From a21d8acde62eff2c26e2a99a0221451f604bc908 Mon Sep 17 00:00:00 2001 From: joan Date: Tue, 2 Feb 2021 10:07:13 +0100 Subject: [PATCH 1/2] 2762 - Delete entry ass teamBoss --- .../worker-time-control/deleteTimeEntry.js | 6 ++-- .../specs/timeEntry.spec.js | 33 +++++++++++++++++-- 2 files changed, 33 insertions(+), 6 deletions(-) diff --git a/modules/worker/back/methods/worker-time-control/deleteTimeEntry.js b/modules/worker/back/methods/worker-time-control/deleteTimeEntry.js index 540a7ab8e..97637d197 100644 --- a/modules/worker/back/methods/worker-time-control/deleteTimeEntry.js +++ b/modules/worker/back/methods/worker-time-control/deleteTimeEntry.js @@ -26,11 +26,11 @@ module.exports = Self => { const workerModel = Self.app.models.Worker; const targetTimeEntry = await Self.findById(id); - const isSubordinate = await workerModel.isSubordinate(ctx, targetTimeEntry.userFk); - const isHHRR = await Self.app.models.Account.hasRole(currentUserId, 'hr'); + const isTeamBoss = await Self.app.models.Account.hasRole(currentUserId, 'teamBoss'); + const isHimself = currentUserId == targetTimeEntry.userFk; - const notAllowed = isSubordinate === false || (isSubordinate && currentUserId == targetTimeEntry.userFk && !isHHRR); + const notAllowed = isSubordinate === false || (isSubordinate && isHimself && !isTeamBoss); if (notAllowed) throw new UserError(`You don't have enough privileges`); diff --git a/modules/worker/back/methods/worker-time-control/specs/timeEntry.spec.js b/modules/worker/back/methods/worker-time-control/specs/timeEntry.spec.js index 5e3732988..170f9512c 100644 --- a/modules/worker/back/methods/worker-time-control/specs/timeEntry.spec.js +++ b/modules/worker/back/methods/worker-time-control/specs/timeEntry.spec.js @@ -1,10 +1,12 @@ const app = require('vn-loopback/server/server'); const LoopBackContext = require('loopback-context'); -describe('workerTimeControl add/delete timeEntry()', () => { +fdescribe('workerTimeControl add/delete timeEntry()', () => { const HHRRId = 37; const teamBossId = 13; const employeeId = 1; + const salesPersonId = 106; + const salesBossId = 19; let activeCtx = { accessToken: {userId: 50}, }; @@ -85,13 +87,13 @@ describe('workerTimeControl add/delete timeEntry()', () => { }); it('should try but fail to delete his own time entry', async() => { - activeCtx.accessToken.userId = teamBossId; + activeCtx.accessToken.userId = salesBossId; let error; let todayAtSeven = new Date(); todayAtSeven.setHours(19, 30, 0, 0); let data = { - workerFk: teamBossId, + workerFk: salesPersonId, timed: todayAtSeven }; @@ -100,6 +102,7 @@ describe('workerTimeControl add/delete timeEntry()', () => { createdTimeEntry = await app.models.WorkerTimeControl.findById(timeEntry.id); try { + activeCtx.accessToken.userId = salesPersonId; await app.models.WorkerTimeControl.deleteTimeEntry(ctx, createdTimeEntry.id); } catch (e) { error = e; @@ -110,6 +113,30 @@ describe('workerTimeControl add/delete timeEntry()', () => { expect(error.message).toBe(`You don't have enough privileges`); }); + it('should delete the created time entry for the team boss as himself', async() => { + activeCtx.accessToken.userId = teamBossId; + + let todayAtFive = new Date(); + todayAtFive.setHours(17, 30, 0, 0); + + let data = { + workerFk: teamBossId, + timed: todayAtFive + }; + + timeEntry = await app.models.WorkerTimeControl.addTimeEntry(ctx, data); + + createdTimeEntry = await app.models.WorkerTimeControl.findById(timeEntry.id); + + expect(createdTimeEntry).toBeDefined(); + + await app.models.WorkerTimeControl.deleteTimeEntry(ctx, createdTimeEntry.id); + + createdTimeEntry = await app.models.WorkerTimeControl.findById(timeEntry.id); + + expect(createdTimeEntry).toBeNull(); + }); + it('should delete the created time entry for the team boss as HHRR', async() => { activeCtx.accessToken.userId = HHRRId; From dea858c3148ac40b164140f8599ef99fde2c7693 Mon Sep 17 00:00:00 2001 From: joan Date: Tue, 2 Feb 2021 10:12:37 +0100 Subject: [PATCH 2/2] Removed focus --- .../back/methods/worker-time-control/specs/timeEntry.spec.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/worker/back/methods/worker-time-control/specs/timeEntry.spec.js b/modules/worker/back/methods/worker-time-control/specs/timeEntry.spec.js index 170f9512c..0f055bdc5 100644 --- a/modules/worker/back/methods/worker-time-control/specs/timeEntry.spec.js +++ b/modules/worker/back/methods/worker-time-control/specs/timeEntry.spec.js @@ -1,7 +1,7 @@ const app = require('vn-loopback/server/server'); const LoopBackContext = require('loopback-context'); -fdescribe('workerTimeControl add/delete timeEntry()', () => { +describe('workerTimeControl add/delete timeEntry()', () => { const HHRRId = 37; const teamBossId = 13; const employeeId = 1;