verdnatura/salix
verdnatura
/
salix
3
4
Fork 0
Code Issues Pull Requests 55 Releases Wiki Activity

refs #5488 polish specifics acls
gitea/salix/pipeline/head This commit looks good Details

This commit is contained in:
Alex Moreno 2023-05-15 14:14:08 +02:00
parent 248caf8519
commit 08fcbebbaf
6 changed files with 13 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
db/changes/232001/00-useSpecificsAcls.sql
View File

@ -27,8 +27,7 @@ INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `pri
('Supplier', 'editPayMethodCheck', 'WRITE', 'ALLOW', 'ROLE', 'financial'), ('Supplier', 'editPayMethodCheck', 'WRITE', 'ALLOW', 'ROLE', 'financial'),
('Worker', 'isTeamBoss', 'WRITE', 'ALLOW', 'ROLE', 'teamBoss'), ('Worker', 'isTeamBoss', 'WRITE', 'ALLOW', 'ROLE', 'teamBoss'),
('Worker', 'forceIsSubordinate', 'READ', 'ALLOW', 'ROLE', 'hr'), ('Worker', 'forceIsSubordinate', 'READ', 'ALLOW', 'ROLE', 'hr'),
('Claim', 'editState', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'), ('Claim', 'editState', 'WRITE', 'ALLOW', 'ROLE', 'claimManager');
('Claim', 'filter', 'READ', 'ALLOW', 'ROLE', 'employee');
DELETE FROM `salix`.`ACL` DELETE FROM `salix`.`ACL`
WHERE WHERE
@ -38,15 +37,16 @@ DELETE FROM `salix`.`ACL`
INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`) INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
VALUES VALUES
('Claim', 'find', 'READ', 'ALLOW', 'ROLE', 'employee'), ('Claim', 'find', 'READ', 'ALLOW', 'ROLE', 'salesPerson'),
('Claim', 'findById', 'READ', 'ALLOW', 'ROLE', 'employee'), ('Claim', 'findById', 'READ', 'ALLOW', 'ROLE', 'salesPerson'),
('Claim', 'findOne', 'READ', 'ALLOW', 'ROLE', 'employee'), ('Claim', 'findOne', 'READ', 'ALLOW', 'ROLE', 'salesPerson'),
('Claim', 'getSummary', 'READ', 'ALLOW', 'ROLE', 'employee'), ('Claim', 'getSummary', 'READ', 'ALLOW', 'ROLE', 'salesPerson'),
('Claim', 'updateClaim', 'WRITE', 'ALLOW', 'ROLE', 'employee'), ('Claim', 'updateClaim', 'WRITE', 'ALLOW', 'ROLE', 'salesPerson'),
('Claim', 'regularizeClaim', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'), ('Claim', 'regularizeClaim', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'),
('Claim', 'updateClaimDestination', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'), ('Claim', 'updateClaimDestination', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'),
('Claim', 'downloadFile', 'READ', 'ALLOW', 'ROLE', 'claimManager'), ('Claim', 'downloadFile', 'READ', 'ALLOW', 'ROLE', 'claimManager'),
('Claim', 'deleteById', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'), ('Claim', 'deleteById', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'),
('Claim', 'filter', 'READ', 'ALLOW', 'ROLE', 'salesPerson'),
('Claim', 'logs', 'READ', 'ALLOW', 'ROLE', 'claimManager'); ('Claim', 'logs', 'READ', 'ALLOW', 'ROLE', 'claimManager');
DELETE FROM `salix`.`ACL` DELETE FROM `salix`.`ACL`

2
e2e/paths/06-claim/05_summary.spec.js
View File

@ -17,7 +17,7 @@ describe('Claim summary path', () => {
}); });
it('should navigate to the target claim summary section', async() => { it('should navigate to the target claim summary section', async() => {
await page.loginAndModule('employee', 'claim'); await page.loginAndModule('salesPerson', 'claim');
await page.accessToSearchResult(claimId); await page.accessToSearchResult(claimId);
await page.waitForState('claim.card.summary'); await page.waitForState('claim.card.summary');
}); });

2
e2e/paths/06-claim/06_descriptor.spec.js
View File

@ -16,7 +16,7 @@ describe('Claim descriptor path', () => {
}); });
it('should now navigate to the target claim summary section', async() => { it('should now navigate to the target claim summary section', async() => {
await page.loginAndModule('employee', 'claim'); await page.loginAndModule('salesPerson', 'claim');
await page.accessToSearchResult(claimId); await page.accessToSearchResult(claimId);
await page.waitForState('claim.card.summary'); await page.waitForState('claim.card.summary');
}); });

1
modules/ticket/back/methods/ticket/transferSales.js
View File

@ -3,6 +3,7 @@ let UserError = require('vn-loopback/util/user-error');
module.exports = Self => { module.exports = Self => {
Self.remoteMethodCtx('transferSales', { Self.remoteMethodCtx('transferSales', {
description: 'Transfer sales to a new or a given ticket', description: 'Transfer sales to a new or a given ticket',
accessType: 'WRITE',
accepts: [{ accepts: [{
arg: 'id', arg: 'id',
type: 'number', type: 'number',

10
modules/worker/back/methods/worker/isSubordinate.js
View File

@ -31,15 +31,9 @@ module.exports = Self => {
Object.assign(myOptions, options); Object.assign(myOptions, options);
const mySubordinates = await Self.mySubordinates(ctx, myOptions); const mySubordinates = await Self.mySubordinates(ctx, myOptions);
const isSubordinate = mySubordinates.find(subordinate => { const isSubordinate = mySubordinates.some(subordinate => subordinate.workerFk == id);
return subordinate.workerFk == id;
});
const forceIsSubordinate = await models.ACL.checkAccessAcl(ctx, 'Worker', 'forceIsSubordinate', 'READ'); const forceIsSubordinate = await models.ACL.checkAccessAcl(ctx, 'Worker', 'forceIsSubordinate', 'READ');
if (forceIsSubordinate || isSubordinate) return forceIsSubordinate || isSubordinate;
return true;
return false;
}; };
}; };

2
modules/zone/back/methods/zone/includingExpired.js
View File

@ -35,7 +35,7 @@ module.exports = Self => {
&& where.agencyModeFk && where.warehouseFk; && where.agencyModeFk && where.warehouseFk;
if (filterByAvailability) { if (filterByAvailability) {
const canSeeExpired = await models.ACL.checkAccessAcl(ctx, 'Agency', 'editDiscount'); const canSeeExpired = await models.ACL.checkAccessAcl(ctx, 'Agency', 'seeExpired');
let showExpired = false; let showExpired = false;
if (canSeeExpired.length) showExpired = true; if (canSeeExpired.length) showExpired = true;