Added ACL

2020-06-04 08:21:08 +02:00 · 2020-06-04 08:21:08 +02:00 · 30c721b0e2
parent 0695ec01bc
commit 30c721b0e2
5 changed files with 40 additions and 13 deletions
--- a/modules/claim/back/methods/claim/specs/updateClaim.spec.js
+++ b/modules/claim/back/methods/claim/specs/updateClaim.spec.js
@ -54,6 +54,7 @@ describe('Update Claim', () => {
        let data = {
            observation: 'valid observation',
            claimStateFk: correctState,
+            hasToPickUp: false
        };
        let ctx = {
            req: {
--- a/modules/claim/back/methods/claim/updateClaim.js
+++ b/modules/claim/back/methods/claim/updateClaim.js
@ -28,6 +28,8 @@ module.exports = Self => {

    Self.updateClaim = async(ctx, id, data) => {
        const models = Self.app.models;
+        const userId = ctx.req.accessToken.userId;
+
        const $t = ctx.req.__; // $translate
        const claim = await models.Claim.findById(id, {
            include: {
@ -40,10 +42,12 @@ module.exports = Self => {
            }
        });

-        let canUpdate = await canChangeState(ctx, claim.claimStateFk);
-        let hasRights = await canChangeState(ctx, data.claimStateFk);
+        const canUpdate = await canChangeState(ctx, claim.claimStateFk);
+        const hasRights = await canChangeState(ctx, data.claimStateFk);
+        const isSalesAssistant = await models.Account.hasRole(userId, 'salesAssistant');
+        const changedHasToPickUp = claim.hasToPickUp != data.hasToPickUp;

-        if (!canUpdate || !hasRights)
+        if (!canUpdate || !hasRights || changedHasToPickUp && !isSalesAssistant)
            throw new UserError(`You don't have enough privileges to change that field`);

        const updatedClaim = await claim.updateAttributes(data);
--- a/modules/claim/front/basic-data/index.html
+++ b/modules/claim/front/basic-data/index.html
@ -56,7 +56,8 @@
        <vn-horizontal>
            <vn-check vn-one class="vn-mr-md"
                label="Pick up"
-                ng-model="$ctrl.claim.hasToPickUp">
+                ng-model="$ctrl.claim.hasToPickUp"
+                vn-acl="salesAssistant">
            </vn-check>
        </vn-horizontal>
    </vn-card>
--- a/package-lock.json
+++ b/package-lock.json
@ -11410,9 +11410,9 @@
            }
        },
        "loopback-connector-mysql": {
-            "version": "5.4.2",
-            "resolved": "https://registry.npmjs.org/loopback-connector-mysql/-/loopback-connector-mysql-5.4.2.tgz",
-            "integrity": "sha512-f5iIIcJdfUuBUkScGcK7m4dLZnpjFjl1iFG5OHTk8pFwDq7+Xap/0H99ulueRp2ljfqbULTUvt3Rg1y/W5smtw==",
+            "version": "5.4.3",
+            "resolved": "https://registry.npmjs.org/loopback-connector-mysql/-/loopback-connector-mysql-5.4.3.tgz",
+            "integrity": "sha512-HQ0Nnscyhhk+4zsDhXyR8dYdkhxIBN8r8N1futX5xznWjCZ4dpkG5svoPOMUjoNaDEtZuLr1I2E4CKb6f5u9Mw==",
            "requires": {
                "async": "^2.6.1",
                "debug": "^3.1.0",
@ -12231,14 +12231,35 @@
            }
        },
        "mysql": {
-            "version": "2.17.1",
-            "resolved": "https://registry.npmjs.org/mysql/-/mysql-2.17.1.tgz",
-            "integrity": "sha512-7vMqHQ673SAk5C8fOzTG2LpPcf3bNt0oL3sFpxPEEFp1mdlDcrLK0On7z8ZYKaaHrHwNcQ/MTUz7/oobZ2OyyA==",
+            "version": "2.18.1",
+            "resolved": "https://registry.npmjs.org/mysql/-/mysql-2.18.1.tgz",
+            "integrity": "sha512-Bca+gk2YWmqp2Uf6k5NFEurwY/0td0cpebAucFpY/3jhrwrVGuxU2uQFCHjU19SJfje0yQvi+rVWdq78hR5lig==",
            "requires": {
-                "bignumber.js": "7.2.1",
-                "readable-stream": "2.3.6",
+                "bignumber.js": "9.0.0",
+                "readable-stream": "2.3.7",
                "safe-buffer": "5.1.2",
                "sqlstring": "2.3.1"
+            },
+            "dependencies": {
+                "bignumber.js": {
+                    "version": "9.0.0",
+                    "resolved": "https://registry.npmjs.org/bignumber.js/-/bignumber.js-9.0.0.tgz",
+                    "integrity": "sha512-t/OYhhJ2SD+YGBQcjY8GzzDHEk9f3nerxjtfa6tlMXfe7frs/WozhvCNoGvpM0P3bNf3Gq5ZRMlGr5f3r4/N8A=="
+                },
+                "readable-stream": {
+                    "version": "2.3.7",
+                    "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz",
+                    "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==",
+                    "requires": {
+                        "core-util-is": "~1.0.0",
+                        "inherits": "~2.0.3",
+                        "isarray": "~1.0.0",
+                        "process-nextick-args": "~2.0.0",
+                        "safe-buffer": "~5.1.1",
+                        "string_decoder": "~1.1.1",
+                        "util-deprecate": "~1.0.1"
+                    }
+                }
            }
        },
        "mysql2": {
--- a/package.json
+++ b/package.json
@ -17,7 +17,7 @@
        "loopback-boot": "^2.27.1",
        "loopback-component-explorer": "^6.5.0",
        "loopback-component-storage": "^3.6.1",
-        "loopback-connector-mysql": "^5.4.2",
+        "loopback-connector-mysql": "^5.4.3",
        "loopback-connector-remote": "^3.4.1",
        "loopback-context": "^3.4.0",
        "md5": "^2.2.1",