From af0523a15537947f46c2a8018baa03a1fab0ffbf Mon Sep 17 00:00:00 2001 From: alexm Date: Tue, 25 Apr 2023 15:17:45 +0200 Subject: [PATCH 01/30] refs #5468 descriptor account solo lo puede ejecutar sysadmin y mail-forwarding solo el mismo o un superior --- db/changes/231601/00-aclAccount.sql | 6 +++ modules/account/front/aliases/index.html | 6 ++- modules/account/front/aliases/index.js | 7 +++ modules/account/front/descriptor/index.html | 16 +++---- .../account/front/mail-forwarding/index.html | 6 +-- .../account/front/mail-forwarding/index.js | 17 ++++++- .../methods/worker/authorizeSelfOrSuperior.js | 44 +++++++++++++++++++ modules/worker/back/models/worker.js | 1 + 8 files changed, 88 insertions(+), 15 deletions(-) create mode 100644 db/changes/231601/00-aclAccount.sql create mode 100644 modules/worker/back/methods/worker/authorizeSelfOrSuperior.js diff --git a/db/changes/231601/00-aclAccount.sql b/db/changes/231601/00-aclAccount.sql new file mode 100644 index 000000000..42579a65b --- /dev/null +++ b/db/changes/231601/00-aclAccount.sql @@ -0,0 +1,6 @@ +DELETE + FROM `salix`.`ACL` + WHERE model='Account' AND property='*' AND accessType='*'; + +INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) + VALUES('Account', '*', 'WRITE', 'ALLOW', 'ROLE', 'sysadmin'); diff --git a/modules/account/front/aliases/index.html b/modules/account/front/aliases/index.html index 9f4ba857f..87f3c92de 100644 --- a/modules/account/front/aliases/index.html +++ b/modules/account/front/aliases/index.html @@ -15,7 +15,9 @@ @@ -32,7 +34,7 @@ ng-click="$ctrl.onAddClick()" fixed-bottom-right> - @@ -49,7 +51,7 @@ - this.isSubordinate = res.data); } refresh() { diff --git a/modules/account/front/descriptor/index.html b/modules/account/front/descriptor/index.html index 7a7ba43f3..625c50ba2 100644 --- a/modules/account/front/descriptor/index.html +++ b/modules/account/front/descriptor/index.html @@ -6,7 +6,7 @@ Delete @@ -15,7 +15,7 @@ ng-if="::$root.user.id == $ctrl.id" ng-click="$ctrl.onChangePassClick(true)" name="changePassword" - vn-acl="hr" + vn-acl="sysadmin" vn-acl-action="remove" translate> Change password @@ -23,7 +23,7 @@ Set password @@ -32,7 +32,7 @@ ng-if="!$ctrl.hasAccount" ng-click="enableAccount.show()" name="enableAccount" - vn-acl="it" + vn-acl="sysadmin" vn-acl-action="remove" translate> Enable account @@ -41,7 +41,7 @@ ng-if="$ctrl.hasAccount" ng-click="disableAccount.show()" name="disableAccount" - vn-acl="it" + vn-acl="sysadmin" vn-acl-action="remove" translate> Disable account @@ -50,8 +50,7 @@ ng-if="!$ctrl.user.active" ng-click="activateUser.show()" name="activateUser" - vn-acl="hr" - vn-acl-action="remove" + vn-acl="sysadmin" translate> Activate user @@ -59,8 +58,7 @@ ng-if="$ctrl.user.active" ng-click="deactivateUser.show()" name="deactivateUser" - vn-acl="hr" - vn-acl-action="remove" + vn-acl="sysadmin" translate> Deactivate user diff --git a/modules/account/front/mail-forwarding/index.html b/modules/account/front/mail-forwarding/index.html index 6c688f504..1e0504c23 100644 --- a/modules/account/front/mail-forwarding/index.html +++ b/modules/account/front/mail-forwarding/index.html @@ -9,17 +9,17 @@
{ + this.isAuthorized = res.data; + + if (!this.isAuthorized) throw new UserError(`You don't have enough privileges`); + this.$.watcher.submit(); + }); + } +} ngModule.component('vnUserMailForwarding', { template: require('./index.html'), diff --git a/modules/worker/back/methods/worker/authorizeSelfOrSuperior.js b/modules/worker/back/methods/worker/authorizeSelfOrSuperior.js new file mode 100644 index 000000000..30dfd17c1 --- /dev/null +++ b/modules/worker/back/methods/worker/authorizeSelfOrSuperior.js @@ -0,0 +1,44 @@ +module.exports = Self => { + Self.remoteMethod('authorizeSelfOrSuperior', { + description: 'Return true if is himself or a superior', + accessType: 'READ', + accepts: [{ + arg: 'ctx', + type: 'Object', + http: {source: 'context'} + }, { + arg: 'id', + type: 'number', + required: true, + description: 'The worker id', + http: {source: 'path'} + }], + returns: { + type: 'boolean', + root: true + }, + http: { + path: `/:id/authorizeSelfOrSuperior`, + verb: 'GET' + } + }); + + Self.authorizeSelfOrSuperior = async(ctx, id, options) => { + const models = Self.app.models; + const currentUserId = ctx.req.accessToken.userId; + const isHimself = currentUserId == id; + + const myOptions = {}; + + if (typeof options == 'object') + Object.assign(myOptions, options); + + const isSubordinate = await models.Worker.isSubordinate(ctx, id, myOptions); + const isTeamBoss = await models.VnUser.hasRole(currentUserId, 'teamBoss', myOptions); + + if (!isSubordinate || (isSubordinate && !isHimself && !isTeamBoss)) + return false; + + return true; + }; +}; diff --git a/modules/worker/back/models/worker.js b/modules/worker/back/models/worker.js index fa17640a8..ffcb688ee 100644 --- a/modules/worker/back/models/worker.js +++ b/modules/worker/back/models/worker.js @@ -16,6 +16,7 @@ module.exports = Self => { require('../methods/worker/new')(Self); require('../methods/worker/deallocatePDA')(Self); require('../methods/worker/allocatePDA')(Self); + require('../methods/worker/authorizeSelfOrSuperior')(Self); Self.validatesUniquenessOf('locker', { message: 'This locker has already been assigned' From d6ff61b76861a93a616186e91cf62a55c7add360 Mon Sep 17 00:00:00 2001 From: vicent Date: Wed, 26 Apr 2023 09:48:02 +0200 Subject: [PATCH 02/30] =?UTF-8?q?refs=20#5468=20corregidas=20condiciones?= =?UTF-8?q?=20de=20autorizaci=C3=B3n?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/account/front/aliases/index.html | 4 ++-- modules/account/front/aliases/index.js | 7 ++++--- modules/account/front/mail-forwarding/index.js | 7 +++---- modules/account/front/mail-forwarding/locale/es.yml | 1 + .../{authorizeSelfOrSuperior.js => isAuthorized.js} | 10 +++++----- modules/worker/back/models/worker.js | 2 +- 6 files changed, 16 insertions(+), 15 deletions(-) rename modules/worker/back/methods/worker/{authorizeSelfOrSuperior.js => isAuthorized.js} (75%) diff --git a/modules/account/front/aliases/index.html b/modules/account/front/aliases/index.html index 87f3c92de..57f7ae968 100644 --- a/modules/account/front/aliases/index.html +++ b/modules/account/front/aliases/index.html @@ -15,9 +15,8 @@ @@ -28,6 +27,7 @@ this.isSubordinate = res.data); + this.$http.get(`Workers/${this.$params.id}/isAuthorized`) + .then(res => { + this.isAuthorized = res.data; + }); } refresh() { diff --git a/modules/account/front/mail-forwarding/index.js b/modules/account/front/mail-forwarding/index.js index 2047cdaa8..b48fd2258 100644 --- a/modules/account/front/mail-forwarding/index.js +++ b/modules/account/front/mail-forwarding/index.js @@ -8,11 +8,10 @@ export default class Controller extends Section { } getIsAuthorized() { - this.$http.get(`Workers/${this.$params.id}/authorizeSelfOrSuperior`) + this.$http.get(`Workers/${this.$params.id}/isSubordinate`) .then(res => { - this.isAuthorized = res.data; - - if (!this.isAuthorized) throw new UserError(`You don't have enough privileges`); + this.isSubordinate = res.data; + if (!this.isSubordinate) throw new UserError(`You don't have enough privileges`); this.$.watcher.submit(); }); } diff --git a/modules/account/front/mail-forwarding/locale/es.yml b/modules/account/front/mail-forwarding/locale/es.yml index 0322e3e42..688ace6b5 100644 --- a/modules/account/front/mail-forwarding/locale/es.yml +++ b/modules/account/front/mail-forwarding/locale/es.yml @@ -4,3 +4,4 @@ Enable mail forwarding: Habilitar redirección de correo All emails will be forwarded to the specified address.: > Todos los correos serán reenviados a la dirección especificada, no se mantendrá copia de los mismos en el buzón del usuario. +You don't have enough privileges: No tienes suficientes permisos diff --git a/modules/worker/back/methods/worker/authorizeSelfOrSuperior.js b/modules/worker/back/methods/worker/isAuthorized.js similarity index 75% rename from modules/worker/back/methods/worker/authorizeSelfOrSuperior.js rename to modules/worker/back/methods/worker/isAuthorized.js index 30dfd17c1..519aab94f 100644 --- a/modules/worker/back/methods/worker/authorizeSelfOrSuperior.js +++ b/modules/worker/back/methods/worker/isAuthorized.js @@ -1,6 +1,6 @@ module.exports = Self => { - Self.remoteMethod('authorizeSelfOrSuperior', { - description: 'Return true if is himself or a superior', + Self.remoteMethod('isAuthorized', { + description: 'Return true if the current user is a superior of the worker that is passed by parameter', accessType: 'READ', accepts: [{ arg: 'ctx', @@ -18,12 +18,12 @@ module.exports = Self => { root: true }, http: { - path: `/:id/authorizeSelfOrSuperior`, + path: `/:id/isAuthorized`, verb: 'GET' } }); - Self.authorizeSelfOrSuperior = async(ctx, id, options) => { + Self.isAuthorized = async(ctx, id, options) => { const models = Self.app.models; const currentUserId = ctx.req.accessToken.userId; const isHimself = currentUserId == id; @@ -36,7 +36,7 @@ module.exports = Self => { const isSubordinate = await models.Worker.isSubordinate(ctx, id, myOptions); const isTeamBoss = await models.VnUser.hasRole(currentUserId, 'teamBoss', myOptions); - if (!isSubordinate || (isSubordinate && !isHimself && !isTeamBoss)) + if (!isSubordinate || (isSubordinate && isHimself && !isTeamBoss)) return false; return true; diff --git a/modules/worker/back/models/worker.js b/modules/worker/back/models/worker.js index ffcb688ee..b44703a88 100644 --- a/modules/worker/back/models/worker.js +++ b/modules/worker/back/models/worker.js @@ -16,7 +16,7 @@ module.exports = Self => { require('../methods/worker/new')(Self); require('../methods/worker/deallocatePDA')(Self); require('../methods/worker/allocatePDA')(Self); - require('../methods/worker/authorizeSelfOrSuperior')(Self); + require('../methods/worker/isAuthorized')(Self); Self.validatesUniquenessOf('locker', { message: 'This locker has already been assigned' From 2e5a43af681294dcea50df303773138458f521d2 Mon Sep 17 00:00:00 2001 From: vicent Date: Wed, 26 Apr 2023 11:40:21 +0200 Subject: [PATCH 03/30] refs #5468 restringido permisos 'WRITE' para sysadmin en VnUser --- db/changes/231601/00-aclAccount.sql | 3 +++ db/changes/231601/00-userAcl.sql | 3 ++- modules/account/front/descriptor/index.html | 2 ++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/db/changes/231601/00-aclAccount.sql b/db/changes/231601/00-aclAccount.sql index 42579a65b..875c4aa8a 100644 --- a/db/changes/231601/00-aclAccount.sql +++ b/db/changes/231601/00-aclAccount.sql @@ -4,3 +4,6 @@ DELETE INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) VALUES('Account', '*', 'WRITE', 'ALLOW', 'ROLE', 'sysadmin'); + +INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) + VALUES('Account', '*', 'READ', 'ALLOW', 'ROLE', 'employee'); diff --git a/db/changes/231601/00-userAcl.sql b/db/changes/231601/00-userAcl.sql index 64803bf18..b880496d7 100644 --- a/db/changes/231601/00-userAcl.sql +++ b/db/changes/231601/00-userAcl.sql @@ -1,6 +1,7 @@ INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) VALUES - ('VnUser', '*', '*', 'ALLOW', 'ROLE', 'employee'), + ('VnUser', '*', 'READ', 'ALLOW', 'ROLE', 'employee'), + ('VnUser', '*', 'WRITE', 'ALLOW', 'ROLE', 'sysadmin'), ('VnUser','acl','READ','ALLOW','ROLE','account'), ('VnUser','getCurrentUserData','READ','ALLOW','ROLE','account'), ('VnUser','changePassword', 'WRITE', 'ALLOW', 'ROLE', 'account'), diff --git a/modules/account/front/descriptor/index.html b/modules/account/front/descriptor/index.html index 625c50ba2..61c7c5ee1 100644 --- a/modules/account/front/descriptor/index.html +++ b/modules/account/front/descriptor/index.html @@ -51,6 +51,7 @@ ng-click="activateUser.show()" name="activateUser" vn-acl="sysadmin" + vn-acl-action="remove" translate> Activate user @@ -59,6 +60,7 @@ ng-click="deactivateUser.show()" name="deactivateUser" vn-acl="sysadmin" + vn-acl-action="remove" translate> Deactivate user From 74d543884e442b958b40c092cf472ebc749b49d1 Mon Sep 17 00:00:00 2001 From: vicent Date: Wed, 26 Apr 2023 11:55:01 +0200 Subject: [PATCH 04/30] =?UTF-8?q?refs=20#5468=20a=C3=B1adido=20scope=20al?= =?UTF-8?q?=20modelo=20VnUser?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- back/models/vn-user.