refs #5128 rol por ACL

2023-04-19 14:43:15 +02:00 · 2023-04-19 14:43:15 +02:00 · 187ba032d2
parent 34b360040b
commit 187ba032d2
3 changed files with 67 additions and 8 deletions
--- a/db/changes/231601/00-client_setRatingAcl.sql
+++ b/db/changes/231601/00-client_setRatingAcl.sql
@ -0,0 +1,65 @@
+DELETE FROM `salix`.`ACL` WHERE id=7;
+
+INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
+    VALUES
+        ('Client', 'setRating', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('Client', 'setRating', 'WRITE', 'ALLOW', 'ROLE', 'financial');
+
+INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
+	VALUES
+        ('Client', '*', 'READ', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'addressesPropagateRe', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'canBeInvoiced', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'canCreateTicket', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'consumption', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'createAddress', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'createWithUser', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'extendedListFilter', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'getAverageInvoiced', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'getCard', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'getDebt', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'getMana', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'transactions', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'hasCustomerRole', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'isValidClient', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'lastActiveTickets', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'sendSms', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'setPassword', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'summary', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'updateAddress', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'updateFiscalData', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'updateUser', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'uploadFile', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'campaignMetricsPdf', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'campaignMetricsEmail', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'clientWelcomeHtml', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'clientWelcomeEmail', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'printerSetupHtml', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'printerSetupEmail', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'sepaCoreEmail', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'letterDebtorPdf', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'letterDebtorStHtml', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'letterDebtorStEmail', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'letterDebtorNdHtml', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'letterDebtorNdEmail', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'clientDebtStatementPdf', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'clientDebtStatementHtml', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'clientDebtStatementEmail', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'creditRequestPdf', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'creditRequestHtml', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'creditRequestEmail', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'incotermsAuthorizationPdf', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'incotermsAuthorizationHtml', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'incotermsAuthorizationEmail', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'consumptionSendQueued', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'filter', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'getClientOrSupplierReference', '*', 'ALLOW', 'ROLE', 'employee'),
+        ('Client', 'upsert', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'create', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'replaceById', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'updateAttributes', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'updateAttributes', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'deleteById', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'replaceOrCreate', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'updateAll', '*', 'ALLOW', 'ROLE', 'employee'),
+		('Client', 'upsertWithWhere', '*', 'ALLOW', 'ROLE', 'employee');
--- a/modules/client/back/methods/client/setRating.js
+++ b/modules/client/back/methods/client/setRating.js
@ -1,8 +1,7 @@
-const UserError = require('vn-loopback/util/user-error');
-
 module.exports = Self => {
    Self.remoteMethodCtx('setRating', {
        description: 'Change rating and recommendedCredit of a client',
+        accessType: 'WRITE',
        accepts: [
            {
                arg: 'id',
@ -27,8 +26,6 @@ module.exports = Self => {
    });

    Self.setRating = async function(ctx, id, rating, recommendedCredit, options) {
-        const models = Self.app.models;
-        const userId = ctx.req.accessToken.userId;
        let tx;
        const myOptions = {};

@ -41,10 +38,6 @@ module.exports = Self => {
        }

        try {
-            const isFinancial = await models.Account.hasRole(userId, 'financial', myOptions);
-            if (!isFinancial)
-                throw new UserError(`You don't have enough privileges`);
-
            const client = await Self.findById(id, null, myOptions);
            const clientUpdated = await client.updateAttributes({
                rating: rating,
--- a/modules/client/front/credit-management/index.html
+++ b/modules/client/front/credit-management/index.html
@ -4,6 +4,7 @@
    url="Clients"
    data="$ctrl.client"
    id-value="$ctrl.$params.id"
+    insert-mode="true"
    form="form"
    save="post">
 </vn-watcher>