feat(user): add section privileges and remove changeRole in descriptor
gitea/salix/pipeline/head This commit looks good Details

test(user):back and e2e
This commit is contained in:
Alex Moreno 2022-10-03 15:11:29 +02:00
parent ae2bc91cb5
commit 7a690dd880
17 changed files with 324 additions and 77 deletions

View File

@ -0,0 +1,58 @@
const UserError = require('vn-loopback/util/user-error');
module.exports = Self => {
Self.remoteMethodCtx('privileges', {
description: 'Change role and hasGrant if user has privileges',
accepts: [
{
arg: 'id',
type: 'number',
required: true,
description: 'The user id',
http: {source: 'path'}
},
{
arg: 'roleFk',
type: 'number',
description: 'The new role for user',
},
{
arg: 'hasGrant',
type: 'boolean',
description: 'Whether to has grant'
}
],
http: {
path: `/:id/privileges`,
verb: 'POST'
}
});
Self.privileges = async function(ctx, id, roleFk, hasGrant, options) {
const models = Self.app.models;
const userId = ctx.req.accessToken.userId;
const myOptions = {};
if (typeof options == 'object')
Object.assign(myOptions, options);
const user = await models.Account.findById(userId, null, myOptions);
if (!user.hasGrant)
throw new UserError(`You don't have enough privileges`);
const userToUpdate = await models.Account.findById(id);
if (hasGrant != null)
return await userToUpdate.updateAttribute('hasGrant', hasGrant, myOptions);
if (!roleFk) return;
const role = await models.Role.findById(roleFk, null, myOptions);
const hasRole = await models.Account.hasRole(userId, role.name, myOptions);
if (!hasRole)
throw new UserError(`You don't have enough privileges`);
await userToUpdate.updateAttribute('roleFk', roleFk, myOptions);
};
};

View File

@ -0,0 +1,99 @@
const models = require('vn-loopback/server/server').models;
describe('account privileges()', () => {
const employeeId = 1;
const developerId = 9;
const sysadminId = 66;
const bruceWayneId = 1101;
it('should throw an error when user not has privileges', async() => {
const ctx = {req: {accessToken: {userId: developerId}}};
const tx = await models.Account.beginTransaction({});
let error;
try {
const options = {transaction: tx};
await models.Account.privileges(ctx, employeeId, null, true, options);
await tx.rollback();
} catch (e) {
error = e;
await tx.rollback();
}
expect(error.message).toContain(`You don't have enough privileges`);
});
it('should throw an error when user has privileges but not has the role', async() => {
const ctx = {req: {accessToken: {userId: sysadminId}}};
const tx = await models.Account.beginTransaction({});
let error;
try {
const options = {transaction: tx};
const root = await models.Role.findOne({
where: {
name: 'root'
}
}, options);
await models.Account.privileges(ctx, employeeId, root.id, null, options);
await tx.rollback();
} catch (e) {
error = e;
await tx.rollback();
}
expect(error.message).toContain(`You don't have enough privileges`);
});
it('should change role', async() => {
const ctx = {req: {accessToken: {userId: sysadminId}}};
const tx = await models.Account.beginTransaction({});
const options = {transaction: tx};
const agency = await models.Role.findOne({
where: {
name: 'agency'
}
}, options);
let error;
let result;
try {
await models.Account.privileges(ctx, bruceWayneId, agency.id, null, options);
result = await models.Account.findById(bruceWayneId, null, options);
await tx.rollback();
} catch (e) {
error = e;
await tx.rollback();
}
expect(error).not.toBeDefined();
expect(result.roleFk).toEqual(agency.id);
});
it('should change hasGrant', async() => {
const ctx = {req: {accessToken: {userId: sysadminId}}};
const tx = await models.Account.beginTransaction({});
let error;
let result;
try {
const options = {transaction: tx};
await models.Account.privileges(ctx, bruceWayneId, null, true, options);
result = await models.Account.findById(bruceWayneId, null, options);
await tx.rollback();
} catch (e) {
error = e;
await tx.rollback();
}
expect(error).not.toBeDefined();
expect(result.hasGrant).toBeTruthy();
});
});

View File

@ -7,6 +7,7 @@ module.exports = Self => {
require('../methods/account/change-password')(Self); require('../methods/account/change-password')(Self);
require('../methods/account/set-password')(Self); require('../methods/account/set-password')(Self);
require('../methods/account/validate-token')(Self); require('../methods/account/validate-token')(Self);
require('../methods/account/privileges')(Self);
// Validations // Validations
@ -77,7 +78,7 @@ module.exports = Self => {
`SELECT r.name `SELECT r.name
FROM account.user u FROM account.user u
JOIN account.roleRole rr ON rr.role = u.role JOIN account.roleRole rr ON rr.role = u.role
JOIN account.role r ON r.id = rr.inheritsFrom JOIN account.role r ON r.id = rr.inheritsFrom
WHERE u.id = ?`, [userId], options); WHERE u.id = ?`, [userId], options);
let roles = []; let roles = [];

