diff --git a/db/changes/231601/00-client_setRatingAcl.sql b/db/changes/231601/00-client_setRatingAcl.sql new file mode 100644 index 000000000..211a407ab --- /dev/null +++ b/db/changes/231601/00-client_setRatingAcl.sql @@ -0,0 +1,65 @@ +DELETE FROM `salix`.`ACL` WHERE id=7; + +INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) + VALUES + ('Client', 'setRating', 'READ', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'setRating', 'WRITE', 'ALLOW', 'ROLE', 'financial'); + +INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) + VALUES + ('Client', '*', 'READ', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'addressesPropagateRe', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'canBeInvoiced', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'canCreateTicket', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'consumption', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'createAddress', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'createWithUser', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'extendedListFilter', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'getAverageInvoiced', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'getCard', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'getDebt', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'getMana', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'transactions', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'hasCustomerRole', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'isValidClient', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'lastActiveTickets', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'sendSms', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'setPassword', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'summary', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'updateAddress', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'updateFiscalData', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'updateUser', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'uploadFile', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'campaignMetricsPdf', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'campaignMetricsEmail', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'clientWelcomeHtml', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'clientWelcomeEmail', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'printerSetupHtml', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'printerSetupEmail', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'sepaCoreEmail', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'letterDebtorPdf', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'letterDebtorStHtml', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'letterDebtorStEmail', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'letterDebtorNdHtml', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'letterDebtorNdEmail', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'clientDebtStatementPdf', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'clientDebtStatementHtml', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'clientDebtStatementEmail', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'creditRequestPdf', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'creditRequestHtml', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'creditRequestEmail', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'incotermsAuthorizationPdf', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'incotermsAuthorizationHtml', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'incotermsAuthorizationEmail', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'consumptionSendQueued', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'filter', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'getClientOrSupplierReference', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'upsert', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'create', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'replaceById', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'updateAttributes', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'updateAttributes', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'deleteById', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'replaceOrCreate', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'updateAll', '*', 'ALLOW', 'ROLE', 'employee'), + ('Client', 'upsertWithWhere', '*', 'ALLOW', 'ROLE', 'employee'); diff --git a/modules/client/back/methods/client/setRating.js b/modules/client/back/methods/client/setRating.js index a57cdbd1c..21ac0c914 100644 --- a/modules/client/back/methods/client/setRating.js +++ b/modules/client/back/methods/client/setRating.js @@ -1,8 +1,7 @@ -const UserError = require('vn-loopback/util/user-error'); - module.exports = Self => { Self.remoteMethodCtx('setRating', { description: 'Change rating and recommendedCredit of a client', + accessType: 'WRITE', accepts: [ { arg: 'id', @@ -27,8 +26,6 @@ module.exports = Self => { }); Self.setRating = async function(ctx, id, rating, recommendedCredit, options) { - const models = Self.app.models; - const userId = ctx.req.accessToken.userId; let tx; const myOptions = {}; @@ -41,10 +38,6 @@ module.exports = Self => { } try { - const isFinancial = await models.Account.hasRole(userId, 'financial', myOptions); - if (!isFinancial) - throw new UserError(`You don't have enough privileges`); - const client = await Self.findById(id, null, myOptions); const clientUpdated = await client.updateAttributes({ rating: rating, diff --git a/modules/client/front/credit-management/index.html b/modules/client/front/credit-management/index.html index f1267c317..8acd030f2 100644 --- a/modules/client/front/credit-management/index.html +++ b/modules/client/front/credit-management/index.html @@ -4,6 +4,7 @@ url="Clients" data="$ctrl.client" id-value="$ctrl.$params.id" + insert-mode="true" form="form" save="post">