verdnatura/salix
verdnatura
/
salix
3
5
Fork 0
Code Issues Pull Requests 51 Releases Wiki Activity

refactor: refs #7127 modified checkAccessAcl instead of using VnRole
gitea/salix/pipeline/pr-dev This commit looks good Details

This commit is contained in:
Jon Elias 2025-02-04 13:55:01 +01:00
parent 9113f2e3e5
commit 5258e5ba2a
1 changed files with 28 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
modules/claim/back/models/claim-beginning.js
View File

@ -14,33 +14,51 @@ module.exports = Self => {
const options = ctx.options; const options = ctx.options;
const models = Self.app.models; const models = Self.app.models;
const saleFk = ctx?.currentInstance?.saleFk || ctx?.instance?.saleFk; const saleFk = ctx?.currentInstance?.saleFk || ctx?.instance?.saleFk;
const loopBackContext = LoopBackContext.getCurrentContext(); const claimFk = ctx?.instance?.claimFk || ctx?.currentInstance?.claimFk;
const accessToken = loopBackContext.active.accessToken; const myOptions = {};
const user = await models.VnUser.findById(accessToken.userId); const accessToken = ctx?.options?.accessToken || LoopBackContext.getCurrentContext().active.accessToken;
const role = await models.VnRole.findById(user.roleFk); const ctxToken = {req: {accessToken}};
if (typeof options == 'object')
Object.assign(myOptions, options);
const sale = await models.Sale.findById(saleFk, {fields: ['ticketFk', 'quantity']}, options); const sale = await models.Sale.findById(saleFk, {fields: ['ticketFk', 'quantity']}, options);
if (role.name !== 'salesPerson' && role.name !== 'claimManager') const canCreateClaimAfterDeadline = models.ACL.checkAccessAcl(
ctxToken,
'Claim',
'createAfterDeadline',
myOptions
);
const canUpdateClaim = models.ACL.checkAccessAcl(
ctxToken,
'Claim',
'updateClaim',
myOptions
);
if (!canUpdateClaim && !canCreateClaimAfterDeadline)
throw new UserError(`You don't have permission to modify this claim`); throw new UserError(`You don't have permission to modify this claim`);
if (role.name === 'salesPerson') { if (canUpdateClaim) {
const query = ` const query = `
SELECT daysToClaim SELECT daysToClaim
FROM vn.claimConfig`; FROM vn.claimConfig`;
const res = await Self.rawSql(query); const res = await Self.rawSql(query);
const daysToClaim = res[0]?.daysToClaim; const daysToClaim = res[0]?.daysToClaim;
const claim = await models.Claim.findById(ctx?.currentInstance?.claimFk, {fields: ['created']}, options); const claim = await models.Claim.findById(claimFk, {fields: ['created']}, options);
const claimDate = moment.utc(claim.created); const claimDate = moment.utc(claim.created);
const currentDate = moment.utc(); const currentDate = moment.utc();
const daysSinceSale = currentDate.diff(claimDate, 'days'); const daysSinceSale = currentDate.diff(claimDate, 'days');
if (daysSinceSale > daysToClaim) if (daysSinceSale > daysToClaim && !canCreateClaimAfterDeadline)
throw new UserError(`You can't modify this claim because the deadline has already passed`); throw new UserError(`You can't modify this claim because the deadline has already passed`);
} }
if (ctx.isNewInstance) { if (ctx.isNewInstance) {
const claim = await models.Claim.findById(ctx.instance.claimFk, {fields: ['ticketFk']}, options); const claim = await models.Claim.findById(claimFk, {fields: ['ticketFk']}, options);
if (sale.ticketFk != claim.ticketFk) if (sale.ticketFk != claim.ticketFk)
throw new UserError(`Cannot create a new claimBeginning from a different ticket`); throw new UserError(`Cannot create a new claimBeginning from a different ticket`);
} }
@ -65,7 +83,7 @@ module.exports = Self => {
if (ctx.options && ctx.options.transaction) if (ctx.options && ctx.options.transaction)
myOptions.transaction = ctx.options.transaction; myOptions.transaction = ctx.options.transaction;
const claimBeginning = ctx.instance ?? await Self.findById(ctx.where.id); const claimBeginning = ctx.instance ?? await Self.findById(ctx?.where?.id);
const filter = { const filter = {
where: {id: claimBeginning.claimFk}, where: {id: claimBeginning.claimFk},