View File

@ -48,6 +48,9 @@
}, },
"image": { "image": {
"type": "string" "type": "string"
},
"hasGrant": {
"type": "boolean"
} }
}, },
"relations": { "relations": {

View File

@ -0,0 +1 @@
ALTER TABLE `account`.`user` ADD hasGrant TINYINT(1) NOT NULL;

View File

@ -2651,3 +2651,7 @@ INSERT INTO `vn`.`collection` (`id`, `created`, `workerFk`, `stateFk`, `itemPack
INSERT INTO `vn`.`ticketCollection` (`ticketFk`, `collectionFk`, `created`, `level`, `wagon`, `smartTagFk`, `usedShelves`, `itemCount`, `liters`) INSERT INTO `vn`.`ticketCollection` (`ticketFk`, `collectionFk`, `created`, `level`, `wagon`, `smartTagFk`, `usedShelves`, `itemCount`, `liters`)
VALUES VALUES
(9, 3, util.VN_NOW(), NULL, 0, NULL, NULL, NULL, NULL); (9, 3, util.VN_NOW(), NULL, 0, NULL, NULL, NULL, NULL);
UPDATE `account`.`user`
SET `hasGrant` = 1
WHERE `id` = 66;

View File

@ -51,14 +51,12 @@ export default {
accountDescriptor: { accountDescriptor: {
menuButton: 'vn-user-descriptor vn-icon-button[icon="more_vert"]', menuButton: 'vn-user-descriptor vn-icon-button[icon="more_vert"]',
deleteAccount: '.vn-menu [name="deleteUser"]', deleteAccount: '.vn-menu [name="deleteUser"]',
changeRole: '.vn-menu [name="changeRole"]',
setPassword: '.vn-menu [name="setPassword"]', setPassword: '.vn-menu [name="setPassword"]',
activateAccount: '.vn-menu [name="enableAccount"]', activateAccount: '.vn-menu [name="enableAccount"]',
activateUser: '.vn-menu [name="activateUser"]', activateUser: '.vn-menu [name="activateUser"]',
deactivateUser: '.vn-menu [name="deactivateUser"]', deactivateUser: '.vn-menu [name="deactivateUser"]',
newPassword: 'vn-textfield[ng-model="$ctrl.newPassword"]', newPassword: 'vn-textfield[ng-model="$ctrl.newPassword"]',
repeatPassword: 'vn-textfield[ng-model="$ctrl.repeatPassword"]', repeatPassword: 'vn-textfield[ng-model="$ctrl.repeatPassword"]',
newRole: 'vn-autocomplete[ng-model="$ctrl.newRole"]',
activeAccountIcon: 'vn-icon[icon="contact_mail"]', activeAccountIcon: 'vn-icon[icon="contact_mail"]',
activeUserIcon: 'vn-icon[icon="icon-disabled"]', activeUserIcon: 'vn-icon[icon="icon-disabled"]',
acceptButton: 'button[response="accept"]', acceptButton: 'button[response="accept"]',
@ -143,6 +141,11 @@ export default {
verifyCert: 'vn-account-samba vn-check[ng-model="$ctrl.config.verifyCert"]', verifyCert: 'vn-account-samba vn-check[ng-model="$ctrl.config.verifyCert"]',
save: 'vn-account-samba vn-submit' save: 'vn-account-samba vn-submit'
}, },
accountPrivileges: {
checkHasGrant: 'vn-user-privileges vn-check[ng-model="$ctrl.user.hasGrant"]',
role: 'vn-user-privileges vn-autocomplete[ng-model="$ctrl.user.roleFk"]',
save: 'vn-user-privileges vn-submit'
},
clientsIndex: { clientsIndex: {
createClientButton: `vn-float-button` createClientButton: `vn-float-button`
}, },

View File

@ -62,27 +62,6 @@ describe('Account create and basic data path', () => {
}); });
describe('Descriptor option', () => { describe('Descriptor option', () => {
describe('Edit role', () => {
it('should edit the role using the descriptor menu', async() => {
await page.waitToClick(selectors.accountDescriptor.menuButton);
await page.waitToClick(selectors.accountDescriptor.changeRole);
await page.autocompleteSearch(selectors.accountDescriptor.newRole, 'adminBoss');
await page.waitToClick(selectors.accountDescriptor.acceptButton);
const message = await page.waitForSnackbar();
expect(message.text).toContain('Role changed succesfully!');
});
it('should reload the roles section to see now there are more roles', async() => {
// when role updates db takes time to return changes, without this timeout the result would have been 3
await page.waitForTimeout(1000);
await page.reloadSection('account.card.roles');
const rolesCount = await page.countElement(selectors.accountRoles.anyResult);
expect(rolesCount).toEqual(61);
});
});
describe('activate account', () => { describe('activate account', () => {
it(`should check the active account icon isn't present in the descriptor`, async() => { it(`should check the active account icon isn't present in the descriptor`, async() => {
await page.waitForNumberOfElements(selectors.accountDescriptor.activeAccountIcon, 0); await page.waitForNumberOfElements(selectors.accountDescriptor.activeAccountIcon, 0);