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/back/models/vn-user.json b/back/models/vn-user.json index 17efc8ce6..162130f35 100644 --- a/back/models/vn-user.json +++ b/back/models/vn-user.json @@ -121,5 +121,8 @@ "principalId": "$authenticated", "permission": "ALLOW" } - ] + ], + "scope": { + "fields": ["id", "name", "username", "roleFk", "nickname", "lang", "active", "email", "created", "updated", "image", "hasGrant", "realm", "emailVerified"] + } } From 37a7d02006dfe401724cbe3b6258ade5def7e617 Mon Sep 17 00:00:00 2001 From: vicent Date: Wed, 26 Apr 2023 12:18:32 +0200 Subject: [PATCH 05/30] quitado scope --- back/models/vn-user.json | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/back/models/vn-user.json b/back/models/vn-user.json index 162130f35..17efc8ce6 100644 --- a/back/models/vn-user.json +++ b/back/models/vn-user.json @@ -121,8 +121,5 @@ "principalId": "$authenticated", "permission": "ALLOW" } - ], - "scope": { - "fields": ["id", "name", "username", "roleFk", "nickname", "lang", "active", "email", "created", "updated", "image", "hasGrant", "realm", "emailVerified"] - } + ] } From 8a9e4ccefba0891a64e49a1d3b9ffe7594493814 Mon Sep 17 00:00:00 2001 From: vicent Date: Wed, 26 Apr 2023 12:35:00 +0200 Subject: [PATCH 06/30] refs #5468 fix e2e --- e2e/paths/14-account/01_create_and_basic_data.spec.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/paths/14-account/01_create_and_basic_data.spec.js b/e2e/paths/14-account/01_create_and_basic_data.spec.js index 54e4d1f12..6f4987419 100644 --- a/e2e/paths/14-account/01_create_and_basic_data.spec.js +++ b/e2e/paths/14-account/01_create_and_basic_data.spec.js @@ -8,7 +8,7 @@ describe('Account create and basic data path', () => { beforeAll(async() => { browser = await getBrowser(); page = browser.page; - await page.loginAndModule('developer', 'account'); + await page.loginAndModule('sysadmin', 'account'); }); afterAll(async() => { From 1597f7ab694ecfe70a79570a969862006d2c5ee3 Mon Sep 17 00:00:00 2001 From: vicent Date: Thu, 27 Apr 2023 15:05:41 +0200 Subject: [PATCH 07/30] =?UTF-8?q?refs=20#5468=20permitir=20acceso=20al=20m?= =?UTF-8?q?=C3=B3dulo=20'Usuarios'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/account/front/routes.json | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/modules/account/front/routes.json b/modules/account/front/routes.json index cc66df103..f843e71a4 100644 --- a/modules/account/front/routes.json +++ b/modules/account/front/routes.json @@ -49,8 +49,7 @@ "url": "/index?q", "state": "account.index", "component": "vn-user-index", - "description": "Users", - "acl": ["marketing", "hr"] + "description": "Users" }, { "url": "/create", @@ -98,8 +97,7 @@ "url": "/roles", "state": "account.card.roles", "component": "vn-user-roles", - "description": "Inherited roles", - "acl": ["it"] + "description": "Inherited roles" }, { "url": "/mail-forwarding", @@ -111,15 +109,13 @@ "url": "/aliases", "state": "account.card.aliases", "component": "vn-user-aliases", - "description": "Mail aliases", - "acl": ["marketing", "hr"] + "description": "Mail aliases" }, { "url": "/privileges", "state": "account.card.privileges", "component": "vn-user-privileges", - "description": "Privileges", - "acl": ["hr"] + "description": "Privileges" }, { "url": "/role?q", @@ -180,8 +176,7 @@ "url": "/alias?q", "state": "account.alias", "component": "vn-alias", - "description": "Mail aliases", - "acl": ["marketing"] + "description": "Mail aliases" }, { "url": "/create", From 87ffd2668ed2f4a030b1d5c6e2e2222be82b265f Mon Sep 17 00:00:00 2001 From: vicent Date: Thu, 27 Apr 2023 15:06:05 +0200 Subject: [PATCH 08/30] refs #5468 scope para VnUser --- back/models/vn-user.json | 7 ++++++- modules/account/front/card/index.js | 8 ++++++-- modules/account/front/summary/index.js | 8 ++++++-- 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/back/models/vn-user.json b/back/models/vn-user.json index 17efc8ce6..c0df160cd 100644 --- a/back/models/vn-user.json +++ b/back/models/vn-user.json @@ -121,5 +121,10 @@ "principalId": "$authenticated", "permission": "ALLOW" } - ] + ], + "scopes": { + "preview": { + "fields": ["id", "name", "username", "roleFk", "nickname", "lang", "active", "created", "updated", "image", "hasGrant", "realm"] + } + } } diff --git a/modules/account/front/card/index.js b/modules/account/front/card/index.js index e06f991bb..2c8cc7637 100644 --- a/modules/account/front/card/index.js +++ b/modules/account/front/card/index.js @@ -5,6 +5,7 @@ import './style.scss'; class Controller extends ModuleCard { reload() { const filter = { + where: {id: this.$params.id}, include: { relation: 'role', scope: { @@ -14,8 +15,11 @@ class Controller extends ModuleCard { }; return Promise.all([ - this.$http.get(`VnUsers/${this.$params.id}`, {filter}) - .then(res => this.user = res.data), + this.$http.get(`VnUsers/preview`, {filter}) + .then(res => { + const [user] = res.data; + this.user = user; + }), this.$http.get(`Accounts/${this.$params.id}/exists`) .then(res => this.hasAccount = res.data.exists) ]); diff --git a/modules/account/front/summary/index.js b/modules/account/front/summary/index.js index 8d30070e9..53b66dbe2 100644 --- a/modules/account/front/summary/index.js +++ b/modules/account/front/summary/index.js @@ -8,6 +8,7 @@ class Controller extends Summary { if (!value) return; const filter = { + where: {id: value.id}, include: { relation: 'role', scope: { @@ -15,8 +16,11 @@ class Controller extends Summary { } } }; - this.$http.get(`VnUsers/${value.id}`, {filter}) - .then(res => this.$.summary = res.data); + this.$http.get(`VnUsers/preview`, {filter}) + .then(res => { + const [summary] = res.data; + this.$.summary = summary; + }); } get isHr() { return this.aclService.hasAny(['hr']); From 74ea0ce9fd6368df9d4973a2d2b13008d16053fa Mon Sep 17 00:00:00 2001 From: vicent Date: Wed, 10 May 2023 13:44:51 +0200 Subject: [PATCH 09/30] refs #5468 actualizados acls --- db/changes/231801/00-aclAccount.sql | 9 --------- db/changes/232001/00-aclAccount.sql | 8 ++++++++ db/changes/232001/00-aclVnUser.sql | 8 ++++++++ modules/account/front/main/index.html | 2 +- 4 files changed, 17 insertions(+), 10 deletions(-) delete mode 100644 db/changes/231801/00-aclAccount.sql create mode 100644 db/changes/232001/00-aclAccount.sql create mode 100644 db/changes/232001/00-aclVnUser.sql diff --git a/db/changes/231801/00-aclAccount.sql b/db/changes/231801/00-aclAccount.sql deleted file mode 100644 index 875c4aa8a..000000000 --- a/db/changes/231801/00-aclAccount.sql +++ /dev/null @@ -1,9 +0,0 @@ -DELETE - FROM `salix`.`ACL` - WHERE model='Account' AND property='*' AND accessType='*'; - -INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) - VALUES('Account', '*', 'WRITE', 'ALLOW', 'ROLE', 'sysadmin'); - -INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) - VALUES('Account', '*', 'READ', 'ALLOW', 'ROLE', 'employee'); diff --git a/db/changes/232001/00-aclAccount.sql b/db/changes/232001/00-aclAccount.sql new file mode 100644 index 000000000..bf8106b98 --- /dev/null +++ b/db/changes/232001/00-aclAccount.sql @@ -0,0 +1,8 @@ +DELETE + FROM `salix`.`ACL` + WHERE model='Account' AND property='*' AND accessType='*'; + +INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) + VALUES + ('Account', '*', 'WRITE', 'ALLOW', 'ROLE', 'sysadmin'), + ('Account', '*', 'READ', 'ALLOW', 'ROLE', 'employee'); diff --git a/db/changes/232001/00-aclVnUser.sql b/db/changes/232001/00-aclVnUser.sql new file mode 100644 index 000000000..c9df0ac2a --- /dev/null +++ b/db/changes/232001/00-aclVnUser.sql @@ -0,0 +1,8 @@ +DELETE + FROM `salix`.`ACL` + WHERE model = 'VnUser' AND property = '*' AND principalId = 'employee'; + +INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) + VALUES + ('VnUser', '__get__preview', 'READ', 'ALLOW', 'ROLE', 'employee'), + ('VnUser', 'preview', '*', 'ALLOW', 'ROLE', 'employee'); diff --git a/modules/account/front/main/index.html b/modules/account/front/main/index.html index 5872a328d..36b493ec4 100644 --- a/modules/account/front/main/index.html +++ b/modules/account/front/main/index.html @@ -1,6 +1,6 @@ From b10f90fbe1a28c3e98c70d76e051e51117cb3a74 Mon Sep 17 00:00:00 2001 From: vicent Date: Thu, 11 May 2023 15:25:37 +0200 Subject: [PATCH 10/30] refs #5468 a la seccion privileges se le pasa el parametro user --- db/changes/231801/00-userAcl.sql | 2 -- db/changes/232001/00-aclVnUser.sql | 1 + db/dump/dumpedFixtures.sql | 2 +- modules/account/front/privileges/index.js | 35 +++++++++++++++++++++-- modules/account/front/routes.json | 5 +++- 5 files changed, 39 insertions(+), 6 deletions(-) diff --git a/db/changes/231801/00-userAcl.sql b/db/changes/231801/00-userAcl.sql index b880496d7..9eb3ebf28 100644 --- a/db/changes/231801/00-userAcl.sql +++ b/db/changes/231801/00-userAcl.sql @@ -1,7 +1,5 @@ INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) VALUES - ('VnUser', '*', 'READ', 'ALLOW', 'ROLE', 'employee'), - ('VnUser', '*', 'WRITE', 'ALLOW', 'ROLE', 'sysadmin'), ('VnUser','acl','READ','ALLOW','ROLE','account'), ('VnUser','getCurrentUserData','READ','ALLOW','ROLE','account'), ('VnUser','changePassword', 'WRITE', 'ALLOW', 'ROLE', 'account'), diff --git a/db/changes/232001/00-aclVnUser.sql b/db/changes/232001/00-aclVnUser.sql index c9df0ac2a..1a63ed964 100644 --- a/db/changes/232001/00-aclVnUser.sql +++ b/db/changes/232001/00-aclVnUser.sql @@ -4,5 +4,6 @@ DELETE INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) VALUES + ('VnUser', '*', '*', 'ALLOW', 'ROLE', 'itManagement'), ('VnUser', '__get__preview', 'READ', 'ALLOW', 'ROLE', 'employee'), ('VnUser', 'preview', '*', 'ALLOW', 'ROLE', 'employee'); diff --git a/db/dump/dumpedFixtures.sql b/db/dump/dumpedFixtures.sql index 39388e140..36b5e1aa9 100644 --- a/db/dump/dumpedFixtures.sql +++ b/db/dump/dumpedFixtures.sql @@ -78,7 +78,7 @@ USE `account`; LOCK TABLES `role` WRITE; /*!40000 ALTER TABLE `role` DISABLE KEYS */; -INSERT INTO `role` VALUES (1,'employee','Empleado básico',1,'2017-05-19 07:04:58','2017-11-29 10:06:31'),(2,'customer','Privilegios básicos de un cliente',1,'2017-05-19 07:04:58','2017-05-19 07:04:58'),(3,'agency','Consultar tablas de predicciones de bultos',1,'2017-05-19 07:04:58','2017-05-19 07:04:58'),(5,'administrative','Tareas relacionadas con la contabilidad',1,'2017-05-19 07:04:58','2017-05-19 07:04:58'),(6,'guest','Privilegios para usuarios sin cuenta',1,'2017-05-19 07:04:58','2017-05-19 07:04:58'),(9,'developer','Desarrolladores del sistema',1,'2017-05-19 07:04:58','2017-05-19 07:04:58'),(11,'account','Privilegios relacionados con el login',0,'2017-05-19 07:04:58','2017-09-20 17:06:35'),(13,'teamBoss','Jefe de equipo/departamento',1,'2017-05-19 07:04:58','2021-06-30 13:29:30'),(15,'logistic','Departamento de compras, responsables de la logistica',1,'2017-05-19 07:04:58','2018-02-12 10:50:10'),(16,'logisticBoss','Jefe del departamento de logística',1,'2017-05-19 07:04:58','2017-05-19 07:04:58'),(17,'adminBoss','Jefe del departamento de administración',1,'2017-05-19 07:04:58','2017-05-19 07:04:58'),(18,'salesPerson','Departamento de ventas',1,'2017-05-19 07:04:58','2017-05-19 07:04:58'),(19,'salesBoss','Jefe del departamento de ventas',1,'2017-05-19 07:04:58','2017-08-16 12:38:27'),(20,'manager','Gerencia',1,'2017-06-01 14:57:02','2022-07-29 07:36:15'),(21,'salesAssistant','Jefe auxiliar de ventas',1,'2017-08-16 12:40:52','2017-08-16 12:40:52'),(22,'teamManager','Jefe de departamento con privilegios de auxiliar de venta.',1,'2017-09-07 09:08:12','2017-09-07 09:08:12'),(30,'financialBoss','Director finaciero',1,'2017-09-21 11:05:36','2017-09-21 11:05:36'),(31,'freelancer','Trabajadores por cuenta ajena',1,'2017-10-10 12:57:26','2017-10-10 12:59:27'),(32,'ett','Trabajadores de empresa temporal',1,'2017-10-10 12:58:58','2017-10-10 12:59:20'),(33,'invoicing','Personal con acceso a facturación',0,'2018-01-29 16:43:34','2018-01-29 16:43:34'),(34,'agencyBoss','Jefe/a del departamento de agencias',1,'2018-01-29 16:44:39','2018-02-23 07:58:53'),(35,'buyer','Departamento de compras',1,'2018-02-12 10:35:42','2018-02-12 10:35:42'),(36,'replenisher','Trabajadores de camara',1,'2018-02-16 14:07:10','2019-04-12 05:38:08'),(37,'hr','Gestor/a de recursos humanos',1,'2018-02-22 17:34:53','2018-02-22 17:34:53'),(38,'hrBoss','Jefe/a de recursos humanos',1,'2018-02-22 17:35:09','2018-02-22 17:35:09'),(39,'adminAssistant','Jefe auxiliar administrativo',1,'2018-02-23 10:37:36','2018-02-23 10:38:41'),(40,'handmade','Departamento de confección',1,'2018-02-23 11:14:53','2018-02-23 11:39:12'),(41,'handmadeBoss','Jefe de departamento de confección',1,'2018-02-23 11:15:09','2018-02-23 11:39:26'),(42,'artificial','Departamento de artificial',1,'2018-02-23 11:39:59','2018-02-23 11:39:59'),(43,'artificialBoss','Jefe del departamento de artificial',1,'2018-02-23 11:40:16','2018-02-23 11:40:16'),(44,'accessory','Departamento de complementos',1,'2018-02-23 11:41:12','2018-02-23 11:41:12'),(45,'accessoryBoss','Jefe del departamento de complementos',1,'2018-02-23 11:41:23','2018-02-23 11:41:23'),(47,'cooler','Empleados de cámara',1,'2018-02-23 13:08:18','2018-02-23 13:08:18'),(48,'coolerBoss','Jefe del departamento de cámara',1,'2018-02-23 13:12:01','2018-02-23 13:12:01'),(49,'production','Empleado de producción',1,'2018-02-26 15:28:23','2021-02-12 09:42:35'),(50,'productionBoss','Jefe de producción',1,'2018-02-26 15:34:12','2018-02-26 15:34:12'),(51,'marketing','Departamento de marketing',1,'2018-03-01 07:28:39','2018-03-01 07:28:39'),(52,'marketingBoss','Jefe del departamento de marketing',1,'2018-03-01 07:28:57','2018-03-01 07:28:57'),(53,'insurance','Gestor de seguros de cambio',0,'2018-03-05 07:44:35','2019-02-01 13:47:57'),(54,'itemPicker','Sacador en cámara',1,'2018-03-05 12:08:17','2018-03-05 12:08:17'),(55,'itemPickerBoss','Jefe de sacadores',1,'2018-03-05 12:08:31','2018-03-05 12:08:31'),(56,'delivery','Personal de reparto',1,'2018-05-30 06:07:02','2018-05-30 06:07:02'),(57,'deliveryBoss','Jefe de personal de reparto',1,'2018-05-30 06:07:19','2018-05-30 06:07:19'),(58,'packager','Departamento encajadores',1,'2019-01-21 12:43:45','2019-01-21 12:43:45'),(59,'packagerBoss','Jefe departamento encajadores',1,'2019-01-21 12:44:10','2019-01-21 12:44:10'),(60,'productionAssi','Tareas relacionadas con producción y administración',1,'2019-01-29 13:29:01','2019-01-29 13:29:01'),(61,'replenisherBos','Jefe de Complementos/Camara',1,'2019-07-01 06:44:07','2019-07-01 06:44:07'),(62,'noLogin','Role without login access to MySQL',0,'2019-07-01 06:50:19','2019-07-02 13:42:05'),(64,'balanceSheet','Consulta de Balance',0,'2019-07-16 12:12:08','2019-07-16 12:12:08'),(65,'officeBoss','Jefe de filial',1,'2019-08-02 06:54:26','2019-08-02 06:54:26'),(66,'sysadmin','Administrador de sistema',1,'2019-08-08 06:58:56','2019-08-08 06:58:56'),(67,'adminOfficer','categoria profesional oficial de administración',1,'2020-01-03 08:09:23','2020-01-03 08:09:23'),(69,'coolerAssist','Empleado cámara con permiso compras',1,'2020-02-05 12:36:09','2020-02-05 12:36:09'),(70,'trainee','Alumno de prácticas',1,'2020-03-04 11:00:25','2020-03-04 11:00:25'),(71,'checker','Rol de revisor con privilegios de itemPicker',1,'2020-10-02 10:50:07','2020-10-02 10:50:07'),(72,'claimManager','Personal de reclamaciones',1,'2020-10-13 10:01:32','2020-10-26 07:29:46'),(73,'financial','Departamento de finanzas',1,'2020-11-16 09:30:27','2020-11-16 09:30:27'),(74,'userPhotos','Privilegios para subir fotos de usuario',1,'2021-02-03 10:24:27','2021-02-03 10:24:27'),(75,'catalogPhotos','Privilegios para subir fotos del catálogo',1,'2021-02-03 10:24:27','2021-02-03 10:24:27'),(76,'chat','Rol para utilizar el rocket chat',1,'2020-11-27 13:06:50','2020-12-17 07:49:41'),(100,'root','Rol con todos los privilegios',0,'2018-04-23 14:33:36','2020-11-12 06:50:07'),(101,'buyerBoss','Jefe del departamento de compras',1,'2021-06-16 09:53:17','2021-06-16 09:53:17'),(102,'preservedBoss','Responsable preservado',1,'2021-09-14 13:45:37','2021-09-14 13:45:37'),(103,'it','Departamento de informática',1,'2021-11-11 09:48:22','2021-11-11 09:48:22'),(104,'itBoss','Jefe de departamento de informática',1,'2021-11-11 09:48:49','2021-11-11 09:48:49'),(105,'grant','Adjudicar roles a usuarios',1,'2021-11-11 12:41:09','2021-11-11 12:41:09'),(106,'ext','Usuarios externos de la Base de datos',1,'2021-11-23 14:51:16','2021-11-23 14:51:16'),(107,'productionPlus','Creado para pepe por orden de Juanvi',1,'2022-02-08 06:47:10','2022-02-08 06:47:10'),(108,'system','System user',1,'2022-05-16 08:09:51','2022-05-16 08:09:51'),(109,'salesTeamBoss','Jefe de equipo de comerciales',1,'2022-06-14 13:45:56','2022-06-14 13:45:56'),(110,'palletizer','Paletizadores',1,'2022-12-02 12:56:22','2022-12-02 12:56:30'),(111,'entryEditor','Entry editor',1,'2023-01-13 11:21:55','2023-01-13 11:21:55'),(112,'maintenance','Personal de mantenimiento',1,'2023-01-19 06:23:35','2023-01-19 06:23:35'),(114,'maintenanceBos','Jefe de mantenimiento',1,'2023-01-19 06:31:16','2023-01-19 06:31:16'); +INSERT INTO `role` VALUES (1,'employee','Empleado básico',1,'2017-05-19 07:04:58','2017-11-29 10:06:31'),(2,'customer','Privilegios básicos de un cliente',1,'2017-05-19 07:04:58','2017-05-19 07:04:58'),(3,'agency','Consultar tablas de predicciones de bultos',1,'2017-05-19 07:04:58','2017-05-19 07:04:58'),(5,'administrative','Tareas relacionadas con la contabilidad',1,'2017-05-19 07:04:58','2017-05-19 07:04:58'),(6,'guest','Privilegios para usuarios sin cuenta',1,'2017-05-19 07:04:58','2017-05-19 07:04:58'),(9,'developer','Desarrolladores del sistema',1,'2017-05-19 07:04:58','2017-05-19 07:04:58'),(11,'account','Privilegios relacionados con el login',0,'2017-05-19 07:04:58','2017-09-20 17:06:35'),(13,'teamBoss','Jefe de equipo/departamento',1,'2017-05-19 07:04:58','2021-06-30 13:29:30'),(15,'logistic','Departamento de compras, responsables de la logistica',1,'2017-05-19 07:04:58','2018-02-12 10:50:10'),(16,'logisticBoss','Jefe del departamento de logística',1,'2017-05-19 07:04:58','2017-05-19 07:04:58'),(17,'adminBoss','Jefe del departamento de administración',1,'2017-05-19 07:04:58','2017-05-19 07:04:58'),(18,'salesPerson','Departamento de ventas',1,'2017-05-19 07:04:58','2017-05-19 07:04:58'),(19,'salesBoss','Jefe del departamento de ventas',1,'2017-05-19 07:04:58','2017-08-16 12:38:27'),(20,'manager','Gerencia',1,'2017-06-01 14:57:02','2022-07-29 07:36:15'),(21,'salesAssistant','Jefe auxiliar de ventas',1,'2017-08-16 12:40:52','2017-08-16 12:40:52'),(22,'teamManager','Jefe de departamento con privilegios de auxiliar de venta.',1,'2017-09-07 09:08:12','2017-09-07 09:08:12'),(30,'financialBoss','Director finaciero',1,'2017-09-21 11:05:36','2017-09-21 11:05:36'),(31,'freelancer','Trabajadores por cuenta ajena',1,'2017-10-10 12:57:26','2017-10-10 12:59:27'),(32,'ett','Trabajadores de empresa temporal',1,'2017-10-10 12:58:58','2017-10-10 12:59:20'),(33,'invoicing','Personal con acceso a facturación',0,'2018-01-29 16:43:34','2018-01-29 16:43:34'),(34,'agencyBoss','Jefe/a del departamento de agencias',1,'2018-01-29 16:44:39','2018-02-23 07:58:53'),(35,'buyer','Departamento de compras',1,'2018-02-12 10:35:42','2018-02-12 10:35:42'),(36,'replenisher','Trabajadores de camara',1,'2018-02-16 14:07:10','2019-04-12 05:38:08'),(37,'hr','Gestor/a de recursos humanos',1,'2018-02-22 17:34:53','2018-02-22 17:34:53'),(38,'hrBoss','Jefe/a de recursos humanos',1,'2018-02-22 17:35:09','2018-02-22 17:35:09'),(39,'adminAssistant','Jefe auxiliar administrativo',1,'2018-02-23 10:37:36','2018-02-23 10:38:41'),(40,'handmade','Departamento de confección',1,'2018-02-23 11:14:53','2018-02-23 11:39:12'),(41,'handmadeBoss','Jefe de departamento de confección',1,'2018-02-23 11:15:09','2018-02-23 11:39:26'),(42,'artificial','Departamento de artificial',1,'2018-02-23 11:39:59','2018-02-23 11:39:59'),(43,'artificialBoss','Jefe del departamento de artificial',1,'2018-02-23 11:40:16','2018-02-23 11:40:16'),(44,'accessory','Departamento de complementos',1,'2018-02-23 11:41:12','2018-02-23 11:41:12'),(45,'accessoryBoss','Jefe del departamento de complementos',1,'2018-02-23 11:41:23','2018-02-23 11:41:23'),(47,'cooler','Empleados de cámara',1,'2018-02-23 13:08:18','2018-02-23 13:08:18'),(48,'coolerBoss','Jefe del departamento de cámara',1,'2018-02-23 13:12:01','2018-02-23 13:12:01'),(49,'production','Empleado de producción',1,'2018-02-26 15:28:23','2021-02-12 09:42:35'),(50,'productionBoss','Jefe de producción',1,'2018-02-26 15:34:12','2018-02-26 15:34:12'),(51,'marketing','Departamento de marketing',1,'2018-03-01 07:28:39','2018-03-01 07:28:39'),(52,'marketingBoss','Jefe del departamento de marketing',1,'2018-03-01 07:28:57','2018-03-01 07:28:57'),(53,'insurance','Gestor de seguros de cambio',0,'2018-03-05 07:44:35','2019-02-01 13:47:57'),(54,'itemPicker','Sacador en cámara',1,'2018-03-05 12:08:17','2018-03-05 12:08:17'),(55,'itemPickerBoss','Jefe de sacadores',1,'2018-03-05 12:08:31','2018-03-05 12:08:31'),(56,'delivery','Personal de reparto',1,'2018-05-30 06:07:02','2018-05-30 06:07:02'),(57,'deliveryBoss','Jefe de personal de reparto',1,'2018-05-30 06:07:19','2018-05-30 06:07:19'),(58,'packager','Departamento encajadores',1,'2019-01-21 12:43:45','2019-01-21 12:43:45'),(59,'packagerBoss','Jefe departamento encajadores',1,'2019-01-21 12:44:10','2019-01-21 12:44:10'),(60,'productionAssi','Tareas relacionadas con producción y administración',1,'2019-01-29 13:29:01','2019-01-29 13:29:01'),(61,'replenisherBos','Jefe de Complementos/Camara',1,'2019-07-01 06:44:07','2019-07-01 06:44:07'),(62,'noLogin','Role without login access to MySQL',0,'2019-07-01 06:50:19','2019-07-02 13:42:05'),(64,'balanceSheet','Consulta de Balance',0,'2019-07-16 12:12:08','2019-07-16 12:12:08'),(65,'officeBoss','Jefe de filial',1,'2019-08-02 06:54:26','2019-08-02 06:54:26'),(66,'sysadmin','Administrador de sistema',1,'2019-08-08 06:58:56','2019-08-08 06:58:56'),(67,'adminOfficer','categoria profesional oficial de administración',1,'2020-01-03 08:09:23','2020-01-03 08:09:23'),(69,'coolerAssist','Empleado cámara con permiso compras',1,'2020-02-05 12:36:09','2020-02-05 12:36:09'),(70,'trainee','Alumno de prácticas',1,'2020-03-04 11:00:25','2020-03-04 11:00:25'),(71,'checker','Rol de revisor con privilegios de itemPicker',1,'2020-10-02 10:50:07','2020-10-02 10:50:07'),(72,'claimManager','Personal de reclamaciones',1,'2020-10-13 10:01:32','2020-10-26 07:29:46'),(73,'financial','Departamento de finanzas',1,'2020-11-16 09:30:27','2020-11-16 09:30:27'),(74,'userPhotos','Privilegios para subir fotos de usuario',1,'2021-02-03 10:24:27','2021-02-03 10:24:27'),(75,'catalogPhotos','Privilegios para subir fotos del catálogo',1,'2021-02-03 10:24:27','2021-02-03 10:24:27'),(76,'chat','Rol para utilizar el rocket chat',1,'2020-11-27 13:06:50','2020-12-17 07:49:41'),(100,'root','Rol con todos los privilegios',0,'2018-04-23 14:33:36','2020-11-12 06:50:07'),(101,'buyerBoss','Jefe del departamento de compras',1,'2021-06-16 09:53:17','2021-06-16 09:53:17'),(102,'preservedBoss','Responsable preservado',1,'2021-09-14 13:45:37','2021-09-14 13:45:37'),(103,'it','Departamento de informática',1,'2021-11-11 09:48:22','2021-11-11 09:48:22'),(104,'itBoss','Jefe de departamento de informática',1,'2021-11-11 09:48:49','2021-11-11 09:48:49'),(105,'grant','Adjudicar roles a usuarios',1,'2021-11-11 12:41:09','2021-11-11 12:41:09'),(106,'ext','Usuarios externos de la Base de datos',1,'2021-11-23 14:51:16','2021-11-23 14:51:16'),(107,'productionPlus','Creado para pepe por orden de Juanvi',1,'2022-02-08 06:47:10','2022-02-08 06:47:10'),(108,'system','System user',1,'2022-05-16 08:09:51','2022-05-16 08:09:51'),(109,'salesTeamBoss','Jefe de equipo de comerciales',1,'2022-06-14 13:45:56','2022-06-14 13:45:56'),(110,'palletizer','Paletizadores',1,'2022-12-02 12:56:22','2022-12-02 12:56:30'),(111,'entryEditor','Entry editor',1,'2023-01-13 11:21:55','2023-01-13 11:21:55'),(112,'maintenance','Personal de mantenimiento',1,'2023-01-19 06:23:35','2023-01-19 06:23:35'),(114,'maintenanceBos','Jefe de mantenimiento',1,'2023-01-19 06:31:16','2023-01-19 06:31:16'),(115,'itManagement','TI management',1,'2023-03-29 09:27:55','2023-03-29 09:28:04'); /*!40000 ALTER TABLE `role` ENABLE KEYS */; UNLOCK TABLES; diff --git a/modules/account/front/privileges/index.js b/modules/account/front/privileges/index.js index 00ba772df..5b470773b 100644 --- a/modules/account/front/privileges/index.js +++ b/modules/account/front/privileges/index.js @@ -1,9 +1,40 @@ import ngModule from '../module'; import Section from 'salix/components/section'; -export default class Controller extends Section {} +export default class Controller extends Section { + set user(value) { + this._user = value; + this.