refactor: refs #7127 modified checkAccessAcl instead of using VnRole

2025-02-04 13:55:01 +01:00 · 2025-02-04 13:55:01 +01:00 · 5258e5ba2a
parent 9113f2e3e5
commit 5258e5ba2a
1 changed files with 28 additions and 10 deletions
--- a/modules/claim/back/models/claim-beginning.js
+++ b/modules/claim/back/models/claim-beginning.js
@ -14,33 +14,51 @@ module.exports = Self => {
        const options = ctx.options;
        const models = Self.app.models;
        const saleFk = ctx?.currentInstance?.saleFk || ctx?.instance?.saleFk;
-        const loopBackContext = LoopBackContext.getCurrentContext();
-        const accessToken = loopBackContext.active.accessToken;
-        const user = await models.VnUser.findById(accessToken.userId);
-        const role = await models.VnRole.findById(user.roleFk);
+        const claimFk = ctx?.instance?.claimFk || ctx?.currentInstance?.claimFk;
+        const myOptions = {};
+        const accessToken = ctx?.options?.accessToken || LoopBackContext.getCurrentContext().active.accessToken;
+        const ctxToken = {req: {accessToken}};
+
+        if (typeof options == 'object')
+            Object.assign(myOptions, options);
+
        const sale = await models.Sale.findById(saleFk, {fields: ['ticketFk', 'quantity']}, options);

-        if (role.name !== 'salesPerson' && role.name !== 'claimManager')
+        const canCreateClaimAfterDeadline = models.ACL.checkAccessAcl(
+            ctxToken,
+            'Claim',
+            'createAfterDeadline',
+            myOptions
+        );
+
+        const canUpdateClaim = models.ACL.checkAccessAcl(
+            ctxToken,
+            'Claim',
+            'updateClaim',
+            myOptions
+        );
+
+        if (!canUpdateClaim && !canCreateClaimAfterDeadline)
            throw new UserError(`You don't have permission to modify this claim`);

-        if (role.name === 'salesPerson') {
+        if (canUpdateClaim) {
            const query = `
            SELECT  daysToClaim
            FROM vn.claimConfig`;
            const res = await Self.rawSql(query);
            const daysToClaim = res[0]?.daysToClaim;

-            const claim = await models.Claim.findById(ctx?.currentInstance?.claimFk, {fields: ['created']}, options);
+            const claim = await models.Claim.findById(claimFk, {fields: ['created']}, options);
            const claimDate = moment.utc(claim.created);
            const currentDate = moment.utc();
            const daysSinceSale = currentDate.diff(claimDate, 'days');

-            if (daysSinceSale > daysToClaim)
+            if (daysSinceSale > daysToClaim && !canCreateClaimAfterDeadline)
                throw new UserError(`You can't modify this claim because the deadline has already passed`);
        }

        if (ctx.isNewInstance) {
-            const claim = await models.Claim.findById(ctx.instance.claimFk, {fields: ['ticketFk']}, options);
+            const claim = await models.Claim.findById(claimFk, {fields: ['ticketFk']}, options);
            if (sale.ticketFk != claim.ticketFk)
                throw new UserError(`Cannot create a new claimBeginning from a different ticket`);
        }
@ -65,7 +83,7 @@ module.exports = Self => {
        if (ctx.options && ctx.options.transaction)
            myOptions.transaction = ctx.options.transaction;

-        const claimBeginning = ctx.instance ?? await Self.findById(ctx.where.id);
+        const claimBeginning = ctx.instance ?? await Self.findById(ctx?.where?.id);

        const filter = {
            where: {id: claimBeginning.claimFk},