View File

@ -0,0 +1,86 @@
import selectors from '../../helpers/selectors.js';
import getBrowser from '../../helpers/puppeteer';
describe('Account privileges path', () => {
let browser;
let page;
beforeAll(async() => {
browser = await getBrowser();
page = browser.page;
await page.loginAndModule('developer', 'account');
await page.accessToSearchResult('1101');
await page.accessToSection('account.card.privileges');
});
afterAll(async() => {
await browser.close();
});
describe('as developer', () => {
it('should throw error when give privileges', async() => {
await page.waitToClick(selectors.accountPrivileges.checkHasGrant);
await page.waitToClick(selectors.accountPrivileges.save);
const message = await page.waitForSnackbar();
expect(message.text).toContain(`You don't have enough privileges`);
});
it('should throw error when change role', async() => {
await page.autocompleteSearch(selectors.accountPrivileges.role, 'employee');
await page.waitToClick(selectors.accountPrivileges.save);
const message = await page.waitForSnackbar();
expect(message.text).toContain(`You don't have enough privileges`);
});
});
describe('as sysadmin', () => {
beforeAll(async() => {
await page.loginAndModule('sysadmin', 'account');
await page.accessToSearchResult('9');
await page.accessToSection('account.card.privileges');
});
it('should give privileges', async() => {
await page.waitToClick(selectors.accountPrivileges.checkHasGrant);
await page.waitToClick(selectors.accountPrivileges.save);
const message = await page.waitForSnackbar();
await page.reloadSection('account.card.privileges');
const result = await page.checkboxState(selectors.accountPrivileges.checkHasGrant);
expect(message.text).toContain(`Data saved!`);
expect(result).toBe('checked');
});
it('should change role', async() => {
await page.autocompleteSearch(selectors.accountPrivileges.role, 'employee');
await page.waitToClick(selectors.accountPrivileges.save);
const message = await page.waitForSnackbar();
await page.reloadSection('account.card.privileges');
const result = await page.waitToGetProperty(selectors.accountPrivileges.role, 'value');
expect(message.text).toContain(`Data saved!`);
expect(result).toContain('employee');
});
});
describe('as developer again', () => {
it('should remove privileges', async() => {
await page.accessToSearchResult('9');
await page.accessToSection('account.card.privileges');
await page.waitToClick(selectors.accountPrivileges.checkHasGrant);
await page.waitToClick(selectors.accountPrivileges.save);
await page.reloadSection('account.card.privileges');
const result = await page.checkboxState(selectors.accountPrivileges.checkHasGrant);
expect(result).toBe('unchecked');
});
});
});

View File

@ -11,14 +11,6 @@
translate> translate>
Delete Delete
</vn-item> </vn-item>
<vn-item
ng-click="$ctrl.onChangeRole()"
name="changeRole"
vn-acl="hr"
vn-acl-action="remove"
translate>
Change role
</vn-item>
<vn-item <vn-item
ng-if="::$root.user.id == $ctrl.id" ng-if="::$root.user.id == $ctrl.id"
ng-click="$ctrl.onChangePassClick(true)" ng-click="$ctrl.onChangePassClick(true)"
@ -79,7 +71,7 @@
label="User" label="User"
value="{{$ctrl.user.name}}"> value="{{$ctrl.user.name}}">
</vn-label-value> </vn-label-value>
<vn-label-value <vn-label-value
label="Role" label="Role"
value="{{$ctrl.user.role.name}}"> value="{{$ctrl.user.role.name}}">
</vn-label-value> </vn-label-value>
@ -128,22 +120,6 @@
question="Are you sure you want to continue?" question="Are you sure you want to continue?"
message="User will be deactivated"> message="User will be deactivated">
</vn-confirm> </vn-confirm>
<vn-dialog
vn-id="changeRole"
on-accept="$ctrl.onChangeRoleAccept()">
<tpl-body>
<vn-autocomplete
label="Role"
ng-model="$ctrl.newRole"
url="Roles"
vn-focus>
</vn-autocomplete>
</tpl-body>
<tpl-buttons>
<input type="button" response="cancel" translate-attr="{value: 'Cancel'}"/>
<button response="accept" translate>Accept</button>
</tpl-buttons>
</vn-dialog>
<vn-dialog <vn-dialog
vn-id="changePass" vn-id="changePass"
on-accept="$ctrl.onPassChange()" on-accept="$ctrl.onPassChange()"
@ -176,4 +152,4 @@
</vn-dialog> </vn-dialog>
<vn-popup vn-id="summary"> <vn-popup vn-id="summary">
<vn-user-summary user="$ctrl.user"></vn-user-summary> <vn-user-summary user="$ctrl.user"></vn-user-summary>
</vn-popup> </vn-popup>

