Merge pull request '2762 - Delete entry as teamBoss' (#533) from 2762-worker_delete_entry into dev
gitea/salix/pipeline/head This commit looks good Details

Reviewed-on: #533
Reviewed-by: Carlos Jimenez Ruiz <carlosjr@verdnatura.es>
This commit is contained in:
Carlos Jimenez Ruiz 2021-02-02 09:32:09 +00:00
commit 3ab59cbec8
2 changed files with 32 additions and 5 deletions

View File

@ -26,11 +26,11 @@ module.exports = Self => {
const workerModel = Self.app.models.Worker; const workerModel = Self.app.models.Worker;
const targetTimeEntry = await Self.findById(id); const targetTimeEntry = await Self.findById(id);
const isSubordinate = await workerModel.isSubordinate(ctx, targetTimeEntry.userFk); const isSubordinate = await workerModel.isSubordinate(ctx, targetTimeEntry.userFk);
const isHHRR = await Self.app.models.Account.hasRole(currentUserId, 'hr'); const isTeamBoss = await Self.app.models.Account.hasRole(currentUserId, 'teamBoss');
const isHimself = currentUserId == targetTimeEntry.userFk;
const notAllowed = isSubordinate === false || (isSubordinate && currentUserId == targetTimeEntry.userFk && !isHHRR); const notAllowed = isSubordinate === false || (isSubordinate && isHimself && !isTeamBoss);
if (notAllowed) if (notAllowed)
throw new UserError(`You don't have enough privileges`); throw new UserError(`You don't have enough privileges`);

View File

@ -5,6 +5,8 @@ describe('workerTimeControl add/delete timeEntry()', () => {
const HHRRId = 37; const HHRRId = 37;
const teamBossId = 13; const teamBossId = 13;
const employeeId = 1; const employeeId = 1;
const salesPersonId = 106;
const salesBossId = 19;
let activeCtx = { let activeCtx = {
accessToken: {userId: 50}, accessToken: {userId: 50},
}; };
@ -85,13 +87,13 @@ describe('workerTimeControl add/delete timeEntry()', () => {
}); });
it('should try but fail to delete his own time entry', async() => { it('should try but fail to delete his own time entry', async() => {
activeCtx.accessToken.userId = teamBossId; activeCtx.accessToken.userId = salesBossId;
let error; let error;
let todayAtSeven = new Date(); let todayAtSeven = new Date();
todayAtSeven.setHours(19, 30, 0, 0); todayAtSeven.setHours(19, 30, 0, 0);
let data = { let data = {
workerFk: teamBossId, workerFk: salesPersonId,
timed: todayAtSeven timed: todayAtSeven
}; };
@ -100,6 +102,7 @@ describe('workerTimeControl add/delete timeEntry()', () => {
createdTimeEntry = await app.models.WorkerTimeControl.findById(timeEntry.id); createdTimeEntry = await app.models.WorkerTimeControl.findById(timeEntry.id);
try { try {
activeCtx.accessToken.userId = salesPersonId;
await app.models.WorkerTimeControl.deleteTimeEntry(ctx, createdTimeEntry.id); await app.models.WorkerTimeControl.deleteTimeEntry(ctx, createdTimeEntry.id);
} catch (e) { } catch (e) {
error = e; error = e;
@ -110,6 +113,30 @@ describe('workerTimeControl add/delete timeEntry()', () => {
expect(error.message).toBe(`You don't have enough privileges`); expect(error.message).toBe(`You don't have enough privileges`);
}); });
it('should delete the created time entry for the team boss as himself', async() => {
activeCtx.accessToken.userId = teamBossId;
let todayAtFive = new Date();
todayAtFive.setHours(17, 30, 0, 0);
let data = {
workerFk: teamBossId,
timed: todayAtFive
};
timeEntry = await app.models.WorkerTimeControl.addTimeEntry(ctx, data);
createdTimeEntry = await app.models.WorkerTimeControl.findById(timeEntry.id);
expect(createdTimeEntry).toBeDefined();
await app.models.WorkerTimeControl.deleteTimeEntry(ctx, createdTimeEntry.id);
createdTimeEntry = await app.models.WorkerTimeControl.findById(timeEntry.id);
expect(createdTimeEntry).toBeNull();
});
it('should delete the created time entry for the team boss as HHRR', async() => { it('should delete the created time entry for the team boss as HHRR', async() => {
activeCtx.accessToken.userId = HHRRId; activeCtx.accessToken.userId = HHRRId;