$.summary = null; + if (!value) return; + + const filter = { + where: {id: value.id}, + include: { + relation: 'role', + scope: { + fields: ['id', 'name'] + } + } + }; + this.$http.get(`VnUsers/preview`, {filter}) + .then(res => { + const [summary] = res.data; + this.$.summary = summary; + }); + } + get isHr() { + return this.aclService.hasAny(['hr']); + } + + get user() { + return this._user; + } +} ngModule.component('vnUserPrivileges', { template: require('./index.html'), - controller: Controller + controller: Controller, + bindings: { + user: '<' + } }); diff --git a/modules/account/front/routes.json b/modules/account/front/routes.json index f843e71a4..5a2cb7341 100644 --- a/modules/account/front/routes.json +++ b/modules/account/front/routes.json @@ -115,7 +115,10 @@ "url": "/privileges", "state": "account.card.privileges", "component": "vn-user-privileges", - "description": "Privileges" + "description": "Privileges", + "params": { + "user": "$ctrl.user" + } }, { "url": "/role?q", From 3f26072787028c265a0dec4a42a2c44514c65475 Mon Sep 17 00:00:00 2001 From: vicent Date: Fri, 12 May 2023 09:02:55 +0200 Subject: [PATCH 11/30] refs #5468 eliminados getters a VnUser --- back/models/vn-user.json | 2 +- modules/account/front/privileges/index.html | 2 -- modules/account/front/privileges/index.js | 33 ++++++--------------- modules/client/front/web-access/index.html | 8 ++--- modules/client/front/web-access/index.js | 16 ++++++++++ 5 files changed, 29 insertions(+), 32 deletions(-) diff --git a/back/models/vn-user.json b/back/models/vn-user.json index c0df160cd..fb38ad27a 100644 --- a/back/models/vn-user.json +++ b/back/models/vn-user.json @@ -124,7 +124,7 @@ ], "scopes": { "preview": { - "fields": ["id", "name", "username", "roleFk", "nickname", "lang", "active", "created", "updated", "image", "hasGrant", "realm"] + "fields": ["id", "name", "username", "roleFk", "nickname", "lang", "active", "created", "updated", "image", "hasGrant", "realm", "email"] } } } diff --git a/modules/account/front/privileges/index.html b/modules/account/front/privileges/index.html index 8e33b708e..8b345698d 100644 --- a/modules/account/front/privileges/index.html +++ b/modules/account/front/privileges/index.html @@ -1,9 +1,7 @@ diff --git a/modules/account/front/privileges/index.js b/modules/account/front/privileges/index.js index 5b470773b..017d878de 100644 --- a/modules/account/front/privileges/index.js +++ b/modules/account/front/privileges/index.js @@ -2,33 +2,18 @@ import ngModule from '../module'; import Section from 'salix/components/section'; export default class Controller extends Section { - set user(value) { - this._user = value; - this.$.summary = null; - if (!value) return; - - const filter = { - where: {id: value.id}, - include: { - relation: 'role', - scope: { - fields: ['id', 'name'] - } - } - }; - this.$http.get(`VnUsers/preview`, {filter}) - .then(res => { - const [summary] = res.data; - this.$.summary = summary; - }); - } - get isHr() { - return this.aclService.hasAny(['hr']); - } - get user() { return this._user; } + + set user(value) { + this._user = value; + if (!value) return; + } + + get isHr() { + return this.aclService.hasAny(['hr']); + } } ngModule.component('vnUserPrivileges', { diff --git a/modules/client/front/web-access/index.html b/modules/client/front/web-access/index.html index 15dc5ed58..74407ba5c 100644 --- a/modules/client/front/web-access/index.html +++ b/modules/client/front/web-access/index.html @@ -1,7 +1,5 @@ @@ -51,9 +49,9 @@ label="Save"> + ng-if="$ctrl.canChangePassword" + label="Change password" + vn-dialog="change-pass"> { + const [user] = res.data; + this.account = user; + }); + } + + get client() { + return this._client; + } + $onChanges() { if (this.client) { this.account = this.client.account; From b65ebc6af3c1e6e2c2d816fbe54fc0712a92ea46 Mon Sep 17 00:00:00 2001 From: vicent Date: Tue, 23 May 2023 07:09:51 +0200 Subject: [PATCH 12/30] refs #5468 feat: cambiados acls --- modules/account/front/descriptor/index.html | 2 +- modules/account/front/routes.json | 5 ++-- modules/worker/front/account/index.html | 33 --------------------- 3 files changed, 3 insertions(+), 37 deletions(-) delete mode 100644 modules/worker/front/account/index.html diff --git a/modules/account/front/descriptor/index.html b/modules/account/front/descriptor/index.html index 61c7c5ee1..918f32071 100644 --- a/modules/account/front/descriptor/index.html +++ b/modules/account/front/descriptor/index.html @@ -6,7 +6,7 @@ Delete diff --git a/modules/account/front/routes.json b/modules/account/front/routes.json index 5a2cb7341..fd33e7122 100644 --- a/modules/account/front/routes.json +++ b/modules/account/front/routes.json @@ -55,8 +55,7 @@ "url": "/create", "state": "account.create", "component": "vn-user-create", - "description": "New user", - "acl": ["it"] + "description": "New user" }, { "url": "/:id", @@ -79,7 +78,7 @@ "state": "account.card.basicData", "component": "vn-user-basic-data", "description": "Basic data", - "acl": ["hr"] + "acl": ["itManagement"] }, { "url" : "/log", diff --git a/modules/worker/front/account/index.html b/modules/worker/front/account/index.html deleted file mode 100644 index 6f6be660c..000000000 --- a/modules/worker/front/account/index.html +++ /dev/null @@ -1,33 +0,0 @@ - - - - - - - - - - - - - - - - - - - From aea39dd0b7385ba2ea6a28c74cd03a6be8ca7534 Mon Sep 17 00:00:00 2001 From: vicent Date: Tue, 23 May 2023 08:45:03 +0200 Subject: [PATCH 13/30] refs #5468 feat: modificalos acl de VnUser --- back/methods/vn-user/createUser.js | 72 +++++++++++++++++++ back/models/vn-user.js | 3 + .../{232001 => 232201}/00-aclAccount.sql | 0 .../{232001 => 232201}/00-aclVnUser.sql | 3 +- modules/account/front/create/index.html | 10 +-- modules/account/front/index/index.html | 10 +-- 6 files changed, 87 insertions(+), 11 deletions(-) create mode 100644 back/methods/vn-user/createUser.js rename db/changes/{232001 => 232201}/00-aclAccount.sql (100%) rename db/changes/{232001 => 232201}/00-aclVnUser.sql (71%) diff --git a/back/methods/vn-user/createUser.js b/back/methods/vn-user/createUser.js new file mode 100644 index 000000000..0c9151fb1 --- /dev/null +++ b/back/methods/vn-user/createUser.js @@ -0,0 +1,72 @@ +module.exports = function(Self) { + Self.remoteMethodCtx('createUser', { + description: 'Create a user', + accessType: 'WRITE', + accepts: [{ + arg: 'name', + type: 'string', + required: true + }, + { + arg: 'nickname', + type: 'string', + required: true + }, + { + arg: 'email', + type: 'string', + required: true + }, + { + arg: 'roleFk', + type: 'number', + required: true + }, + { + arg: 'password', + type: 'string', + required: true + }, + { + arg: 'active', + type: 'boolean' + }], + returns: { + root: true, + type: 'object' + }, + http: { + verb: 'POST', + path: '/createUser' + } + }); + + Self.createUser = async(ctx, options) => { + const models = Self.app.models; + const args = ctx.args; + let tx; + const myOptions = {}; + + if (typeof options == 'object') + Object.assign(myOptions, options); + + if (!myOptions.transaction) { + tx = await Self.beginTransaction({}); + myOptions.transaction = tx; + } + + try { + if (!args.active) args.active = false; + + delete args.ctx; // Remove unwanted properties + const newUser = await models.VnUser.create(args, myOptions); + + if (tx) await tx.commit(); + + return newUser; + } catch (e) { + if (tx) await tx.rollback(); + throw e; + } + }; +}; diff --git a/back/models/vn-user.js b/back/models/vn-user.js index 84ba11794..2fa040d84 100644 --- a/back/models/vn-user.js +++ b/back/models/vn-user.js @@ -10,6 +10,9 @@ module.exports = function(Self) { require('../methods/vn-user/recover-password')(Self); require('../methods/vn-user/validate-token')(Self); require('../methods/vn-user/privileges')(Self); + require('../methods/vn-user/createUser')(Self); + + Self.definition.settings.acls.find(acl => acl.property == 'create').permission = 'DENY'; // Validations diff --git a/db/changes/232001/00-aclAccount.sql b/db/changes/232201/00-aclAccount.sql similarity index 100% rename from db/changes/232001/00-aclAccount.sql rename to db/changes/232201/00-aclAccount.sql diff --git a/db/changes/232001/00-aclVnUser.sql b/db/changes/232201/00-aclVnUser.sql similarity index 71% rename from db/changes/232001/00-aclVnUser.sql rename to db/changes/232201/00-aclVnUser.sql index 1a63ed964..2cbadb548 100644 --- a/db/changes/232001/00-aclVnUser.sql +++ b/db/changes/232201/00-aclVnUser.sql @@ -6,4 +6,5 @@ INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalTyp VALUES ('VnUser', '*', '*', 'ALLOW', 'ROLE', 'itManagement'), ('VnUser', '__get__preview', 'READ', 'ALLOW', 'ROLE', 'employee'), - ('VnUser', 'preview', '*', 'ALLOW', 'ROLE', 'employee'); + ('VnUser', 'preview', '*', 'ALLOW', 'ROLE', 'employee'), + ('VnUser', 'createUser', 'WRITE', 'ALLOW', 'ROLE', 'itManagement'); diff --git a/modules/account/front/create/index.html b/modules/account/front/create/index.html index ee2de926a..f373cc468 100644 --- a/modules/account/front/create/index.html +++ b/modules/account/front/create/index.html @@ -1,6 +1,6 @@ @@ -12,18 +12,18 @@ @@ -39,7 +39,7 @@ type="password"> diff --git a/modules/account/front/index/index.html b/modules/account/front/index/index.html index d067c8c37..7502c8b3d 100644 --- a/modules/account/front/index/index.html +++ b/modules/account/front/index/index.html @@ -14,11 +14,11 @@
{{::user.nickname}}
 @@ -36,12 +36,12 @@ - - \ No newline at end of file + From 9426ff204f6fe6af1e31d2289fd6667fd410523e Mon Sep 17 00:00:00 2001 From: vicent Date: Tue, 23 May 2023 09:12:27 +0200 Subject: [PATCH 14/30] refs #5468 fix: testFront --- modules/account/front/card/index.spec.js | 4 ++-- modules/client/front/web-access/index.spec.js | 16 +++++++++++++++- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/modules/account/front/card/index.spec.js b/modules/account/front/card/index.spec.js index 204b897e4..712d3c1d8 100644 --- a/modules/account/front/card/index.spec.js +++ b/modules/account/front/card/index.spec.js @@ -15,12 +15,12 @@ describe('component vnUserCard', () => { it('should reload the controller data', () => { controller.$params.id = 1; - $httpBackend.expectGET('VnUsers/1').respond('foo'); + $httpBackend.expectGET('VnUsers/preview').respond('foo'); $httpBackend.expectGET('Accounts/1/exists').respond({exists: true}); controller.reload(); $httpBackend.flush(); - expect(controller.user).toBe('foo'); + expect(controller.user).toBe('f'); expect(controller.hasAccount).toBeTruthy(); }); }); diff --git a/modules/client/front/web-access/index.spec.js b/modules/client/front/web-access/index.spec.js index c1bb47a8e..7325bf932 100644 --- a/modules/client/front/web-access/index.spec.js +++ b/modules/client/front/web-access/index.spec.js @@ -5,12 +5,14 @@ describe('Component VnClientWebAccess', () => { let $scope; let vnApp; let controller; + let $httpParamSerializer; beforeEach(ngModule('client')); - beforeEach(inject(($componentController, $rootScope, _$httpBackend_, _vnApp_) => { + beforeEach(inject(($componentController, $rootScope, _$httpBackend_, _$httpParamSerializer_, _vnApp_) => { $scope = $rootScope.$new(); $httpBackend = _$httpBackend_; + $httpParamSerializer = _$httpParamSerializer_; vnApp = _vnApp_; jest.spyOn(vnApp, 'showError'); const $element = angular.element(''); @@ -32,7 +34,10 @@ describe('Component VnClientWebAccess', () => { describe('isCustomer()', () => { it('should return true if the password can be modified', () => { controller.client = {id: '1234'}; + const filter = {where: {id: controller.client.id}}; + const serializedParams = $httpParamSerializer({filter}); + $httpBackend.expectGET(`VnUsers/preview?${serializedParams}`).respond('foo'); $httpBackend.expectGET(`Clients/${controller.client.id}/hasCustomerRole`).respond(true); controller.isCustomer(); $httpBackend.flush(); @@ -42,7 +47,10 @@ describe('Component VnClientWebAccess', () => { it(`should return a false if the password can't be modified`, () => { controller.client = {id: '1234'}; + const filter = {where: {id: controller.client.id}}; + const serializedParams = $httpParamSerializer({filter}); + $httpBackend.expectGET(`VnUsers/preview?