diff --git a/services/loopback/common/models/client.js b/services/loopback/common/models/client.js index 1822d0d2b..e71af0325 100644 --- a/services/loopback/common/models/client.js +++ b/services/loopback/common/models/client.js @@ -129,6 +129,11 @@ module.exports = Self => { async function validateCreditChange(ctx, finalState) { let models = Self.app.models; let userId = ctx.options.accessToken.userId; + + let currentUserIsManager = await models.Account.hasRole(userId, 'manager'); + if (currentUserIsManager) + return; + let filter = { fields: ['roleFk'], where: { @@ -162,22 +167,22 @@ module.exports = Self => { let query = 'SELECT * FROM clientCredit WHERE clientFk = ? ORDER BY created DESC LIMIT 1'; let instances = await Self.rawSql(query, [finalState.id]); - if (instances.length !== 1 || instances[0].workerFk == userId || instances[0].amount > 0) + if (instances.length !== 1 || instances[0].amount > 0) return; - query = `SELECT COUNT(distinct r.id) > 0 as hasManagerRole - FROM clientCredit cc - JOIN worker em ON em.id = cc.workerFk - JOIN account.user ac ON ac.id = em.userFk - JOIN salix.RoleMapping rm ON rm.principalId = ac.id - JOIN account.role r on r.id = rm.roleId - WHERE rm.principalType = 'USER' - AND cc.workerFk = ? - AND r.name = 'manager'`; + query = ` + SELECT COUNT(*) AS hasRoleManager + FROM worker em + JOIN account.user ac ON ac.id = em.userFk + JOIN salix.RoleMapping rm ON rm.principalId = ac.id + JOIN account.role r on r.id = rm.roleId + WHERE em.id = ? + AND rm.principalType = 'USER' + AND r.name = 'manager'`; let instance = await Self.rawSql(query, [instances[0].workerFk]); - if (instance[0].hasManagerRole > 0) + if (instance[0].hasRoleManager) throw new Error('Only manager can change the credit'); } };