refs #5488 polish specifics acls

db/changes/232001/00-useSpecificsAcls.sql

@@ -27,8 +27,7 @@ INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `pri
         ('Supplier', 'editPayMethodCheck', 'WRITE', 'ALLOW', 'ROLE', 'financial'),
         ('Worker', 'isTeamBoss', 'WRITE', 'ALLOW', 'ROLE', 'teamBoss'),
         ('Worker', 'forceIsSubordinate', 'READ', 'ALLOW', 'ROLE', 'hr'),
-        ('Claim', 'editState', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'),
-        ('Claim', 'filter', 'READ', 'ALLOW', 'ROLE', 'employee');
+        ('Claim', 'editState', 'WRITE', 'ALLOW', 'ROLE', 'claimManager');
 
 DELETE FROM `salix`.`ACL`
     WHERE
@@ -38,15 +37,16 @@ DELETE FROM `salix`.`ACL`
 
 INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
     VALUES
-        ('Claim', 'find', 'READ', 'ALLOW', 'ROLE', 'employee'),
-        ('Claim', 'findById', 'READ', 'ALLOW', 'ROLE', 'employee'),
-        ('Claim', 'findOne', 'READ', 'ALLOW', 'ROLE', 'employee'),
-        ('Claim', 'getSummary', 'READ', 'ALLOW', 'ROLE', 'employee'),
-        ('Claim', 'updateClaim', 'WRITE', 'ALLOW', 'ROLE', 'employee'),
+        ('Claim', 'find', 'READ', 'ALLOW', 'ROLE', 'salesPerson'),
+        ('Claim', 'findById', 'READ', 'ALLOW', 'ROLE', 'salesPerson'),
+        ('Claim', 'findOne', 'READ', 'ALLOW', 'ROLE', 'salesPerson'),
+        ('Claim', 'getSummary', 'READ', 'ALLOW', 'ROLE', 'salesPerson'),
+        ('Claim', 'updateClaim', 'WRITE', 'ALLOW', 'ROLE', 'salesPerson'),
         ('Claim', 'regularizeClaim', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'),
         ('Claim', 'updateClaimDestination', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'),
         ('Claim', 'downloadFile', 'READ', 'ALLOW', 'ROLE', 'claimManager'),
         ('Claim', 'deleteById', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'),
+        ('Claim', 'filter', 'READ', 'ALLOW', 'ROLE', 'salesPerson'),
         ('Claim', 'logs', 'READ', 'ALLOW', 'ROLE', 'claimManager');
 
 DELETE FROM `salix`.`ACL`

e2e/paths/06-claim/05_summary.spec.js

@@ -17,7 +17,7 @@ describe('Claim summary path', () => {
     });
 
     it('should navigate to the target claim summary section', async() => {
-        await page.loginAndModule('employee', 'claim');
+        await page.loginAndModule('salesPerson', 'claim');
         await page.accessToSearchResult(claimId);
         await page.waitForState('claim.card.summary');
     });

e2e/paths/06-claim/06_descriptor.spec.js

@@ -16,7 +16,7 @@ describe('Claim descriptor path', () => {
     });
 
     it('should now navigate to the target claim summary section', async() => {
-        await page.loginAndModule('employee', 'claim');
+        await page.loginAndModule('salesPerson', 'claim');
         await page.accessToSearchResult(claimId);
         await page.waitForState('claim.card.summary');
     });

modules/ticket/back/methods/ticket/transferSales.js

@@ -3,6 +3,7 @@ let UserError = require('vn-loopback/util/user-error');
 module.exports = Self => {
     Self.remoteMethodCtx('transferSales', {
         description: 'Transfer sales to a new or a given ticket',
+        accessType: 'WRITE',
         accepts: [{
             arg: 'id',
             type: 'number',

modules/worker/back/methods/worker/isSubordinate.js

@@ -31,15 +31,9 @@ module.exports = Self => {
             Object.assign(myOptions, options);
 
         const mySubordinates = await Self.mySubordinates(ctx, myOptions);
-        const isSubordinate = mySubordinates.find(subordinate => {
-            return subordinate.workerFk == id;
-        });
-
+        const isSubordinate = mySubordinates.some(subordinate => subordinate.workerFk == id);
         const forceIsSubordinate = await models.ACL.checkAccessAcl(ctx, 'Worker', 'forceIsSubordinate', 'READ');
 
-        if (forceIsSubordinate || isSubordinate)
-            return true;
-
-        return false;
+        return forceIsSubordinate || isSubordinate;
     };
 };

modules/zone/back/methods/zone/includingExpired.js

@@ -35,7 +35,7 @@ module.exports = Self => {
             && where.agencyModeFk && where.warehouseFk;
 
         if (filterByAvailability) {
-            const canSeeExpired = await models.ACL.checkAccessAcl(ctx, 'Agency', 'editDiscount');
+            const canSeeExpired = await models.ACL.checkAccessAcl(ctx, 'Agency', 'seeExpired');
             let showExpired = false;
             if (canSeeExpired.length) showExpired = true;