feat(State/Supplier): replace hasRole to acls

2023-04-25 09:15:05 +02:00 · 2023-04-25 09:15:05 +02:00 · 4cb231759f
parent 8502b74dee
commit 4cb231759f
4 changed files with 26 additions and 10 deletions
--- a/db/changes/231601/00-useSpecificsAcls.sql
+++ b/db/changes/231601/00-useSpecificsAcls.sql
@ -2,6 +2,10 @@ INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `pri
    VALUES
        ('Ticket', 'editDiscount', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'),
        ('Ticket', 'editDiscount', 'WRITE', 'ALLOW', 'ROLE', 'salesPerson'),
+        ('State', 'editableStates', 'READ', 'ALLOW', 'ROLE', 'employee'),
+        ('State', 'seeEditableStates', 'READ', 'ALLOW', 'ROLE', 'administrative'),
+        ('State', 'seeEditableStates', 'READ', 'ALLOW', 'ROLE', 'production'),
+        ('State', 'seeFilteredEditableStates', 'READ', 'ALLOW', 'ROLE', 'salesPerson'),
        ('Agency', 'seeExpired', 'READ', 'ALLOW', 'ROLE', 'administrative'),
        ('Agency', 'seeExpired', 'READ', 'ALLOW', 'ROLE', 'productionBoss'),
        ('Claim', 'createAfterDeadline', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'),
@ -11,6 +15,7 @@ INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `pri
        ('Client', 'editCredit', 'WRITE', 'ALLOW', 'ROLE', 'financialBoss'),
        ('Client', 'isNotEditableCredit', 'WRITE', 'ALLOW', 'ROLE', 'financialBoss'),
        ('InvoiceOut', 'canCreatePdf', 'WRITE', 'ALLOW', 'ROLE', 'invoicing'),
+        ('Supplier', 'editPayMethodCheck', 'WRITE', 'ALLOW', 'ROLE', 'financial'),
        ('Claim', 'editState', 'WRITE', 'ALLOW', 'ROLE', 'claimManager');

 DELETE FROM `salix`.`ACL`
@ -18,3 +23,9 @@ DELETE FROM `salix`.`ACL`
        model = 'Claim'
        AND property = '*'
        AND accessType = '*';
+
+DELETE FROM `salix`.`ACL`
+    WHERE
+        model = 'State'
+        AND property = '*'
+        AND accessType = 'READ';
--- a/modules/supplier/back/models/supplier.js
+++ b/modules/supplier/back/models/supplier.js
@ -98,18 +98,20 @@ module.exports = Self => {

    Self.observe('before save', async function(ctx) {
        if (ctx.isNewInstance) return;
-        const loopbackContext = LoopBackContext.getCurrentContext();
        const changes = ctx.data || ctx.instance;
        const orgData = ctx.currentInstance;
-        const userId = loopbackContext.active.accessToken.userId;
+        const loopBackContext = LoopBackContext.getCurrentContext();
+        const accessToken = {req: loopBackContext.active.accessToken};
+
+        const editPayMethodCheck =
+            await Self.app.models.ACL.checkAccessAcl(accessToken, 'Supplier', 'editPayMethodCheck', 'WRITE');

-        const isNotFinancial = !await Self.app.models.VnUser.hasRole(userId, 'financial');
        const isPayMethodChecked = changes.isPayMethodChecked || orgData.isPayMethodChecked;
        const hasChanges = orgData && changes;
        const isPayMethodCheckedChanged = hasChanges
         && orgData.isPayMethodChecked != isPayMethodChecked;

-        if (isNotFinancial && isPayMethodCheckedChanged)
+        if (!editPayMethodCheck && isPayMethodCheckedChanged)
            throw new UserError('You can not modify is pay method checked');
    });

--- a/modules/ticket/back/methods/state/editableStates.js
+++ b/modules/ticket/back/methods/state/editableStates.js
@ -18,21 +18,21 @@ module.exports = Self => {

    Self.editableStates = async(ctx, filter, options) => {
        const models = Self.app.models;
-        const userId = ctx.req.accessToken.userId;
        const myOptions = {};

        if (typeof options == 'object')
            Object.assign(myOptions, options);

        let statesList = await models.State.find(filter, myOptions);
-        const isProduction = await models.VnUser.hasRole(userId, 'production', myOptions);
-        const isSalesPerson = await models.VnUser.hasRole(userId, 'salesPerson', myOptions);
-        const isAdministrative = await models.VnUser.hasRole(userId, 'administrative', myOptions);
+        const seeEditableStates = await models.ACL.checkAccessAcl(ctx, 'State', 'seeEditableStates', 'READ');

-        if (isProduction || isAdministrative)
+        if (seeEditableStates)
            return statesList;

-        if (isSalesPerson) {
+        const seeFilteredEditableStates =
+            await models.ACL.checkAccessAcl(ctx, 'State', 'seeFilteredEditableStates', 'READ');
+
+        if (seeFilteredEditableStates) {
            return statesList = statesList.filter(stateList =>
                stateList.alertLevel === 0 || stateList.code === 'PICKER_DESIGNED'
            );
--- a/modules/ticket/back/methods/state/isEditable.js
+++ b/modules/ticket/back/methods/state/isEditable.js
@ -30,6 +30,9 @@ module.exports = Self => {
        const isProduction = await models.VnUser.hasRole(userId, 'production', myOptions);
        const isSalesPerson = await models.VnUser.hasRole(userId, 'salesPerson', myOptions);
        const isAdministrative = await models.VnUser.hasRole(userId, 'administrative', myOptions);
+        //         const isEditableAlertLevel =
+        // await Self.app.models.ACL.checkAccessAcl(accessToken, 'Supplier', 'editPayMethodCheck', 'WRITE');
+
        const state = await models.State.findById(stateId, null, myOptions);

        const salesPersonAllowed = (isSalesPerson && (state.code == 'PICKER_DESIGNED' || state.code == 'PRINTED'));