verdnatura/salix
verdnatura
/
salix
3
4
Fork 0
Code Issues Pull Requests 59 Releases Wiki Activity

try
gitea/salix/pipeline/head There was a failure building this commit Details

This commit is contained in:
Alex Moreno 2022-10-25 15:02:22 +02:00
parent e1e13468a9
commit 342832c475
3 changed files with 14 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
db/changes/10491-august/00-editTrackedACL.sql
View File

@ -1,3 +1,3 @@
INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`) INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
VALUES VALUES
('Sale', 'editTracked', 'READ', 'ALLOW', 'ROLE', 'production'); ('Sale', 'editTracked', 'WRITE', 'ALLOW', 'ROLE', 'production');

29
modules/ticket/back/methods/sale/canEdit.js
View File

@ -27,25 +27,20 @@ module.exports = Self => {
if (typeof options == 'object') if (typeof options == 'object')
Object.assign(myOptions, options); Object.assign(myOptions, options);
const firstSale = await models.Sale.findById(sales[0], null, myOptions); console.log(ctx.req.accessToken);
const isTicketEditable = await models.Ticket.isEditable(ctx, firstSale.ticketFk, myOptions); const token = ctx.req.accessToken;
if (!isTicketEditable) let canEditTracked = await models.ACL.checkAccessForToken(token, models.Sale, null, 'refund');
throw new UserError(`The sales of this ticket can't be modified`); // const newCtx = ctx;
// newCtx.property = 'refund';
// newCtx.accessType = 'WRITE';
// newCtx.methodNames = ['refund'];
// newCtx.model = await models.Sale;
const saleTracking = await models.SaleTracking.find({where: {saleFk: {inq: sales}}}, myOptions); // let canEditTracked = await models.ACL.checkAccessForContext(newCtx);
const hasSaleTracking = saleTracking.length; console.log(canEditTracked);
const saleCloned = await models.SaleCloned.find({where: {saleClonedFk: {inq: sales}}}, myOptions);
const hasSaleCloned = saleCloned.length;
const isTicketWeekly =
await models.TicketWeekly.findOne({where: {ticketFk: firstSale.ticketFk}}, myOptions);
// (principalType, principalId,model, property, accessType,callback);
// let canEditTracked = await models.ACL.checkPermission('ROLE', 'employee', 'Sale', 'editTracked', 'WRITE');
// let canEditTracked2 = await models.ACL.checkPermission('USER', 'developer', 'Sale', 'editTracked', 'READ'); // let canEditTracked2 = await models.ACL.checkPermission('USER', 'developer', 'Sale', 'editTracked', 'READ');
const array = ['editTracked']; /* const array = ['editTracked'];
const AccessContext = loopBackCtx.AccessContext; const AccessContext = loopBackCtx.AccessContext;
const toFind = { const toFind = {
principals: [{ principals: [{
@ -90,6 +85,6 @@ module.exports = Self => {
if (canEdit) if (canEdit)
return true; return true;
return false; return false;*/
}; };
}; };

2
package.json
View File

@ -26,7 +26,7 @@
"jsdom": "^16.7.0", "jsdom": "^16.7.0",
"jszip": "^3.10.0", "jszip": "^3.10.0",
"ldapjs": "^2.2.0", "ldapjs": "^2.2.0",
"loopback": "^3.26.0", "loopback": "^3.28.0",
"loopback-boot": "3.3.1", "loopback-boot": "3.3.1",
"loopback-component-explorer": "^6.5.0", "loopback-component-explorer": "^6.5.0",
"loopback-component-storage": "3.6.1", "loopback-component-storage": "3.6.1",