fix: refactor access control for modifying past absences
This commit is contained in:
parent
838617e3f6
commit
412638d590
|
@ -58,12 +58,10 @@ module.exports = Self => {
|
|||
if (!isSubordinate || (isSubordinate && userId == id && !isTeamBoss))
|
||||
throw new UserError(`You don't have enough privileges`);
|
||||
|
||||
const canModifyAbsenceInPast =
|
||||
await models.ACL.checkAccessAcl(ctx, 'Worker', 'canModifyAbsenceInPast', 'WRITE');
|
||||
const now = Date.vnNew();
|
||||
const newDate = new Date(args.dated).getTime();
|
||||
|
||||
if ((now.getTime() > newDate) && !canModifyAbsenceInPast)
|
||||
if (!await Self.canModifyAbsenceInPast(ctx, newDate))
|
||||
throw new UserError(`Holidays to past days not available`);
|
||||
|
||||
const labour = await models.WorkerLabour.findById(args.businessFk,
|
||||
|
|
|
@ -53,10 +53,8 @@ module.exports = Self => {
|
|||
}
|
||||
}
|
||||
}, myOptions);
|
||||
const canModifyAbsenceInPast =
|
||||
await models.ACL.checkAccessAcl(ctx, 'Worker', 'canModifyAbsenceInPast', 'WRITE');
|
||||
|
||||
if (!canModifyAbsenceInPast && Date.vnNow() > absence.dated.getTime())
|
||||
if (!await Self.canModifyAbsenceInPast(ctx, absence.dated.getTime()))
|
||||
throw new UserError(`Holidays to past days not available`);
|
||||
|
||||
const result = await absence.destroy(myOptions);
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
const app = require('vn-loopback/server/server');
|
||||
const LoopBackContext = require('loopback-context');
|
||||
|
||||
describe('Worker createAbsence()', () => {
|
||||
fdescribe('Worker createAbsence()', () => {
|
||||
const workerId = 18;
|
||||
|
||||
it('should return an error for a user without enough privileges', async() => {
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
const app = require('vn-loopback/server/server');
|
||||
const LoopBackContext = require('loopback-context');
|
||||
|
||||
describe('Worker deleteAbsence()', () => {
|
||||
fdescribe('Worker deleteAbsence()', () => {
|
||||
const businessId = 18;
|
||||
const workerId = 18;
|
||||
const hrId = 37;
|
||||
|
|
|
@ -26,6 +26,13 @@ module.exports = Self => {
|
|||
message: 'Invalid TIN'
|
||||
});
|
||||
|
||||
Self.canModifyAbsenceInPast = async(ctx, time) => {
|
||||
const hasPrivs = await Self.app.models.ACL.checkAccessAcl(ctx, 'Worker', 'canModifyAbsenceInPast', 'WRITE');
|
||||
const now = Date.vnNew();
|
||||
now.setHours(0, 0, 0, 0);
|
||||
return hasPrivs || now.getTime() < time;
|
||||
};
|
||||
|
||||
async function tinIsValid(err, done) {
|
||||
const country = await Self.app.models.Country.findOne({
|
||||
fields: ['code'],
|
||||
|
|
Loading…
Reference in New Issue