verdnatura/salix
verdnatura
/
salix
3
5
Fork 0
Code Issues Pull Requests 49 Releases Wiki Activity

fixed ACLS

This commit is contained in:
Gerard 2018-10-19 14:50:15 +02:00
parent c6c40de2fc
commit 1b504febb8
4 changed files with 33 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
client/client/src/basic-data/index.html
View File

@ -1,4 +1,4 @@
<mg-ajax path="/client/api/Clients/{{patch.params.id}}" options="vnPatch"></mg-ajax> <mg-ajax path="/client/api/Clients/{{patch.params.id}}/updateBasicData" options="vnPatch"></mg-ajax>
<vn-watcher <vn-watcher
vn-id="watcher" vn-id="watcher"
data="$ctrl.client" data="$ctrl.client"
@ -34,7 +34,8 @@
show-field="firstName" show-field="firstName"
value-field="id" value-field="id"
label="Salesperson" label="Salesperson"
vn-acl="salesAssistant"> vn-acl="salesAssistant, employee"
acl-conditional-to-employee="{{!$ctrl.client.isTaxDataChecked}}">
<tpl-item>{{firstName}} {{name}}</tpl-item> <tpl-item>{{firstName}} {{name}}</tpl-item>
</vn-autocomplete> </vn-autocomplete>
<vn-autocomplete vn-one <vn-autocomplete vn-one

25
services/loopback/common/methods/client/specs/updateBasicData.spec.js
View File

@ -3,18 +3,33 @@ const app = require(`${servicesDir}/client/server/server`);
describe('Client updateBasicData', () => { describe('Client updateBasicData', () => {
afterAll(async() => { afterAll(async() => {
let id = 101; let id = 101;
let ctx = {req: {accessToken: {userId: 1}}};
let validparams = {email: 'BruceWayne@verdnatura.es'}; let validparams = {email: 'BruceWayne@verdnatura.es'};
await app.models.Client.updateBasicData(validparams, id); await app.models.Client.updateBasicData(ctx, validparams, id);
}); });
it('should return an error if the params aint valid', async() => { it('should return an error if the params aint valid', async() => {
let error; let error;
let ctx = {req: {accessToken: {userId: 1}}};
let id = 101; let id = 101;
let invalidparams = {invalid: 'param for update'}; let invalidparams = {invalid: 'param for update'};
await app.models.Client.updateBasicData(invalidparams, id) await app.models.Client.updateBasicData(ctx, invalidparams, id)
.catch(e => {
error = e;
});
expect(error.toString()).toContain(`You don't have enough privileges to do that`);
});
it('should return an error if the client has isTaxDataChecked and employee try to change his salesPerson', async() => {
let error;
let ctx = {req: {accessToken: {userId: 1}}};
let id = 101;
let params = {salesPerson: 3};
await app.models.Client.updateBasicData(ctx, params, id)
.catch(e => { .catch(e => {
error = e; error = e;
}); });
@ -29,8 +44,8 @@ describe('Client updateBasicData', () => {
expect(client.email).toEqual('BruceWayne@verdnatura.es'); expect(client.email).toEqual('BruceWayne@verdnatura.es');
let validparams = {email: 'myNewEmail@myDomain.es'}; let validparams = {email: 'myNewEmail@myDomain.es'};
let ctx = {req: {accessToken: {userId: 1}}};
let result = await app.models.Client.updateBasicData(validparams, id); let result = await app.models.Client.updateBasicData(ctx, validparams, id);
expect(result.email).toEqual('myNewEmail@myDomain.es'); expect(result.email).toEqual('myNewEmail@myDomain.es');
}); });

13
services/loopback/common/methods/client/updateBasicData.js
View File

@ -1,7 +1,7 @@
let UserError = require('../../helpers').UserError; let UserError = require('../../helpers').UserError;
module.exports = Self => { module.exports = Self => {
Self.remoteMethod('updateBasicData', { Self.remoteMethodCtx('updateBasicData', {
description: 'Updates billing data of a client', description: 'Updates billing data of a client',
accessType: 'WRITE', accessType: 'WRITE',
accepts: [{ accepts: [{
@ -28,7 +28,9 @@ module.exports = Self => {
} }
}); });
Self.updateBasicData = async(params, id) => { Self.updateBasicData = async(ctx, params, id) => {
let userId = ctx.req.accessToken.userId;
let validUpdateParams = [ let validUpdateParams = [
'contact', 'contact',
'name', 'name',
@ -39,11 +41,14 @@ module.exports = Self => {
'contactChannelFk' 'contactChannelFk'
]; ];
let isSalesAssistant = await Self.app.models.Account.hasRole(userId, 'salesAssistant');
let client = await Self.app.models.Client.findById(id);
for (const key in params) { for (const key in params) {
if (validUpdateParams.indexOf(key) === -1) if (validUpdateParams.indexOf(key) === -1 || key == 'salesPersonFk' && client.isTaxDataChecked && !isSalesAssistant)
throw new UserError(`You don't have enough privileges to do that`); throw new UserError(`You don't have enough privileges to do that`);
} }
let client = await Self.app.models.Client.findById(id);
return await client.updateAttributes(params); return await client.updateAttributes(params);
}; };
}; };

2
services/loopback/common/methods/client/updateBillingData.js
View File

@ -45,7 +45,7 @@ module.exports = Self => {
let isSalesAssistant = await Self.app.models.Account.hasRole(userId, 'salesAssistant'); let isSalesAssistant = await Self.app.models.Account.hasRole(userId, 'salesAssistant');
let client = await Self.app.models.Client.findOne({where: {id: id}}); let client = await Self.app.models.Client.findOne({where: {id: id}});
if (!isSalesAssistant) if (!isSalesAssistant && client.isTaxDataChecked)
throw new UserError(`You don't have enough privileges to do that`); throw new UserError(`You don't have enough privileges to do that`);
return client.updateAttributes(data); return client.updateAttributes(data);