Merge pull request 'chore: refs #7323 worker changes wip' (!2930) from 7323-dynamicRole into dev
gitea/salix/pipeline/head This commit looks good Details

Reviewed-on: #2930
Reviewed-by: Javi Gallego <jgallego@verdnatura.es>
This commit is contained in:
Jorge Penadés 2024-09-06 12:03:20 +00:00
commit 05b75c1f0d
4 changed files with 55 additions and 2 deletions

View File

@ -108,6 +108,7 @@ INSERT INTO `vn`.`worker`(`id`,`code`, `firstName`, `lastName`, `bossFk`)
UPDATE `vn`.`worker` SET bossFk = NULL WHERE id = 20;
UPDATE `vn`.`worker` SET bossFk = 20 WHERE id = 1 OR id = 9;
UPDATE `vn`.`worker` SET bossFk = 19 WHERE id = 18;
UPDATE `vn`.`worker` SET bossFk = 50 WHERE id = 49;
DELETE FROM `vn`.`worker` WHERE firstName ='customer';

View File

@ -0,0 +1,4 @@
-- Place your SQL code here
INSERT INTO salix.ACL (model, property, accessType, permission, principalType, principalId)
VALUES ('Worker', '__get__descriptor', 'READ', 'ALLOW', 'ROLE', 'employee'),
('Worker', 'findById', 'READ', 'ALLOW', 'ROLE', '$subordinate');

View File

@ -0,0 +1,12 @@
const UserError = require('vn-loopback/util/user-error');
module.exports = async function(app) {
const models = app.models;
models.VnRole.registerResolver('$subordinate', async(role, ctx) => {
Object.assign(ctx, {req: {accessToken: {userId: ctx.accessToken.userId}}});
const isSubordinate = await models.Worker.isSubordinate(ctx, +ctx.modelId);
if (!isSubordinate) throw new UserError(`You don't have enough privileges`);
});
};

View File

@ -140,5 +140,41 @@
"principalType": "ROLE",
"principalId": "$owner"
}
]
}
],
"scopes": {
"descriptor": {
"include": [
{
"relation": "user",
"scope": {
"fields": [
"name",
"nickname"
],
"include": {
"relation": "emailUser",
"scope": {
"fields": [
"email"
]
}
}
}
},
{
"relation": "department",
"scope": {
"include": [
{
"relation": "department"
}
]
}
},
{
"relation": "sip"
}
]
}
}
}