-            if (this.acls[model]) {
-                if (this.acls[model]['*']) {
-                    if (this.acls[model]['*']['*'])
-                        return true;
-                    if (this.acls[model]['*'][accessType])
-                        return true;
-                }
-                if (this.acls[model][property]) {
-                    if (this.acls[model][property]['*'])
-                        return true;
-                    if (this.acls[model][property][accessType])
-                        return true;
-                }
+        const acls = this.acls[model];
+        if (acls) {
+            for (const prop of ['*', property]) {
+                const acl = acls[prop];
+                if (acl && (acl['*'] || acl[accessType]))
+                    return true;
             }
         }
         return false;
diff --git a/loopback/server/model-config.json b/loopback/server/model-config.json
index 52b539f60..6e2fbe489 100644
--- a/loopback/server/model-config.json
+++ b/loopback/server/model-config.json
@@ -39,6 +39,13 @@
             "mysql": {
                 "table": "salix.RoleMapping"
             }
+        },
+        "relations": {
+            "role": {
+                "type": "belongsTo",
+                "model": "Role",
+                "foreignKey": "roleId"
+            }
         }
     },
     "Schema": {
@@ -50,4 +57,4 @@
     "Container": {
         "dataSource": "vn"
     }
-}
\ No newline at end of file
+}