refs #5468 feat: añadidas comprobaciones acls en el back en 'Alias de correo'

2023-05-23 12:40:49 +02:00 · 2023-05-23 12:40:49 +02:00 · 191fe4ebf6
parent 940ed29dfc
commit 191fe4ebf6
4 changed files with 70 additions and 2 deletions
--- a/modules/account/back/methods/account/add-mail-alias.js
+++ b/modules/account/back/methods/account/add-mail-alias.js
@ -0,0 +1,34 @@
+
+const UserError = require('vn-loopback/util/user-error');
+
+module.exports = Self => {
+    Self.remoteMethodCtx('addMailAlias', {
+        description: 'Add a mail alias',
+        accessType: 'WRITE',
+        accepts: [{
+            arg: 'id',
+            type: 'number',
+            description: 'The user id',
+            http: {source: 'path'}
+        }, {
+            arg: 'mailAlias',
+            type: 'number',
+            description: 'The mail alias',
+            required: true
+        }],
+        http: {
+            path: `/:id/addMailAlias`,
+            verb: 'POST'
+        }
+    });
+
+    Self.addMailAlias = async function(ctx, id, mailAlias) {
+        const models = Self.app.models;
+
+        const isAuthorized = await models.Worker.isAuthorized(ctx, id);
+        if (!isAuthorized)
+            throw new UserError(`You don't have enough privileges`);
+
+        return models.MailAliasAccount.create({mailAlias: mailAlias, account: id});
+    };
+};
--- a/modules/account/back/methods/account/delete-mail-alias.js
+++ b/modules/account/back/methods/account/delete-mail-alias.js
@ -0,0 +1,29 @@
+
+const UserError = require('vn-loopback/util/user-error');
+
+module.exports = Self => {
+    Self.remoteMethodCtx('deleteMailAlias', {
+        description: 'Delete a mail alias',
+        accessType: 'WRITE',
+        accepts: [{
+            arg: 'id',
+            type: 'number',
+            description: 'The mail alias account to id',
+            http: {source: 'path'}
+        }],
+        http: {
+            path: `/:id/deleteMailAlias`,
+            verb: 'POST'
+        }
+    });
+
+    Self.deleteMailAlias = async function(ctx, id) {
+        const models = Self.app.models;
+
+        const isAuthorized = await models.Worker.isAuthorized(ctx, id);
+        if (!isAuthorized)
+            throw new UserError(`You don't have enough privileges`);
+
+        return models.MailAliasAccount.destroyById(id);
+    };
+};
--- a/modules/account/back/models/account.js
+++ b/modules/account/back/models/account.js
@ -8,4 +8,6 @@ module.exports = Self => {
    require('../methods/account/change-password')(Self);
    require('../methods/account/set-password')(Self);
    require('../methods/account/change-mail-forwarding')(Self);
+    require('../methods/account/add-mail-alias')(Self);
+    require('../methods/account/delete-mail-alias')(Self);
 };
--- a/modules/account/front/aliases/index.js
+++ b/modules/account/front/aliases/index.js
@ -34,7 +34,10 @@ export default class Controller extends Section {
    }

    onAddSave() {
-        return this.$http.post(`MailAliasAccounts`, this.addData)
+        const params = {
+            mailAlias: this.addData.mailAlias
+        };
+        return this.$http.post(`Accounts/${this.$params.id}/addMailAlias`, params)
            .then(() => this.refresh())
            .then(() => this.vnApp.showSuccess(
                this.$t('Subscribed to alias!'))
@ -42,7 +45,7 @@ export default class Controller extends Section {
    }

    onRemove(row) {
-        return this.$http.delete(`MailAliasAccounts/${row.id}`)
+        return this.$http.post(`Accounts/${row.id}/deleteMailAlias`)
            .then(() => {
                this.$.data.splice(this.$.data.indexOf(row), 1);
                this.vnApp.showSuccess(this.$t('Unsubscribed from alias!'));