chore: refs #7323 worker changes
gitea/salix/pipeline/pr-dev This commit looks good Details

This commit is contained in:
Jorge Penadés 2024-09-06 10:40:16 +02:00
parent 0a7a9e2cc8
commit 18d93d93a6
3 changed files with 54 additions and 2 deletions

View File

@ -0,0 +1,4 @@
-- Place your SQL code here
INSERT INTO salix.ACL (model, property, accessType, permission, principalType, principalId)
VALUES ('Worker', '__get__descriptor', 'READ', 'ALLOW', 'ROLE', 'employee'),
('Worker', 'findById', 'READ', 'ALLOW', 'ROLE', '$subordinate');

View File

@ -0,0 +1,12 @@
const UserError = require('vn-loopback/util/user-error');
module.exports = async function(app) {
const models = app.models;
models.VnRole.registerResolver('$subordinate', async(role, ctx) => {
Object.assign(ctx, {req: {accessToken: {userId: ctx.accessToken.userId}}});
const isSubordinate = await models.Worker.isSubordinate(ctx, +ctx.modelId);
if (!isSubordinate) throw new UserError(`You don't have enough privileges`);
});
};

View File

@ -140,5 +140,41 @@
"principalType": "ROLE", "principalType": "ROLE",
"principalId": "$owner" "principalId": "$owner"
} }
],
"scopes": {
"descriptor": {
"include": [
{
"relation": "user",
"scope": {
"fields": [
"name",
"nickname"
],
"include": {
"relation": "emailUser",
"scope": {
"fields": [
"email"
] ]
}
}
}
},
{
"relation": "department",
"scope": {
"include": [
{
"relation": "department"
}
]
}
},
{
"relation": "sip"
}
]
}
}
} }