${serializedParams}`).respond('foo'); $httpBackend.expectGET(`Clients/${controller.client.id}/hasCustomerRole`).respond(false); controller.isCustomer(); $httpBackend.flush(); @@ -54,9 +62,12 @@ describe('Component VnClientWebAccess', () => { describe('checkConditions()', () => { it('should perform a query to check if the client is valid', () => { controller.client = {id: '1234'}; + const filter = {where: {id: controller.client.id}}; + const serializedParams = $httpParamSerializer({filter}); expect(controller.canEnableCheckBox).toBeTruthy(); + $httpBackend.expectGET(`VnUsers/preview?${serializedParams}`).respond('foo'); $httpBackend.expectGET(`Clients/${controller.client.id}/isValidClient`).respond(false); controller.checkConditions(); $httpBackend.flush(); @@ -82,7 +93,10 @@ describe('Component VnClientWebAccess', () => { controller.newPassword = 'm24x8'; controller.repeatPassword = 'm24x8'; controller.canChangePassword = true; + const filter = {where: {id: controller.client.id}}; + const serializedParams = $httpParamSerializer({filter}); + $httpBackend.expectGET(`VnUsers/preview?${serializedParams}`).respond('foo'); const query = `Clients/${controller.client.id}/setPassword`; $httpBackend.expectPATCH(query, {newPassword: controller.newPassword}).respond('done'); controller.onPassChange(); From 4bed88faf51eaf10ed4756bc357411c906c2b849 Mon Sep 17 00:00:00 2001 From: vicent Date: Tue, 23 May 2023 09:44:07 +0200 Subject: [PATCH 15/30] refs #5468 fix: e2e test --- e2e/paths/03-worker/06_create.spec.js | 2 +- e2e/paths/14-account/01_create_and_basic_data.spec.js | 4 ++-- modules/account/front/descriptor/index.html | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/e2e/paths/03-worker/06_create.spec.js b/e2e/paths/03-worker/06_create.spec.js index 98e67edbf..11d36b3cf 100644 --- a/e2e/paths/03-worker/06_create.spec.js +++ b/e2e/paths/03-worker/06_create.spec.js @@ -53,7 +53,7 @@ describe('Worker create path', () => { expect(message.text).toContain('Data saved!'); // 'rollback' - await page.loginAndModule('sysadmin', 'account'); + await page.loginAndModule('itManagement', 'account'); await page.accessToSearchResult(newWorker); await page.waitToClick(selectors.accountDescriptor.menuButton); diff --git a/e2e/paths/14-account/01_create_and_basic_data.spec.js b/e2e/paths/14-account/01_create_and_basic_data.spec.js index 6f4987419..9636fcf7a 100644 --- a/e2e/paths/14-account/01_create_and_basic_data.spec.js +++ b/e2e/paths/14-account/01_create_and_basic_data.spec.js @@ -1,14 +1,14 @@ import selectors from '../../helpers/selectors.js'; import getBrowser from '../../helpers/puppeteer'; -describe('Account create and basic data path', () => { +fdescribe('Account create and basic data path', () => { let browser; let page; beforeAll(async() => { browser = await getBrowser(); page = browser.page; - await page.loginAndModule('sysadmin', 'account'); + await page.loginAndModule('itManagement', 'account'); }); afterAll(async() => { diff --git a/modules/account/front/descriptor/index.html b/modules/account/front/descriptor/index.html index 918f32071..381b2991c 100644 --- a/modules/account/front/descriptor/index.html +++ b/modules/account/front/descriptor/index.html @@ -50,7 +50,7 @@ ng-if="!$ctrl.user.active" ng-click="activateUser.show()" name="activateUser" - vn-acl="sysadmin" + vn-acl="itManagement" vn-acl-action="remove" translate> Activate user @@ -59,7 +59,7 @@ ng-if="$ctrl.user.active" ng-click="deactivateUser.show()" name="deactivateUser" - vn-acl="sysadmin" + vn-acl="itManagement" vn-acl-action="remove" translate> Deactivate user From cd244daf84612608d724acced902d20c9ae04351 Mon Sep 17 00:00:00 2001 From: vicent Date: Tue, 23 May 2023 10:04:31 +0200 Subject: [PATCH 16/30] refs #5468 feat: checkbox 'activo' marcado por defecto --- back/methods/vn-user/createUser.js | 2 -- e2e/paths/14-account/01_create_and_basic_data.spec.js | 2 +- modules/account/front/create/index.js | 5 +++++ 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/back/methods/vn-user/createUser.js b/back/methods/vn-user/createUser.js index 0c9151fb1..4dac4bcef 100644 --- a/back/methods/vn-user/createUser.js +++ b/back/methods/vn-user/createUser.js @@ -56,8 +56,6 @@ module.exports = function(Self) { } try { - if (!args.active) args.active = false; - delete args.ctx; // Remove unwanted properties const newUser = await models.VnUser.create(args, myOptions); diff --git a/e2e/paths/14-account/01_create_and_basic_data.spec.js b/e2e/paths/14-account/01_create_and_basic_data.spec.js index 9636fcf7a..e38d1aeec 100644 --- a/e2e/paths/14-account/01_create_and_basic_data.spec.js +++ b/e2e/paths/14-account/01_create_and_basic_data.spec.js @@ -1,7 +1,7 @@ import selectors from '../../helpers/selectors.js'; import getBrowser from '../../helpers/puppeteer'; -fdescribe('Account create and basic data path', () => { +describe('Account create and basic data path', () => { let browser; let page; diff --git a/modules/account/front/create/index.js b/modules/account/front/create/index.js index 41fd718f6..01ba7905b 100644 --- a/modules/account/front/create/index.js +++ b/modules/account/front/create/index.js @@ -2,6 +2,11 @@ import ngModule from '../module'; import Section from 'salix/components/section'; export default class Controller extends Section { + constructor($element, $) { + super($element, $); + this.user = {active: true}; + } + onSubmit() { return this.$.watcher.submit().then(res => { this.$state.go('account.card.basicData', {id: res.data.id}); From 96163cb07fe14a7cbffcce45622796b515a4d107 Mon Sep 17 00:00:00 2001 From: vicent Date: Tue, 23 May 2023 10:43:46 +0200 Subject: [PATCH 17/30] refs #5468 feat: update acls --- db/changes/232201/00-aclMailAliasAccount.sql | 4 ++++ db/changes/232201/00-aclMailForward.sql | 4 ++++ db/changes/232201/00-aclRole.sql | 4 ++++ modules/account/front/mail-forwarding/index.js | 1 + 4 files changed, 13 insertions(+) create mode 100644 db/changes/232201/00-aclMailAliasAccount.sql create mode 100644 db/changes/232201/00-aclMailForward.sql create mode 100644 db/changes/232201/00-aclRole.sql diff --git a/db/changes/232201/00-aclMailAliasAccount.sql b/db/changes/232201/00-aclMailAliasAccount.sql new file mode 100644 index 000000000..c0f3a8829 --- /dev/null +++ b/db/changes/232201/00-aclMailAliasAccount.sql @@ -0,0 +1,4 @@ +DELETE FROM `salix`.`ACL` WHERE model = 'MailAliasAccount'; +INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`) + VALUES + ('MailAliasAccount', '*', 'READ', 'ALLOW', 'ROLE', 'employee'); diff --git a/db/changes/232201/00-aclMailForward.sql b/db/changes/232201/00-aclMailForward.sql new file mode 100644 index 000000000..0378a95f9 --- /dev/null +++ b/db/changes/232201/00-aclMailForward.sql @@ -0,0 +1,4 @@ +DELETE FROM `salix`.`ACL` WHERE model = 'MailForward'; +INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`) + VALUES + ('MailForward', '*', 'READ', 'ALLOW', 'ROLE', 'employee'); diff --git a/db/changes/232201/00-aclRole.sql b/db/changes/232201/00-aclRole.sql new file mode 100644 index 000000000..58f013c44 --- /dev/null +++ b/db/changes/232201/00-aclRole.sql @@ -0,0 +1,4 @@ +DELETE FROM `salix`.`ACL` WHERE model = 'Role'; +INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`) + VALUES + ('Role', '*', 'READ', 'ALLOW', 'ROLE', 'employee'); diff --git a/modules/account/front/mail-forwarding/index.js b/modules/account/front/mail-forwarding/index.js index b48fd2258..8b3fee489 100644 --- a/modules/account/front/mail-forwarding/index.js +++ b/modules/account/front/mail-forwarding/index.js @@ -12,6 +12,7 @@ export default class Controller extends Section { .then(res => { this.isSubordinate = res.data; if (!this.isSubordinate) throw new UserError(`You don't have enough privileges`); + this.$.watcher.submit(); }); } From 940ed29dfce3a4a3682c166ee9ece41c26750e95 Mon Sep 17 00:00:00 2001 From: vicent Date: Tue, 23 May 2023 12:21:35 +0200 Subject: [PATCH 18/30] =?UTF-8?q?refs=20#5468=20feat:=20comprobacion=20de?= =?UTF-8?q?=20acl=20en=20el=20back=20en=20'Reenv=C3=ADo=20de=20correo'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- db/changes/232201/00-aclAccount.sql | 3 +- .../methods/account/change-mail-forwarding.js | 38 +++++++++++++++++++ modules/account/back/models/account.js | 1 + .../account/front/mail-forwarding/index.html | 4 +- .../account/front/mail-forwarding/index.js | 18 ++++----- 5 files changed, 51 insertions(+), 13 deletions(-) create mode 100644 modules/account/back/methods/account/change-mail-forwarding.js diff --git a/db/changes/232201/00-aclAccount.sql b/db/changes/232201/00-aclAccount.sql index bf8106b98..1d5e1b2b3 100644 --- a/db/changes/232201/00-aclAccount.sql +++ b/db/changes/232201/00-aclAccount.sql @@ -5,4 +5,5 @@ DELETE INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) VALUES ('Account', '*', 'WRITE', 'ALLOW', 'ROLE', 'sysadmin'), - ('Account', '*', 'READ', 'ALLOW', 'ROLE', 'employee'); + ('Account', '*', 'READ', 'ALLOW', 'ROLE', 'employee'), + ('Account', 'changeMailForwarding', 'WRITE', 'ALLOW', 'ROLE', 'employee'); diff --git a/modules/account/back/methods/account/change-mail-forwarding.js b/modules/account/back/methods/account/change-mail-forwarding.js new file mode 100644 index 000000000..21dae4624 --- /dev/null +++ b/modules/account/back/methods/account/change-mail-forwarding.js @@ -0,0 +1,38 @@ + +const UserError = require('vn-loopback/util/user-error'); + +module.exports = Self => { + Self.remoteMethodCtx('changeMailForwarding', { + description: 'Changes the mail forwarding', + accessType: 'WRITE', + accepts: [{ + arg: 'id', + type: 'number', + description: 'The user id', + http: {source: 'path'} + }, { + arg: 'forwardTo', + type: 'string', + description: 'The mail forward' + }], + http: { + path: `/:id/changeMailForwarding`, + verb: 'POST' + } + }); + + Self.changeMailForwarding = async function(ctx, id, forwardTo) { + const models = Self.app.models; + + const isSubordinate = await models.Worker.isSubordinate(ctx, id); + if (!isSubordinate) + throw new UserError(`You don't have enough privileges`); + + if (!forwardTo) return models.MailForward.destroyById(id); + + const mailForward = await models.MailForward.findById(id); + + if (mailForward) return mailForward.updateAttribute('forwardTo', forwardTo); + else return models.MailForward.create({account: id, forwardTo: forwardTo}); + }; +}; diff --git a/modules/account/back/models/account.js b/modules/account/back/models/account.js index 5021a5d94..ce00c4f58 100644 --- a/modules/account/back/models/account.js +++ b/modules/account/back/models/account.js @@ -7,4 +7,5 @@ module.exports = Self => { require('../methods/account/logout')(Self); require('../methods/account/change-password')(Self); require('../methods/account/set-password')(Self); + require('../methods/account/change-mail-forwarding')(Self); }; diff --git a/modules/account/front/mail-forwarding/index.html b/modules/account/front/mail-forwarding/index.html index 1e0504c23..e2f5ff86a 100644 --- a/modules/account/front/mail-forwarding/index.html +++ b/modules/account/front/mail-forwarding/index.html @@ -4,7 +4,7 @@ url="MailForwards" id-field="account" id-value="$ctrl.$params.id" - data="data" + data="$ctrl.data" form="form">
