fixed ACLS

2018-10-19 14:50:15 +02:00 · 2018-10-19 14:50:15 +02:00 · 1b504febb8
parent c6c40de2fc
commit 1b504febb8
4 changed files with 33 additions and 12 deletions
--- a/client/client/src/basic-data/index.html
+++ b/client/client/src/basic-data/index.html
@ -1,4 +1,4 @@
-<mg-ajax path="/client/api/Clients/{{patch.params.id}}" options="vnPatch"></mg-ajax>
+<mg-ajax path="/client/api/Clients/{{patch.params.id}}/updateBasicData" options="vnPatch"></mg-ajax>
 <vn-watcher
    vn-id="watcher"
    data="$ctrl.client"
@ -34,7 +34,8 @@
                show-field="firstName"
                value-field="id"
                label="Salesperson"
-                vn-acl="salesAssistant">
+                vn-acl="salesAssistant, employee"
+                acl-conditional-to-employee="{{!$ctrl.client.isTaxDataChecked}}">
                <tpl-item>{{firstName}} {{name}}</tpl-item>
            </vn-autocomplete>
            <vn-autocomplete vn-one
--- a/services/loopback/common/methods/client/specs/updateBasicData.spec.js
+++ b/services/loopback/common/methods/client/specs/updateBasicData.spec.js
@ -3,18 +3,33 @@ const app = require(`${servicesDir}/client/server/server`);
 describe('Client updateBasicData', () => {
    afterAll(async() => {
        let id = 101;
+        let ctx = {req: {accessToken: {userId: 1}}};
        let validparams = {email: 'BruceWayne@verdnatura.es'};

-        await app.models.Client.updateBasicData(validparams, id);
+        await app.models.Client.updateBasicData(ctx, validparams, id);
    });

    it('should return an error if the params aint valid', async() => {
        let error;
-
+        let ctx = {req: {accessToken: {userId: 1}}};
        let id = 101;
        let invalidparams = {invalid: 'param for update'};

-        await app.models.Client.updateBasicData(invalidparams, id)
+        await app.models.Client.updateBasicData(ctx, invalidparams, id)
+            .catch(e => {
+                error = e;
+            });
+
+        expect(error.toString()).toContain(`You don't have enough privileges to do that`);
+    });
+
+    it('should return an error if the client has isTaxDataChecked and employee try to change his salesPerson', async() => {
+        let error;
+        let ctx = {req: {accessToken: {userId: 1}}};
+        let id = 101;
+        let params = {salesPerson: 3};
+
+        await app.models.Client.updateBasicData(ctx, params, id)
            .catch(e => {
                error = e;
            });
@ -29,8 +44,8 @@ describe('Client updateBasicData', () => {
        expect(client.email).toEqual('BruceWayne@verdnatura.es');

        let validparams = {email: 'myNewEmail@myDomain.es'};
-
-        let result = await app.models.Client.updateBasicData(validparams, id);
+        let ctx = {req: {accessToken: {userId: 1}}};
+        let result = await app.models.Client.updateBasicData(ctx, validparams, id);

        expect(result.email).toEqual('myNewEmail@myDomain.es');
    });
--- a/services/loopback/common/methods/client/updateBasicData.js
+++ b/services/loopback/common/methods/client/updateBasicData.js
@ -1,7 +1,7 @@
 let UserError = require('../../helpers').UserError;

 module.exports = Self => {
-    Self.remoteMethod('updateBasicData', {
+    Self.remoteMethodCtx('updateBasicData', {
        description: 'Updates billing data of a client',
        accessType: 'WRITE',
        accepts: [{
@ -28,7 +28,9 @@ module.exports = Self => {
        }
    });

-    Self.updateBasicData = async(params, id) => {
+    Self.updateBasicData = async(ctx, params, id) => {
+        let userId = ctx.req.accessToken.userId;
+
        let validUpdateParams = [
            'contact',
            'name',
@ -39,11 +41,14 @@ module.exports = Self => {
            'contactChannelFk'
        ];

+        let isSalesAssistant = await Self.app.models.Account.hasRole(userId, 'salesAssistant');
+        let client = await Self.app.models.Client.findById(id);
+
        for (const key in params) {
-            if (validUpdateParams.indexOf(key) === -1)
+            if (validUpdateParams.indexOf(key) === -1 || key == 'salesPersonFk' && client.isTaxDataChecked && !isSalesAssistant)
                throw new UserError(`You don't have enough privileges to do that`);
        }
-        let client = await Self.app.models.Client.findById(id);
+
        return await client.updateAttributes(params);
    };
 };
--- a/services/loopback/common/methods/client/updateBillingData.js
+++ b/services/loopback/common/methods/client/updateBillingData.js
@ -45,7 +45,7 @@ module.exports = Self => {
        let isSalesAssistant = await Self.app.models.Account.hasRole(userId, 'salesAssistant');
        let client = await Self.app.models.Client.findOne({where: {id: id}});

-        if (!isSalesAssistant)
+        if (!isSalesAssistant && client.isTaxDataChecked)
            throw new UserError(`You don't have enough privileges to do that`);

        return client.updateAttributes(data);