From 3d2a7cfb6695e3243a7a926ac164f9f2392d104a Mon Sep 17 00:00:00 2001
From: jorgep <jorgep@verdnatura.es>
Date: Mon, 20 Jan 2025 18:05:33 +0100
Subject: [PATCH] feat: refs #7119 update ACLs for vehicle management and
 refine vehicle filter logic

---
 .../11394-brownAsparagus/00-firstScript.sql   | 15 +++++++-----
 modules/route/back/methods/vehicle/filter.js  |  2 +-
 modules/route/back/models/vehicle.json        | 24 +++++++++----------
 3 files changed, 21 insertions(+), 20 deletions(-)

diff --git a/db/versions/11394-brownAsparagus/00-firstScript.sql b/db/versions/11394-brownAsparagus/00-firstScript.sql
index 4d6cedb69b..72fb6b13d1 100644
--- a/db/versions/11394-brownAsparagus/00-firstScript.sql
+++ b/db/versions/11394-brownAsparagus/00-firstScript.sql
@@ -1,7 +1,10 @@
 INSERT INTO salix.ACL (model, property, accessType, permission, principalType, principalId)
-	VALUES ('Vehicle', 'filter', 'READ', 'ALLOW', 'ROLE', 'delivery'),
-			('Vehicle', 'updateAttributes', 'WRITE', 'ALLOW', 'ROLE', 'delivery'),
-			('BankPolicy', 'find', 'READ', 'ALLOW', 'ROLE', 'delivery'),
-			('VehicleState', 'find', 'READ', 'ALLOW', 'ROLE', 'delivery' ),
-			('Ppe', 'find', 'READ', 'ALLOW', 'ROLE', 'delivery' ),
-			('Vehicle', 'deleteById', 'WRITE', 'ALLOW', 'ROLE', 'deliveryBoss');
\ No newline at end of file
+	VALUES ('Vehicle', 'filter', 'READ', 'ALLOW', 'ROLE', 'administrative'),
+			('Vehicle', 'find', 'READ', 'ALLOW', 'ROLE', 'administrative'),
+			('Vehicle', 'findById', 'READ', 'ALLOW', 'ROLE', 'administrative'),
+			('Vehicle', 'updateAttributes', 'WRITE', 'ALLOW', 'ROLE', 'administrative'),
+			('BankPolicy', 'find', 'READ', 'ALLOW', 'ROLE', 'administrative'),
+			('VehicleState', 'find', 'READ', 'ALLOW', 'ROLE', 'administrative' ),
+			('Ppe', 'find', 'READ', 'ALLOW', 'ROLE', 'administrative' ),
+			('Vehicle', 'deleteById', 'WRITE', 'ALLOW', 'ROLE', 'administrative'),
+			('Vehicle', '__get__active', 'READ', 'ALLOW', 'ROLE', 'employee');
\ No newline at end of file
diff --git a/modules/route/back/methods/vehicle/filter.js b/modules/route/back/methods/vehicle/filter.js
index ea2a94281a..11cc4d82af 100644
--- a/modules/route/back/methods/vehicle/filter.js
+++ b/modules/route/back/methods/vehicle/filter.js
@@ -94,7 +94,7 @@ module.exports = Self => {
             }
         }) || {};
 
-        const myFilter = mergeFilters(filter, {where: {...where, isActive: true}});
+        const myFilter = mergeFilters(filter, {where});
 
         const stmt = new ParameterizedSQL(`
             SELECT v.id,
diff --git a/modules/route/back/models/vehicle.json b/modules/route/back/models/vehicle.json
index 9269cdebbc..e6d58de99e 100644
--- a/modules/route/back/models/vehicle.json
+++ b/modules/route/back/models/vehicle.json
@@ -104,19 +104,17 @@
             "property": "ppeFk"
         }
     },
-    "scope": {
-        "where": {
-            "isActive": {
-                "neq": false
+    "scopes": {
+        "active": {
+            "fields": [
+                "id",
+                "numberPlate"
+            ],
+            "where": {
+                "isActive": {
+                    "neq": false
+                }
             }
         }
-    },
-    "acls": [
-        {
-            "accessType": "READ",
-            "principalType": "ROLE",
-            "principalId": "$everyone",
-            "permission": "ALLOW"
-        }
-    ]
+    }
 }
\ No newline at end of file