diff --git a/modules/account/front/mail-forwarding/index.js b/modules/account/front/mail-forwarding/index.js index 8b3fee489..0b7b40cb9 100644 --- a/modules/account/front/mail-forwarding/index.js +++ b/modules/account/front/mail-forwarding/index.js @@ -4,16 +4,14 @@ import UserError from 'core/lib/user-error'; export default class Controller extends Section { onSubmit() { - this.getIsAuthorized(); - } - - getIsAuthorized() { - this.$http.get(`Workers/${this.$params.id}/isSubordinate`) - .then(res => { - this.isSubordinate = res.data; - if (!this.isSubordinate) throw new UserError(`You don't have enough privileges`); - - this.$.watcher.submit(); + const query = `Accounts/${this.$params.id}/changeMailForwarding`; + const params = { + forwardTo: this.data?.forwardTo || undefined + }; + this.$http.post(query, params) + .then(() => { + this.$.watcher.notifySaved(); + this.$.watcher.updateOriginalData(); }); } } From 191fe4ebf6b85fed4c5103201fafea7b1fc81923 Mon Sep 17 00:00:00 2001 From: vicent Date: Tue, 23 May 2023 12:40:49 +0200 Subject: [PATCH 19/30] =?UTF-8?q?refs=20#5468=20feat:=20a=C3=B1adidas=20co?= =?UTF-8?q?mprobaciones=20acls=20en=20el=20back=20en=20'Alias=20de=20corre?= =?UTF-8?q?o'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../back/methods/account/add-mail-alias.js | 34 +++++++++++++++++++ .../back/methods/account/delete-mail-alias.js | 29 ++++++++++++++++ modules/account/back/models/account.js | 2 ++ modules/account/front/aliases/index.js | 7 ++-- 4 files changed, 70 insertions(+), 2 deletions(-) create mode 100644 modules/account/back/methods/account/add-mail-alias.js create mode 100644 modules/account/back/methods/account/delete-mail-alias.js diff --git a/modules/account/back/methods/account/add-mail-alias.js b/modules/account/back/methods/account/add-mail-alias.js new file mode 100644 index 000000000..814ddaf99 --- /dev/null +++ b/modules/account/back/methods/account/add-mail-alias.js @@ -0,0 +1,34 @@ + +const UserError = require('vn-loopback/util/user-error'); + +module.exports = Self => { + Self.remoteMethodCtx('addMailAlias', { + description: 'Add a mail alias', + accessType: 'WRITE', + accepts: [{ + arg: 'id', + type: 'number', + description: 'The user id', + http: {source: 'path'} + }, { + arg: 'mailAlias', + type: 'number', + description: 'The mail alias', + required: true + }], + http: { + path: `/:id/addMailAlias`, + verb: 'POST' + } + }); + + Self.addMailAlias = async function(ctx, id, mailAlias) { + const models = Self.app.models; + + const isAuthorized = await models.Worker.isAuthorized(ctx, id); + if (!isAuthorized) + throw new UserError(`You don't have enough privileges`); + + return models.MailAliasAccount.create({mailAlias: mailAlias, account: id}); + }; +}; diff --git a/modules/account/back/methods/account/delete-mail-alias.js b/modules/account/back/methods/account/delete-mail-alias.js new file mode 100644 index 000000000..018a1e0b5 --- /dev/null +++ b/modules/account/back/methods/account/delete-mail-alias.js @@ -0,0 +1,29 @@ + +const UserError = require('vn-loopback/util/user-error'); + +module.exports = Self => { + Self.remoteMethodCtx('deleteMailAlias', { + description: 'Delete a mail alias', + accessType: 'WRITE', + accepts: [{ + arg: 'id', + type: 'number', + description: 'The mail alias account to id', + http: {source: 'path'} + }], + http: { + path: `/:id/deleteMailAlias`, + verb: 'POST' + } + }); + + Self.deleteMailAlias = async function(ctx, id) { + const models = Self.app.models; + + const isAuthorized = await models.Worker.isAuthorized(ctx, id); + if (!isAuthorized) + throw new UserError(`You don't have enough privileges`); + + return models.MailAliasAccount.destroyById(id); + }; +}; diff --git a/modules/account/back/models/account.js b/modules/account/back/models/account.js index ce00c4f58..e44d10547 100644 --- a/modules/account/back/models/account.js +++ b/modules/account/back/models/account.js @@ -8,4 +8,6 @@ module.exports = Self => { require('../methods/account/change-password')(Self); require('../methods/account/set-password')(Self); require('../methods/account/change-mail-forwarding')(Self); + require('../methods/account/add-mail-alias')(Self); + require('../methods/account/delete-mail-alias')(Self); }; diff --git a/modules/account/front/aliases/index.js b/modules/account/front/aliases/index.js index c7c5cb82d..70bcc5d44 100644 --- a/modules/account/front/aliases/index.js +++ b/modules/account/front/aliases/index.js @@ -34,7 +34,10 @@ export default class Controller extends Section { } onAddSave() { - return this.$http.post(`MailAliasAccounts`, this.addData) + const params = { + mailAlias: this.addData.mailAlias + }; + return this.$http.post(`Accounts/${this.$params.id}/addMailAlias`, params) .then(() => this.refresh()) .then(() => this.vnApp.showSuccess( this.$t('Subscribed to alias!')) @@ -42,7 +45,7 @@ export default class Controller extends Section { } onRemove(row) { - return this.$http.delete(`MailAliasAccounts/${row.id}`) + return this.$http.post(`Accounts/${row.id}/deleteMailAlias`) .then(() => { this.$.data.splice(this.$.data.indexOf(row), 1); this.vnApp.showSuccess(this.$t('Unsubscribed from alias!')); From db55c3e81bebdd54690f6de9936f6ca0f07dc5d9 Mon Sep 17 00:00:00 2001 From: vicent Date: Tue, 23 May 2023 12:49:34 +0200 Subject: [PATCH 20/30] refs #5468 fix: fornt test --- modules/account/front/aliases/index.spec.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/account/front/aliases/index.spec.js b/modules/account/front/aliases/index.spec.js index 466f1e1e9..53ce9e5d7 100644 --- a/modules/account/front/aliases/index.spec.js +++ b/modules/account/front/aliases/index.spec.js @@ -9,6 +9,7 @@ describe('component vnUserAliases', () => { beforeEach(inject(($componentController, _$httpBackend_) => { $httpBackend = _$httpBackend_; controller = $componentController('vnUserAliases', {$element: null}); + controller.$params.id = 1; jest.spyOn(controller.vnApp, 'showSuccess'); })); @@ -26,7 +27,7 @@ describe('component vnUserAliases', () => { it('should add the new row', () => { controller.addData = {account: 1}; - $httpBackend.expectPOST('MailAliasAccounts').respond(); + $httpBackend.expectPOST(`Accounts/${controller.$params.id}/addMailAlias`).respond(); $httpBackend.expectGET('MailAliasAccounts').respond('foo'); controller.onAddSave(); $httpBackend.flush(); @@ -42,7 +43,7 @@ describe('component vnUserAliases', () => { {id: 2, alias: 'bar'} ]; - $httpBackend.expectDELETE('MailAliasAccounts/1').respond(); + $httpBackend.expectPOST(`Accounts/${controller.$params.id}/deleteMailAlias`).respond(); controller.onRemove(controller.$.data[0]); $httpBackend.flush(); From b7e3e9fa713bbfb120a4dd3bc493e77693217078 Mon Sep 17 00:00:00 2001 From: vicent Date: Tue, 23 May 2023 13:08:10 +0200 Subject: [PATCH 21/30] refs #5468 feat: add testBack --- .../account/specs/add-mail-alias.spec.js | 26 ++++++++++++++ .../specs/change-mail-forwarding.spec.js | 35 +++++++++++++++++++ .../account/specs/delete-mail-alias.spec.js | 24 +++++++++++++ 3 files changed, 85 insertions(+) create mode 100644 modules/account/back/methods/account/specs/add-mail-alias.spec.js create mode 100644 modules/account/back/methods/account/specs/change-mail-forwarding.spec.js create mode 100644 modules/account/back/methods/account/specs/delete-mail-alias.spec.js diff --git a/modules/account/back/methods/account/specs/add-mail-alias.spec.js b/modules/account/back/methods/account/specs/add-mail-alias.spec.js new file mode 100644 index 000000000..bb59719cd --- /dev/null +++ b/modules/account/back/methods/account/specs/add-mail-alias.spec.js @@ -0,0 +1,26 @@ +const {models} = require('vn-loopback/server/server'); + +describe('Account addMailAlias()', () => { + it('should throw an error when the user is not a superior', async() => { + const ctx = {req: {accessToken: {userId: 1}}}; + const employeeId = 1; + + let error; + try { + await models.Account.addMailAlias(ctx, employeeId, 1); + } catch (e) { + error = e.message; + } + + expect(error).toEqual(`You don't have enough privileges`); + }); + + it('should add a mail alias', async() => { + const ctx = {req: {accessToken: {userId: 9}}}; + const employeeId = 1; + + const result = await models.Account.addMailAlias(ctx, employeeId, 2); + + expect(result).toBeDefined(); + }); +}); diff --git a/modules/account/back/methods/account/specs/change-mail-forwarding.spec.js b/modules/account/back/methods/account/specs/change-mail-forwarding.spec.js new file mode 100644 index 000000000..ba1a80806 --- /dev/null +++ b/modules/account/back/methods/account/specs/change-mail-forwarding.spec.js @@ -0,0 +1,35 @@ +const {models} = require('vn-loopback/server/server'); + +describe('Account changeMailForwarding()', () => { + it('should throw an error when the user is not himself or a superior', async() => { + const ctx = {req: {accessToken: {userId: 1}}}; + const developerId = 9; + + let error; + try { + await models.Account.changeMailForwarding(ctx, developerId, 'alias@test.test'); + } catch (e) { + error = e.message; + } + + expect(error).toEqual(`You don't have enough privileges`); + }); + + it('should change a mail forwarding when the user is himself', async() => { + const ctx = {req: {accessToken: {userId: 1}}}; + const employeeId = 1; + + const result = await models.Account.changeMailForwarding(ctx, employeeId, 'alias@test.test'); + + expect(result).toBeDefined(); + }); + + it('should change a mail forwarding when the user is a superior', async() => { + const ctx = {req: {accessToken: {userId: 9}}}; + const employeeId = 1; + + const result = await models.Account.changeMailForwarding(ctx, employeeId, 'alias@test.test'); + + expect(result).toBeDefined(); + }); +}); diff --git a/modules/account/back/methods/account/specs/delete-mail-alias.spec.js b/modules/account/back/methods/account/specs/delete-mail-alias.spec.js new file mode 100644 index 000000000..fb69fe9c9 --- /dev/null +++ b/modules/account/back/methods/account/specs/delete-mail-alias.spec.js @@ -0,0 +1,24 @@ +const {models} = require('vn-loopback/server/server'); + +describe('Account deleteMailAlias()', () => { + it('should throw an error when the user is not a superior', async() => { + const ctx = {req: {accessToken: {userId: 1}}}; + + let error; + try { + await models.Account.deleteMailAlias(ctx, 1); + } catch (e) { + error = e.message; + } + + expect(error).toEqual(`You don't have enough privileges`); + }); + + it('should delete a mail alias', async() => { + const ctx = {req: {accessToken: {userId: 9}}}; + + const result = await models.Account.deleteMailAlias(ctx, 1); + + expect(result).toBeDefined(); + }); +}); From 91207c5a3c2f54563ede83c9729426083d882585 Mon Sep 17 00:00:00 2001 From: vicent Date: Tue, 23 May 2023 13:33:27 +0200 Subject: [PATCH 22/30] refs #5468 fix: test e2e --- db/changes/232201/00-aclRole.sql | 4 +++- e2e/helpers/selectors.js | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/db/changes/232201/00-aclRole.sql b/db/changes/232201/00-aclRole.sql index 58f013c44..3e5119b06 100644 --- a/db/changes/232201/00-aclRole.sql +++ b/db/changes/232201/00-aclRole.sql @@ -1,4 +1,6 @@ DELETE FROM `salix`.`ACL` WHERE model = 'Role'; INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`) VALUES - ('Role', '*', 'READ', 'ALLOW', 'ROLE', 'employee'); + ('Role', '*', 'READ', 'ALLOW', 'ROLE', 'employee'), + ('Role', '*', 'WRITE', 'ALLOW', 'ROLE', 'hr'), + ('Role', '*', 'WRITE', 'ALLOW', 'ROLE', 'marketing'); diff --git a/e2e/helpers/selectors.js b/e2e/helpers/selectors.js index b19db24d7..8bf880639 100644 --- a/e2e/helpers/selectors.js +++ b/e2e/helpers/selectors.js @@ -104,7 +104,7 @@ export default { }, accountMailForwarding: { mailForwardingCheckbox: 'vn-user-mail-forwarding vn-check[ng-model="watcher.hasData"]', - email: 'vn-user-mail-forwarding vn-textfield[ng-model="data.forwardTo"]', + email: 'vn-user-mail-forwarding vn-textfield[ng-model="$ctrl.data.forwardTo"]', save: 'vn-user-mail-forwarding vn-submit' }, accountAcl: { From c9b4c68b0c5099843b5014f68fbad2e6658dfeb5 Mon Sep 17 00:00:00 2001 From: vicent Date: Tue, 23 May 2023 13:41:13 +0200 Subject: [PATCH 23/30] refs #5468 refactor: actualizada vista --- modules/account/front/privileges/index.html | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/account/front/privileges/index.html b/modules/account/front/privileges/index.html index 8b345698d..61f2c534e 100644 --- a/modules/account/front/privileges/index.html +++ b/modules/account/front/privileges/index.html @@ -9,15 +9,16 @@ name="form" ng-submit="watcher.submit()" class="vn-w-md"> - + - + + + Date: Tue, 30 May 2023 09:13:47 +0200 Subject: [PATCH 24/30] refs #5468 refactor: modificado acl directamente sin necesidad de crear una nueva ruta --- back/methods/vn-user/createUser.js | 70 ------------------------- back/models/vn-user.js | 3 +- back/models/vn-user.json | 16 +++++- db/changes/232201/00-aclRole.sql | 3 +- db/changes/232201/00-aclVnUser.sql | 3 +- modules/account/front/create/index.html | 2 +- 6 files changed, 19 insertions(+), 78 deletions(-) delete mode 100644 back/methods/vn-user/createUser.js diff --git a/back/methods/vn-user/createUser.js b/back/methods/vn-user/createUser.js deleted file mode 100644 index 4dac4bcef..000000000 --- a/back/methods/vn-user/createUser.js +++ /dev/null @@ -1,70 +0,0 @@ -module.exports = function(Self) { - Self.remoteMethodCtx('createUser', { - description: 'Create a user', - accessType: 'WRITE', - accepts: [{ - arg: 'name', - type: 'string', - required: true - }, - { - arg: 'nickname', - type: 'string', - required: true - }, - { - arg: 'email', - type: 'string', - required: true - }, - { - arg: 'roleFk', - type: 'number', - required: true - }, - { - arg: 'password', - type: 'string', - required: true - }, - { - arg: 'active', - type: 'boolean' - }], - returns: { - root: true, - type: 'object' - }, - http: { - verb: 'POST', - path: '/createUser' - } - }); - - Self.createUser = async(ctx, options) => { - const models = Self.app.models; - const args = ctx.args; - let tx; - const myOptions = {}; - - if (typeof options == 'object') - Object.assign(myOptions, options); - - if (!myOptions.transaction) { - tx = await Self.beginTransaction({}); - myOptions.transaction = tx; - } - - try { - delete args.ctx; // Remove unwanted properties - const newUser = await models.VnUser.create(args, myOptions); - - if (tx) await tx.commit(); - - return newUser; - } catch (e) { - if (tx) await tx.rollback(); - throw e; - } - }; -}; diff --git a/back/models/vn-user.js b/back/models/vn-user.js index 2fa040d84..978227966 100644 --- a/back/models/vn-user.js +++ b/back/models/vn-user.js @@ -10,9 +10,8 @@ module.exports = function(Self) { require('../methods/vn-user/recover-password')(Self); require('../methods/vn-user/validate-token')(Self); require('../methods/vn-user/privileges')(Self); - require('../methods/vn-user/createUser')(Self); - Self.definition.settings.acls.find(acl => acl.property == 'create').permission = 'DENY'; + Self.definition.settings.acls.find(acl => acl.property == 'create').principalId = 'itManagement'; // Validations diff --git a/back/models/vn-user.json b/back/models/vn-user.json index fb38ad27a..e0b96a39e 100644 --- a/back/models/vn-user.json +++ b/back/models/vn-user.json @@ -124,7 +124,21 @@ ], "scopes": { "preview": { - "fields": ["id", "name", "username", "roleFk", "nickname", "lang", "active", "created", "updated", "image", "hasGrant", "realm", "email"] + "fields": [ + "id", + "name", + "username", + "roleFk", + "nickname", + "lang", + "active", + "created", + "updated", + "image", + "hasGrant", + "realm", + "email" + ] } } } diff --git a/db/changes/232201/00-aclRole.sql b/db/changes/232201/00-aclRole.sql index 3e5119b06..e16f052be 100644 --- a/db/changes/232201/00-aclRole.sql +++ b/db/changes/232201/00-aclRole.sql @@ -2,5 +2,4 @@ DELETE FROM `salix`.`ACL` WHERE model = 'Role'; INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`) VALUES ('Role', '*', 'READ', 'ALLOW', 'ROLE', 'employee'), - ('Role', '*', 'WRITE', 'ALLOW', 'ROLE', 'hr'), - ('Role', '*', 'WRITE', 'ALLOW', 'ROLE', 'marketing'); + ('Role', '*', 'WRITE', 'ALLOW', 'ROLE', 'it'); diff --git a/db/changes/232201/00-aclVnUser.sql b/db/changes/232201/00-aclVnUser.sql index 2cbadb548..1a63ed964 100644 --- a/db/changes/232201/00-aclVnUser.sql +++ b/db/changes/232201/00-aclVnUser.sql @@ -6,5 +6,4 @@ INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalTyp VALUES ('VnUser', '*', '*', 'ALLOW', 'ROLE', 'itManagement'), ('VnUser', '__get__preview', 'READ', 'ALLOW', 'ROLE', 'employee'), - ('VnUser', 'preview', '*', 'ALLOW', 'ROLE', 'employee'), - ('VnUser', 'createUser', 'WRITE', 'ALLOW', 'ROLE', 'itManagement'); + ('VnUser', 'preview', '*', 'ALLOW', 'ROLE', 'employee'); diff --git a/modules/account/front/create/index.html b/modules/account/front/create/index.html index f373cc468..acc07d346 100644 --- a/modules/account/front/create/index.html +++ b/modules/account/front/create/index.html @@ -1,6 +1,6 @@ From 81a8f383aac44a94cb488015bc1e91bf22915cfb Mon Sep 17 00:00:00 2001 From: vicent Date: Tue, 30 May 2023 10:00:05 +0200 Subject: [PATCH 25/30] refs #5468 feat: no depender del modulo worker --- db/changes/232201/00-aclAccount.sql | 3 +- db/changes/232201/00-aclMailAliasAccount.sql | 3 +- db/changes/232201/00-aclMailForward.sql | 3 +- .../back/methods/account/add-mail-alias.js | 34 ----------------- .../methods/account/change-mail-forwarding.js | 38 ------------------- .../back/methods/account/delete-mail-alias.js | 29 -------------- .../account/specs/add-mail-alias.spec.js | 26 ------------- .../specs/change-mail-forwarding.spec.js | 35 ----------------- .../account/specs/delete-mail-alias.spec.js | 24 ------------ modules/account/front/aliases/index.html | 10 +++-- modules/account/front/aliases/index.js | 15 +------- modules/account/front/aliases/index.spec.js | 5 +-- .../account/front/mail-forwarding/index.html | 6 +-- .../account/front/mail-forwarding/index.js | 15 +------- 14 files changed, 19 insertions(+), 227 deletions(-) delete mode 100644 modules/account/back/methods/account/add-mail-alias.js delete mode 100644 modules/account/back/methods/account/change-mail-forwarding.js delete mode 100644 modules/account/back/methods/account/delete-mail-alias.js delete mode 100644 modules/account/back/methods/account/specs/add-mail-alias.spec.js delete mode 100644 modules/account/back/methods/account/specs/change-mail-forwarding.spec.js delete mode 100644 modules/account/back/methods/account/specs/delete-mail-alias.spec.js diff --git a/db/changes/232201/00-aclAccount.sql b/db/changes/232201/00-aclAccount.sql index 1d5e1b2b3..bf8106b98 100644 --- a/db/changes/232201/00-aclAccount.sql +++ b/db/changes/232201/00-aclAccount.sql @@ -5,5 +5,4 @@ DELETE INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) VALUES ('Account', '*', 'WRITE', 'ALLOW', 'ROLE', 'sysadmin'), - ('Account', '*', 'READ', 'ALLOW', 'ROLE', 'employee'), - ('Account', 'changeMailForwarding', 'WRITE', 'ALLOW', 'ROLE', 'employee'); + ('Account', '*', 'READ', 'ALLOW', 'ROLE', 'employee'); diff --git a/db/changes/232201/00-aclMailAliasAccount.sql b/db/changes/232201/00-aclMailAliasAccount.sql index c0f3a8829..619e9bb6e 100644 --- a/db/changes/232201/00-aclMailAliasAccount.sql +++ b/db/changes/232201/00-aclMailAliasAccount.sql @@ -1,4 +1,5 @@ DELETE FROM `salix`.`ACL` WHERE model = 'MailAliasAccount'; INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`) VALUES - ('MailAliasAccount', '*', 'READ', 'ALLOW', 'ROLE', 'employee'); + ('MailAliasAccount', '*', 'READ', 'ALLOW', 'ROLE', 'employee'), + ('MailAliasAccount', '*', 'WRITE', 'ALLOW', 'ROLE', 'itManagement'); diff --git a/db/changes/232201/00-aclMailForward.sql b/db/changes/232201/00-aclMailForward.sql index 0378a95f9..afe2acec8 100644 --- a/db/changes/232201/00-aclMailForward.sql +++ b/db/changes/232201/00-aclMailForward.sql @@ -1,4 +1,5 @@ DELETE FROM `salix`.`ACL` WHERE model = 'MailForward'; INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`) VALUES - ('MailForward', '*', 'READ', 'ALLOW', 'ROLE', 'employee'); + ('MailForward', '*', 'READ', 'ALLOW', 'ROLE', 'employee'), + ('MailForward', '*', 'WRITE', 'ALLOW', 'ROLE', 'itManagement'); diff --git a/modules/account/back/methods/account/add-mail-alias.js b/modules/account/back/methods/account/add-mail-alias.js deleted file mode 100644 index 814ddaf99..000000000 --- a/modules/account/back/methods/account/add-mail-alias.js +++ /dev/null @@ -1,34 +0,0 @@ - -const UserError = require('vn-loopback/util/user-error'); - -module.exports = Self => { - Self.remoteMethodCtx('addMailAlias', { - description: 'Add a mail alias', - accessType: 'WRITE', - accepts: [{ - arg: 'id', - type: 'number', - description: 'The user id', - http: {source: 'path'} - }, { - arg: 'mailAlias', - type: 'number', - description: 'The mail alias', - required: true - }], - http: { - path: `/:id/addMailAlias`, - verb: 'POST' - } - }); - - Self.addMailAlias = async function(ctx, id, mailAlias) { - const models = Self.app.models; - - const isAuthorized = await models.Worker.isAuthorized(ctx, id); - if (!isAuthorized) - throw new UserError(`You don't have enough privileges`); - - return models.MailAliasAccount.create({mailAlias: mailAlias, account: id}); - }; -}; diff --git a/modules/account/back/methods/account/change-mail-forwarding.js b/modules/account/back/methods/account/change-mail-forwarding.js deleted file mode 100644 index 21dae4624..000000000 --- a/modules/account/back/methods/account/change-mail-forwarding.js +++ /dev/null @@ -1,38 +0,0 @@ - -const UserError = require('vn-loopback/util/user-error'); - -module.exports = Self => { - Self.remoteMethodCtx('changeMailForwarding', { - description: 'Changes the mail forwarding', - accessType: 'WRITE', - accepts: [{ - arg: 'id', - type: 'number', - description: 'The user id', - http: {source: 'path'} - }, { - arg: 'forwardTo', - type: 'string', - description: 'The mail forward' - }], - http: { - path: `/:id/changeMailForwarding`, - verb: 'POST' - } - }); - - Self.changeMailForwarding = async function(ctx, id, forwardTo) { - const models = Self.app.models; - - const isSubordinate = await models.Worker.isSubordinate(ctx, id); - if (!isSubordinate) - throw new UserError(`You don't have enough privileges`); - - if (!forwardTo) return models.MailForward.destroyById(id); - - const mailForward = await models.MailForward.findById(id); - - if (mailForward) return mailForward.updateAttribute('forwardTo', forwardTo); - else return models.MailForward.create({account: id, forwardTo: forwardTo}); - }; -}; diff --git a/modules/account/back/methods/account/delete-mail-alias.js b/modules/account/back/methods/account/delete-mail-alias.js deleted file mode 100644 index 018a1e0b5..000000000 --- a/modules/account/back/methods/account/delete-mail-alias.js +++ /dev/null @@ -1,29 +0,0 @@ - -const UserError = require('vn-loopback/util/user-error'); - -module.exports = Self => { - Self.remoteMethodCtx('deleteMailAlias', { - description: 'Delete a mail alias', - accessType: 'WRITE', - accepts: [{ - arg: 'id', - type: 'number', - description: 'The mail alias account to id', - http: {source: 'path'} - }], - http: { - path: `/:id/deleteMailAlias`, - verb: 'POST' - } - }); - - Self.deleteMailAlias = async function(ctx, id) { - const models = Self.app.models; - - const isAuthorized = await models.Worker.isAuthorized(ctx, id); - if (!isAuthorized) - throw new UserError(`You don't have enough privileges`); - - return models.MailAliasAccount.destroyById(id); - }; -}; diff --git a/modules/account/back/methods/account/specs/add-mail-alias.spec.js b/modules/account/back/methods/account/specs/add-mail-alias.spec.js deleted file mode 100644 index bb59719cd..000000000 --- a/modules/account/back/methods/account/specs/add-mail-alias.spec.js +++ /dev/null @@ -1,26 +0,0 @@ -const {models} = require('vn-loopback/server/server'); - -describe('Account addMailAlias()', () => { - it('should throw an error when the user is not a superior', async() => { - const ctx = {req: {accessToken: {userId: 1}}}; - const employeeId = 1; - - let error; - try { - await models.Account.addMailAlias(ctx, employeeId, 1); - } catch (e) { - error = e.message; - } - - expect(error).toEqual(`You don't have enough privileges`); - }); - - it('should add a mail alias', async() => { - const ctx = {req: {accessToken: {userId: 9}}}; - const employeeId = 1; - - const result = await models.Account.addMailAlias(ctx, employeeId, 2); - - expect(result).toBeDefined(); - }); -}); diff --git a/modules/account/back/methods/account/specs/change-mail-forwarding.spec.js b/modules/account/back/methods/account/specs/change-mail-forwarding.spec.js deleted file mode 100644 index ba1a80806..000000000 --- a/modules/account/back/methods/account/specs/change-mail-forwarding.spec.js +++ /dev/null @@ -1,35 +0,0 @@ -const {models} = require('vn-loopback/server/server'); - -describe('Account changeMailForwarding()', () => { - it('should throw an error when the user is not himself or a superior', async() => { - const ctx = {req: {accessToken: {userId: 1}}}; - const developerId = 9; - - let error; - try { - await models.Account.changeMailForwarding(ctx, developerId, 'alias@test.test'); - } catch (e) { - error = e.message; - } - - expect(error).toEqual(`You don't have enough privileges`); - }); - - it('should change a mail forwarding when the user is himself', async() => { - const ctx = {req: {accessToken: {userId: 1}}}; - const employeeId = 1; - - const result = await models.Account.changeMailForwarding(ctx, employeeId, 'alias@test.test'); - - expect(result).toBeDefined(); - }); - - it('should change a mail forwarding when the user is a superior', async() => { - const ctx = {req: {accessToken: {userId: 9}}}; - const employeeId = 1; - - const result = await models.Account.changeMailForwarding(ctx, employeeId, 'alias@test.test'); - - expect(result).toBeDefined(); - }); -}); diff --git a/modules/account/back/methods/account/specs/delete-mail-alias.spec.js b/modules/account/back/methods/account/specs/delete-mail-alias.spec.js deleted file mode 100644 index fb69fe9c9..000000000 --- a/modules/account/back/methods/account/specs/delete-mail-alias.spec.js +++ /dev/null @@ -1,24 +0,0 @@ -const {models} = require('vn-loopback/server/server'); - -describe('Account deleteMailAlias()', () => { - it('should throw an error when the user is not a superior', async() => { - const ctx = {req: {accessToken: {userId: 1}}}; - - let error; - try { - await models.Account.deleteMailAlias(ctx, 1); - } catch (e) { - error = e.message; - } - - expect(error).toEqual(`You don't have enough privileges`); - }); - - it('should delete a mail alias', async() => { - const ctx = {req: {accessToken: {userId: 9}}}; - - const result = await models.Account.deleteMailAlias(ctx, 1); - - expect(result).toBeDefined(); - }); -}); diff --git a/modules/account/front/aliases/index.html b/modules/account/front/aliases/index.html index 57f7ae968..11d546afb 100644 --- a/modules/account/front/aliases/index.html +++ b/modules/account/front/aliases/index.html @@ -15,10 +15,11 @@ + ng-click="removeConfirm.show(row)" + vn-acl="itManagement" + vn-acl-action="remove"> @@ -27,12 +28,13 @@ + fixed-bottom-right + vn-acl="itManagement" + vn-acl-action="remove"> { - this.isAuthorized = res.data; - }); } refresh() { @@ -34,10 +26,7 @@ export default class Controller extends Section { } onAddSave() { - const params = { - mailAlias: this.addData.mailAlias - }; - return this.