Merge pull request '2762 - Delete entry as teamBoss' (#533) from 2762-worker_delete_entry into dev
gitea/salix/pipeline/head This commit looks good
Details
gitea/salix/pipeline/head This commit looks good
Details
Reviewed-on: #533 Reviewed-by: Carlos Jimenez Ruiz <carlosjr@verdnatura.es>
This commit is contained in:
commit
3ab59cbec8
|
@ -26,11 +26,11 @@ module.exports = Self => {
|
||||||
const workerModel = Self.app.models.Worker;
|
const workerModel = Self.app.models.Worker;
|
||||||
|
|
||||||
const targetTimeEntry = await Self.findById(id);
|
const targetTimeEntry = await Self.findById(id);
|
||||||
|
|
||||||
const isSubordinate = await workerModel.isSubordinate(ctx, targetTimeEntry.userFk);
|
const isSubordinate = await workerModel.isSubordinate(ctx, targetTimeEntry.userFk);
|
||||||
const isHHRR = await Self.app.models.Account.hasRole(currentUserId, 'hr');
|
const isTeamBoss = await Self.app.models.Account.hasRole(currentUserId, 'teamBoss');
|
||||||
|
const isHimself = currentUserId == targetTimeEntry.userFk;
|
||||||
|
|
||||||
const notAllowed = isSubordinate === false || (isSubordinate && currentUserId == targetTimeEntry.userFk && !isHHRR);
|
const notAllowed = isSubordinate === false || (isSubordinate && isHimself && !isTeamBoss);
|
||||||
|
|
||||||
if (notAllowed)
|
if (notAllowed)
|
||||||
throw new UserError(`You don't have enough privileges`);
|
throw new UserError(`You don't have enough privileges`);
|
||||||
|
|
|
@ -5,6 +5,8 @@ describe('workerTimeControl add/delete timeEntry()', () => {
|
||||||
const HHRRId = 37;
|
const HHRRId = 37;
|
||||||
const teamBossId = 13;
|
const teamBossId = 13;
|
||||||
const employeeId = 1;
|
const employeeId = 1;
|
||||||
|
const salesPersonId = 106;
|
||||||
|
const salesBossId = 19;
|
||||||
let activeCtx = {
|
let activeCtx = {
|
||||||
accessToken: {userId: 50},
|
accessToken: {userId: 50},
|
||||||
};
|
};
|
||||||
|
@ -85,13 +87,13 @@ describe('workerTimeControl add/delete timeEntry()', () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should try but fail to delete his own time entry', async() => {
|
it('should try but fail to delete his own time entry', async() => {
|
||||||
activeCtx.accessToken.userId = teamBossId;
|
activeCtx.accessToken.userId = salesBossId;
|
||||||
let error;
|
let error;
|
||||||
let todayAtSeven = new Date();
|
let todayAtSeven = new Date();
|
||||||
todayAtSeven.setHours(19, 30, 0, 0);
|
todayAtSeven.setHours(19, 30, 0, 0);
|
||||||
|
|
||||||
let data = {
|
let data = {
|
||||||
workerFk: teamBossId,
|
workerFk: salesPersonId,
|
||||||
timed: todayAtSeven
|
timed: todayAtSeven
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -100,6 +102,7 @@ describe('workerTimeControl add/delete timeEntry()', () => {
|
||||||
createdTimeEntry = await app.models.WorkerTimeControl.findById(timeEntry.id);
|
createdTimeEntry = await app.models.WorkerTimeControl.findById(timeEntry.id);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
activeCtx.accessToken.userId = salesPersonId;
|
||||||
await app.models.WorkerTimeControl.deleteTimeEntry(ctx, createdTimeEntry.id);
|
await app.models.WorkerTimeControl.deleteTimeEntry(ctx, createdTimeEntry.id);
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
error = e;
|
error = e;
|
||||||
|
@ -110,6 +113,30 @@ describe('workerTimeControl add/delete timeEntry()', () => {
|
||||||
expect(error.message).toBe(`You don't have enough privileges`);
|
expect(error.message).toBe(`You don't have enough privileges`);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('should delete the created time entry for the team boss as himself', async() => {
|
||||||
|
activeCtx.accessToken.userId = teamBossId;
|
||||||
|
|
||||||
|
let todayAtFive = new Date();
|
||||||
|
todayAtFive.setHours(17, 30, 0, 0);
|
||||||
|
|
||||||
|
let data = {
|
||||||
|
workerFk: teamBossId,
|
||||||
|
timed: todayAtFive
|
||||||
|
};
|
||||||
|
|
||||||
|
timeEntry = await app.models.WorkerTimeControl.addTimeEntry(ctx, data);
|
||||||
|
|
||||||
|
createdTimeEntry = await app.models.WorkerTimeControl.findById(timeEntry.id);
|
||||||
|
|
||||||
|
expect(createdTimeEntry).toBeDefined();
|
||||||
|
|
||||||
|
await app.models.WorkerTimeControl.deleteTimeEntry(ctx, createdTimeEntry.id);
|
||||||
|
|
||||||
|
createdTimeEntry = await app.models.WorkerTimeControl.findById(timeEntry.id);
|
||||||
|
|
||||||
|
expect(createdTimeEntry).toBeNull();
|
||||||
|
});
|
||||||
|
|
||||||
it('should delete the created time entry for the team boss as HHRR', async() => {
|
it('should delete the created time entry for the team boss as HHRR', async() => {
|
||||||
activeCtx.accessToken.userId = HHRRId;
|
activeCtx.accessToken.userId = HHRRId;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue