Merge pull request '4797-lilium-worker-notifications' (!1229) from 4797-lilium-worker-notifications into dev
gitea/salix/pipeline/head This commit looks good
Details
gitea/salix/pipeline/head This commit looks good
Details
Reviewed-on: #1229 Reviewed-by: Alex Moreno <alexm@verdnatura.es> Reviewed-by: Joan Sanchez <joan@verdnatura.es>
This commit is contained in:
commit
6807d8d5b1
|
|
@ -6,6 +6,16 @@
|
|||
"table": "util.notificationAcl"
|
||||
}
|
||||
},
|
||||
"properties":{
|
||||
"notificationFk": {
|
||||
"id": true,
|
||||
"type": "number"
|
||||
},
|
||||
"roleFk":{
|
||||
"id": true,
|
||||
"type": "number"
|
||||
}
|
||||
},
|
||||
"relations": {
|
||||
"notification": {
|
||||
"type": "belongsTo",
|
||||
|
|
|
|||
|
|
@ -0,0 +1,62 @@
|
|||
const UserError = require('vn-loopback/util/user-error');
|
||||
|
||||
module.exports = Self => {
|
||||
Self.observe('before save', async function(ctx) {
|
||||
const models = Self.app.models;
|
||||
const userId = ctx.options.accessToken.userId;
|
||||
const user = await ctx.instance.userFk;
|
||||
const modifiedUser = await getUserToModify(null, user, models);
|
||||
|
||||
if (userId != modifiedUser.id && userId != modifiedUser.bossFk)
|
||||
throw new UserError('You dont have permission to modify this user');
|
||||
});
|
||||
|
||||
Self.remoteMethod('deleteNotification', {
|
||||
description: 'Deletes a notification subscription',
|
||||
accepts: [
|
||||
{
|
||||
arg: 'ctx',
|
||||
type: 'object',
|
||||
http: {source: 'context'}
|
||||
},
|
||||
{
|
||||
arg: 'notificationId',
|
||||
type: 'number',
|
||||
required: true
|
||||
},
|
||||
],
|
||||
returns: {
|
||||
type: 'object',
|
||||
root: true
|
||||
},
|
||||
http: {
|
||||
verb: 'POST',
|
||||
path: '/deleteNotification'
|
||||
}
|
||||
});
|
||||
|
||||
Self.deleteNotification = async function(ctx, notificationId) {
|
||||
const models = Self.app.models;
|
||||
const user = ctx.req.accessToken.userId;
|
||||
const modifiedUser = await getUserToModify(notificationId, null, models);
|
||||
|
||||
if (user != modifiedUser.id && user != modifiedUser.bossFk)
|
||||
throw new UserError('You dont have permission to modify this user');
|
||||
|
||||
await models.NotificationSubscription.destroyById(notificationId);
|
||||
};
|
||||
|
||||
async function getUserToModify(notificationId, userFk, models) {
|
||||
let userToModify = userFk;
|
||||
if (notificationId) {
|
||||
const subscription = await models.NotificationSubscription.findById(notificationId);
|
||||
userToModify = subscription.userFk;
|
||||
}
|
||||
return await models.Worker.findOne({
|
||||
fields: ['id', 'bossFk'],
|
||||
where: {
|
||||
id: userToModify
|
||||
}
|
||||
});
|
||||
}
|
||||
};
|
||||
|
|
@ -7,15 +7,18 @@
|
|||
}
|
||||
},
|
||||
"properties": {
|
||||
"notificationFk": {
|
||||
"id": {
|
||||
"type": "number",
|
||||
"id": true,
|
||||
"description": "Identifier"
|
||||
"description": "Primary key"
|
||||
},
|
||||
"notificationFk": {
|
||||
"type": "number",
|
||||
"description": "Foreign key to Notification"
|
||||
},
|
||||
"userFk": {
|
||||
"type": "number",
|
||||
"id": true,
|
||||
"description": "Identifier"
|
||||
"description": "Foreign key to Account"
|
||||
}
|
||||
},
|
||||
"relations": {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,74 @@
|
|||
const models = require('vn-loopback/server/server').models;
|
||||
|
||||
describe('loopback model NotificationSubscription', () => {
|
||||
it('Should fail to delete a notification if the user is not editing itself or a subordinate', async() => {
|
||||
const tx = await models.NotificationSubscription.beginTransaction({});
|
||||
|
||||
try {
|
||||
const options = {transaction: tx};
|
||||
const user = 9;
|
||||
const notificationSubscriptionId = 2;
|
||||
const ctx = {req: {accessToken: {userId: user}}};