$http.post(`Accounts/${this.$params.id}/addMailAlias`, params) + return this.$http.post(`MailAliasAccounts`, this.addData) .then(() => this.refresh()) .then(() => this.vnApp.showSuccess( this.$t('Subscribed to alias!')) @@ -45,7 +34,7 @@ export default class Controller extends Section { } onRemove(row) { - return this.$http.post(`Accounts/${row.id}/deleteMailAlias`) + return this.$http.delete(`MailAliasAccounts/${row.id}`) .then(() => { this.$.data.splice(this.$.data.indexOf(row), 1); this.vnApp.showSuccess(this.$t('Unsubscribed from alias!')); diff --git a/modules/account/front/aliases/index.spec.js b/modules/account/front/aliases/index.spec.js index 53ce9e5d7..466f1e1e9 100644 --- a/modules/account/front/aliases/index.spec.js +++ b/modules/account/front/aliases/index.spec.js @@ -9,7 +9,6 @@ describe('component vnUserAliases', () => { beforeEach(inject(($componentController, _$httpBackend_) => { $httpBackend = _$httpBackend_; controller = $componentController('vnUserAliases', {$element: null}); - controller.$params.id = 1; jest.spyOn(controller.vnApp, 'showSuccess'); })); @@ -27,7 +26,7 @@ describe('component vnUserAliases', () => { it('should add the new row', () => { controller.addData = {account: 1}; - $httpBackend.expectPOST(`Accounts/${controller.$params.id}/addMailAlias`).respond(); + $httpBackend.expectPOST('MailAliasAccounts').respond(); $httpBackend.expectGET('MailAliasAccounts').respond('foo'); controller.onAddSave(); $httpBackend.flush(); @@ -43,7 +42,7 @@ describe('component vnUserAliases', () => { {id: 2, alias: 'bar'} ]; - $httpBackend.expectPOST(`Accounts/${controller.$params.id}/deleteMailAlias`).respond(); + $httpBackend.expectDELETE('MailAliasAccounts/1').respond(); controller.onRemove(controller.$.data[0]); $httpBackend.flush(); diff --git a/modules/account/front/mail-forwarding/index.html b/modules/account/front/mail-forwarding/index.html index e2f5ff86a..df5cd80bf 100644 --- a/modules/account/front/mail-forwarding/index.html +++ b/modules/account/front/mail-forwarding/index.html @@ -4,12 +4,12 @@ url="MailForwards" id-field="account" id-value="$ctrl.$params.id" - data="$ctrl.data" + data="data" form="form"> @@ -20,7 +20,7 @@ diff --git a/modules/account/front/mail-forwarding/index.js b/modules/account/front/mail-forwarding/index.js index 0b7b40cb9..5118e8eab 100644 --- a/modules/account/front/mail-forwarding/index.js +++ b/modules/account/front/mail-forwarding/index.js @@ -1,20 +1,7 @@ import ngModule from '../module'; import Section from 'salix/components/section'; -import UserError from 'core/lib/user-error'; -export default class Controller extends Section { - onSubmit() { - const query = `Accounts/${this.$params.id}/changeMailForwarding`; - const params = { - forwardTo: this.data?.forwardTo || undefined - }; - this.$http.post(query, params) - .then(() => { - this.$.watcher.notifySaved(); - this.$.watcher.updateOriginalData(); - }); - } -} +export default class Controller extends Section {} ngModule.component('vnUserMailForwarding', { template: require('./index.html'), From 7d59c6ec0cace310060c4e0e466dee02cd4b3a2d Mon Sep 17 00:00:00 2001 From: vicent Date: Tue, 30 May 2023 10:07:17 +0200 Subject: [PATCH 26/30] =?UTF-8?q?refs=20#5468=20feat:=20eliminado=20acl=20?= =?UTF-8?q?nativo=20y=20a=C3=B1adido=20a=20salix.ACL?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- back/models/vn-user.js | 2 +- db/changes/232201/00-aclVnUser.sql | 3 ++- modules/account/back/models/account.js | 3 --- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/back/models/vn-user.js b/back/models/vn-user.js index 978227966..cd45c92e2 100644 --- a/back/models/vn-user.js +++ b/back/models/vn-user.js @@ -11,7 +11,7 @@ module.exports = function(Self) { require('../methods/vn-user/validate-token')(Self); require('../methods/vn-user/privileges')(Self); - Self.definition.settings.acls.find(acl => acl.property == 'create').principalId = 'itManagement'; + Self.definition.settings.acls = Self.definition.settings.acls.filter(acl => acl.property !== 'create'); // Validations diff --git a/db/changes/232201/00-aclVnUser.sql b/db/changes/232201/00-aclVnUser.sql index 1a63ed964..39fa2cb14 100644 --- a/db/changes/232201/00-aclVnUser.sql +++ b/db/changes/232201/00-aclVnUser.sql @@ -6,4 +6,5 @@ INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalTyp VALUES ('VnUser', '*', '*', 'ALLOW', 'ROLE', 'itManagement'), ('VnUser', '__get__preview', 'READ', 'ALLOW', 'ROLE', 'employee'), - ('VnUser', 'preview', '*', 'ALLOW', 'ROLE', 'employee'); + ('VnUser', 'preview', '*', 'ALLOW', 'ROLE', 'employee'), + ('VnUser', 'create', '*', 'ALLOW', 'ROLE', 'itManagement'); diff --git a/modules/account/back/models/account.js b/modules/account/back/models/account.js index e44d10547..5021a5d94 100644 --- a/modules/account/back/models/account.js +++ b/modules/account/back/models/account.js @@ -7,7 +7,4 @@ module.exports = Self => { require('../methods/account/logout')(Self); require('../methods/account/change-password')(Self); require('../methods/account/set-password')(Self); - require('../methods/account/change-mail-forwarding')(Self); - require('../methods/account/add-mail-alias')(Self); - require('../methods/account/delete-mail-alias')(Self); }; From 20cb1ea82118af0d49ab889a5fa795c4cfa47894 Mon Sep 17 00:00:00 2001 From: vicent Date: Tue, 30 May 2023 10:20:49 +0200 Subject: [PATCH 27/30] refs #5468 fix: te2e --- e2e/helpers/selectors.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/helpers/selectors.js b/e2e/helpers/selectors.js index cc7691eb5..dcd9211f9 100644 --- a/e2e/helpers/selectors.js +++ b/e2e/helpers/selectors.js @@ -104,7 +104,7 @@ export default { }, accountMailForwarding: { mailForwardingCheckbox: 'vn-user-mail-forwarding vn-check[ng-model="watcher.hasData"]', - email: 'vn-user-mail-forwarding vn-textfield[ng-model="$ctrl.data.forwardTo"]', + email: 'vn-user-mail-forwarding vn-textfield[ng-model="data.forwardTo"]', save: 'vn-user-mail-forwarding vn-submit' }, accountAcl: { From 4f9dae3522f76daed49f9311762ae540f02552c1 Mon Sep 17 00:00:00 2001 From: vicent Date: Tue, 30 May 2023 11:52:04 +0200 Subject: [PATCH 28/30] refs #5468 fix: no muestra el id de contrato en worker/calendar --- modules/worker/front/calendar/index.html | 1 + modules/worker/front/calendar/index.js | 8 +++----- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/modules/worker/front/calendar/index.html b/modules/worker/front/calendar/index.html index c9eacbd82..29540081e 100644 --- a/modules/worker/front/calendar/index.html +++ b/modules/worker/front/calendar/index.html @@ -63,6 +63,7 @@ ng-model="$ctrl.businessId" search-function="{businessFk: $search}" value-field="businessFk" + show-field="businessFk" order="businessFk DESC" limit="5"> diff --git a/modules/worker/front/calendar/index.js b/modules/worker/front/calendar/index.js index 4ca0fc929..a492e8306 100644 --- a/modules/worker/front/calendar/index.js +++ b/modules/worker/front/calendar/index.js @@ -71,10 +71,6 @@ class Controller extends Section { } } - get payedHolidays() { - return this._businessId; - } - buildYearFilter() { const now = Date.vnNew(); now.setFullYear(now.getFullYear() + 1); @@ -96,8 +92,10 @@ class Controller extends Section { getActiveContract() { this.$http.get(`Workers/${this.worker.id}/activeContract`).then(res => { - if (res.data) + if (res.data) { this.businessId = res.data.businessFk; + console.log(this.businessId); + } }); } From 0ab23477d1cbafe2f5c01c87ebb532a0e9c87fe7 Mon Sep 17 00:00:00 2001 From: vicent Date: Thu, 8 Jun 2023 13:13:55 +0200 Subject: [PATCH 29/30] refs #5468 move sql changes --- db/changes/{232201 => 232601}/00-aclAccount.sql | 0 db/changes/{232201 => 232601}/00-aclMailAliasAccount.sql | 0 db/changes/{232201 => 232601}/00-aclMailForward.sql | 0 db/changes/{232201 => 232601}/00-aclRole.sql | 0 db/changes/{232201 => 232601}/00-aclVnUser.sql | 0 5 files changed, 0 insertions(+), 0 deletions(-) rename db/changes/{232201 => 232601}/00-aclAccount.sql (100%) rename db/changes/{232201 => 232601}/00-aclMailAliasAccount.sql (100%) rename db/changes/{232201 => 232601}/00-aclMailForward.sql (100%) rename db/changes/{232201 => 232601}/00-aclRole.sql (100%) rename db/changes/{232201 => 232601}/00-aclVnUser.sql (100%) diff --git a/db/changes/232201/00-aclAccount.sql b/db/changes/232601/00-aclAccount.sql similarity index 100% rename from db/changes/232201/00-aclAccount.sql rename to db/changes/232601/00-aclAccount.sql diff --git a/db/changes/232201/00-aclMailAliasAccount.sql b/db/changes/232601/00-aclMailAliasAccount.sql similarity index 100% rename from db/changes/232201/00-aclMailAliasAccount.sql rename to db/changes/232601/00-aclMailAliasAccount.sql diff --git a/db/changes/232201/00-aclMailForward.sql b/db/changes/232601/00-aclMailForward.sql similarity index 100% rename from db/changes/232201/00-aclMailForward.sql rename to db/changes/232601/00-aclMailForward.sql diff --git a/db/changes/232201/00-aclRole.sql b/db/changes/232601/00-aclRole.sql similarity index 100% rename from db/changes/232201/00-aclRole.sql rename to db/changes/232601/00-aclRole.sql diff --git a/db/changes/232201/00-aclVnUser.sql b/db/changes/232601/00-aclVnUser.sql similarity index 100% rename from db/changes/232201/00-aclVnUser.sql rename to db/changes/232601/00-aclVnUser.sql From 6f3c28c4a4d0922bf426455622bf8aec8c3527c4 Mon Sep 17 00:00:00 2001 From: vicent Date: Tue, 13 Jun 2023 07:34:41 +0200 Subject: [PATCH 30/30] =?UTF-8?q?refs=20#5468=20refactor:=20eliminado=20c?= =?UTF-8?q?=C3=B3digo=20obsoleto?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/account/front/privileges/index.js | 4 ---- modules/worker/front/calendar/index.js | 10 ++++------ 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/modules/account/front/privileges/index.js b/modules/account/front/privileges/index.js index 017d878de..f69428666 100644 --- a/modules/account/front/privileges/index.js +++ b/modules/account/front/privileges/index.js @@ -10,10 +10,6 @@ export default class Controller extends Section { this._user = value; if (!value) return; } - - get isHr() { - return this.aclService.hasAny(['hr']); - } } ngModule.component('vnUserPrivileges', { diff --git a/modules/worker/front/calendar/index.js b/modules/worker/front/calendar/index.js index a492e8306..a52ecd7da 100644 --- a/modules/worker/front/calendar/index.js +++ b/modules/worker/front/calendar/index.js @@ -91,12 +91,10 @@ class Controller extends Section { } getActiveContract() { - this.$http.get(`Workers/${this.worker.id}/activeContract`).then(res => { - if (res.data) { - this.businessId = res.data.businessFk; - console.log(this.businessId); - } - }); + this.$http.get(`Workers/${this.worker.id}/activeContract`) + .then(res => { + if (res.data) this.businessId = res.data.businessFk; + }); } getContractHolidays() {