View File

@ -30,20 +30,6 @@ class Controller extends Descriptor {
.then(() => this.vnApp.showSuccess(this.$t('User removed'))); .then(() => this.vnApp.showSuccess(this.$t('User removed')));
} }
onChangeRole() {
this.newRole = this.user.role.id;
this.$.changeRole.show();
}
onChangeRoleAccept() {
const params = {roleFk: this.newRole};
return this.$http.patch(`Accounts/${this.id}`, params)
.then(() => {
this.emit('change');
this.vnApp.showSuccess(this.$t('Role changed succesfully!'));
});
}
onChangePassClick(askOldPass) { onChangePassClick(askOldPass) {
this.$http.get('UserPasswords/findOne') this.$http.get('UserPasswords/findOne')
.then(res => { .then(res => {

View File

@ -30,17 +30,6 @@ describe('component vnUserDescriptor', () => {
}); });
}); });
describe('onChangeRoleAccept()', () => {
it('should call backend method to change role', () => {
$httpBackend.expectPATCH('Accounts/1').respond();
controller.onChangeRoleAccept();
$httpBackend.flush();
expect(controller.vnApp.showSuccess).toHaveBeenCalled();
expect(controller.emit).toHaveBeenCalledWith('change');
});
});
describe('onPassChange()', () => { describe('onPassChange()', () => {
it('should throw an error when password is empty', () => { it('should throw an error when password is empty', () => {
expect(() => { expect(() => {

View File

@ -18,3 +18,4 @@ import './roles';
import './ldap'; import './ldap';
import './samba'; import './samba';
import './accounts'; import './accounts';
import './privileges';

View File

@ -0,0 +1,42 @@
<mg-ajax path="Accounts/{{post.params.id}}/privileges" options="vnPost"></mg-ajax>
<vn-watcher
vn-id="watcher"
url="Accounts"
data="$ctrl.user"
id-value="$ctrl.$params.id"
form="form"
save="post">
</vn-watcher>
<form
name="form"
ng-submit="watcher.submit()"
class="vn-w-md">
<vn-card class="vn-pa-lg" vn-focus>
<vn-vertical>
<vn-check
label="Has grant"
ng-model="$ctrl.user.hasGrant">
</vn-check>
</vn-vertical>
<vn-vertical
class="vn-mt-md">
<vn-autocomplete
label="Role"
ng-model="$ctrl.user.roleFk"
url="Roles">
</vn-autocomplete>
</vn-vertical>
</vn-card>
<vn-button-bar>
<vn-submit
disabled="!watcher.dataChanged()"
label="Save">
</vn-submit>
<vn-button
class="cancel"
label="Undo changes"
disabled="!watcher.dataChanged()"
ng-click="watcher.loadOriginalData()">
</vn-button>
</vn-button-bar>
</form>

View File

@ -0,0 +1,9 @@
import ngModule from '../module';
import Section from 'salix/components/section';
export default class Controller extends Section {}
ngModule.component('vnUserPrivileges', {
template: require('./index.html'),
controller: Controller
});

View File

@ -0,0 +1,2 @@
Privileges: Privilegios
Has grant: Tiene privilegios

View File

@ -19,7 +19,8 @@
{"state": "account.card.basicData", "icon": "settings"}, {"state": "account.card.basicData", "icon": "settings"},
{"state": "account.card.roles", "icon": "group"}, {"state": "account.card.roles", "icon": "group"},
{"state": "account.card.mailForwarding", "icon": "forward"}, {"state": "account.card.mailForwarding", "icon": "forward"},
{"state": "account.card.aliases", "icon": "email"} {"state": "account.card.aliases", "icon": "email"},
{"state": "account.card.privileges", "icon": "badge"}
], ],
"role": [ "role": [
{"state": "account.role.card.basicData", "icon": "settings"}, {"state": "account.role.card.basicData", "icon": "settings"},
@ -99,6 +100,13 @@
"description": "Mail aliases", "description": "Mail aliases",
"acl": ["marketing", "hr"] "acl": ["marketing", "hr"]
}, },
{
"url": "/privileges",
"state": "account.card.privileges",
"component": "vn-user-privileges",
"description": "Privileges",
"acl": ["hr"]
},
{ {
"url": "/role?q", "url": "/role?q",
"state": "account.role", "state": "account.role",
@ -249,4 +257,4 @@
"acl": ["developer"] "acl": ["developer"]
} }
] ]
} }