|
||||
const notification = await models.NotificationSubscription.findById(notificationSubscriptionId);
|
||||
|
||||
let error;
|
||||
|
||||
try {
|
||||
await models.NotificationSubscription.deleteNotification(ctx, notification.id, options);
|
||||
} catch (e) {
|
||||
error = e;
|
||||
}
|
||||
|
||||
expect(error.message).toContain('You dont have permission to modify this user');
|
||||
await tx.rollback();
|
||||
} catch (e) {
|
||||
await tx.rollback();
|
||||
throw e;
|
||||
}
|
||||
});
|
||||
|
||||
it('Should delete a notification if the user is editing itself', async() => {
|
||||
const tx = await models.NotificationSubscription.beginTransaction({});
|
||||
|
||||
try {
|
||||
const options = {transaction: tx};
|
||||
const user = 9;
|
||||
const notificationSubscriptionId = 4;
|
||||
const ctx = {req: {accessToken: {userId: user}}};
|
||||
const notification = await models.NotificationSubscription.findById(notificationSubscriptionId);
|
||||
|
||||
await models.NotificationSubscription.deleteNotification(ctx, notification.id, options);
|
||||
|
||||
const deletedNotification = await models.NotificationSubscription.findById(notificationSubscriptionId);
|
||||
|
||||
expect(deletedNotification).toBeNull();
|
||||
await tx.rollback();
|
||||
} catch (e) {
|
||||
await tx.rollback();
|
||||
throw e;
|
||||
}
|
||||
});
|
||||
|
||||
it('Should delete a notification if the user is editing a subordinate', async() => {
|
||||
const tx = await models.NotificationSubscription.beginTransaction({});
|
||||
|
||||
try {
|
||||
const options = {transaction: tx};
|
||||
const user = 9;
|
||||
const notificationSubscriptionId = 5;
|
||||
const ctx = {req: {accessToken: {userId: user}}};
|
||||
const notification = await models.NotificationSubscription.findById(notificationSubscriptionId);
|
||||
|
||||
await models.NotificationSubscription.deleteNotification(ctx, notification.id, options);
|
||||
|
||||
const deletedNotification = await models.NotificationSubscription.findById(notificationSubscriptionId);
|
||||
|
||||
expect(deletedNotification).toBeNull();
|
||||
await tx.rollback();
|
||||
} catch (e) {
|
||||
await tx.rollback();
|
||||
throw e;
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
INSERT INTO `salix`.`ACL` (model,property,accessType,principalId)
|
||||
VALUES
|
||||
('NotificationSubscription','*','*','employee'),
|
||||
('NotificationAcl','*','READ','employee');
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
ALTER TABLE
|
||||
`util`.`notificationSubscription`
|
||||
ADD
|
||||
CONSTRAINT `notificationSubscription_UN` UNIQUE KEY (`notificationFk`, `userFk`);
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
ALTER TABLE `util`.`notificationSubscription`
|
||||
ADD `id` int(11) auto_increment NULL,
|
||||
DROP PRIMARY KEY,
|
||||
ADD CONSTRAINT PRIMARY KEY (`id`);
|
||||
|
||||
ALTER TABLE `util`.`notificationSubscription`
|
||||
ADD KEY `notificationSubscription_ibfk_1` (`notificationFk`);
|
||||
|
|
@ -1954,10 +1954,6 @@ INSERT INTO `vn`.`workerBusinessType` (`id`, `name`, `isFullTime`, `isPermanent`
|
|||
(100, 'INDEFINIDO A TIEMPO COMPLETO', 1, 1, 1),
|
||||
(109, 'CONVERSION DE TEMPORAL EN INDEFINIDO T.COMPLETO', 1, 1, 1);
|
||||
|
||||
INSERT INTO `vn`.`businessCategory` (`id`, `description`, `rate`)
|
||||
VALUES
|
||||
(1, 'basic employee', 1);
|
||||
|
||||
UPDATE `vn`.`business` b
|
||||
SET `rate` = 7,
|
||||
`workerBusinessCategoryFk` = 1,
|
||||
|
|
@ -2705,7 +2701,10 @@ INSERT INTO `util`.`notificationSubscription` (`notificationFk`, `userFk`)
|
|||
VALUES
|
||||
(1, 1109),
|
||||
(1, 1110),
|
||||
(3, 1109);
|
||||
(3, 1109),
|
||||
(1,9),
|
||||
(1,3);
|
||||
|
||||
|
||||
INSERT INTO `vn`.`routeConfig` (`id`, `defaultWorkCenterFk`)
|
||||
VALUES
|
||||
|
|
|
|||
Loading…
Reference in New Issue