Merge pull request '5887-mailAlias_refactor' (!1659) from 5887-mailAlias_refactor into master

Reviewed-on: #1659 Reviewed-by: Javi Gallego <jgallego@verdnatura.es> Reviewed-by: Alex Moreno <alexm@verdnatura.es>
2023-07-12 06:34:42 +00:00 · 2023-07-12 06:34:42 +00:00 · 83698522ca
parent 810021e23a 808a9976ab
commit 83698522ca
9 changed files with 222 additions and 18 deletions
--- a/back/methods/vn-user/addAlias.js
+++ b/back/methods/vn-user/addAlias.js
@ -0,0 +1,68 @@
+const UserError = require('vn-loopback/util/user-error');
+
+module.exports = Self => {
+    Self.remoteMethod('addAlias', {
+        description: 'Add an alias if the user has the grant',
+        accessType: 'WRITE',
+        accepts: [
+            {
+                arg: 'ctx',
+                type: 'Object',
+                http: {source: 'context'}
+            },
+            {
+                arg: 'id',
+                type: 'number',
+                required: true,
+                description: 'The user id',
+                http: {source: 'path'}
+            },
+            {
+                arg: 'mailAlias',
+                type: 'number',
+                description: 'The new alias for user',
+                required: true
+            }
+        ],
+        http: {
+            path: `/:id/addAlias`,
+            verb: 'POST'
+        }
+    });
+
+    Self.addAlias = async function(ctx, id, mailAlias, options) {
+        const models = Self.app.models;
+        const userId = ctx.req.accessToken.userId;
+
+        const myOptions = {};
+
+        if (typeof options == 'object')
+            Object.assign(myOptions, options);
+
+        const user = await Self.findById(userId, {fields: ['hasGrant']}, myOptions);
+
+        if (!user.hasGrant)
+            throw new UserError(`You don't have grant privilege`);
+
+        const account = await models.Account.findById(userId, {
+            fields: ['id'],
+            include: {
+                relation: 'aliases',
+                scope: {
+                    fields: ['mailAlias']
+                }
+            }
+        }, myOptions);
+
+        const aliases = account.aliases().map(alias => alias.mailAlias);
+
+        const hasAlias = aliases.includes(mailAlias);
+        if (!hasAlias)
+            throw new UserError(`You cannot assign an alias that you are not assigned to`);
+
+        return models.MailAliasAccount.create({
+            mailAlias: mailAlias,
+            account: id
+        }, myOptions);
+    };
+};
--- a/back/methods/vn-user/removeAlias.js
+++ b/back/methods/vn-user/removeAlias.js
@ -0,0 +1,55 @@
+const UserError = require('vn-loopback/util/user-error');
+
+module.exports = Self => {
+    Self.remoteMethod('removeAlias', {
+        description: 'Remove alias if the user has the grant',
+        accessType: 'WRITE',
+        accepts: [
+            {
+                arg: 'ctx',
+                type: 'Object',
+                http: {source: 'context'}
+            },
+            {
+                arg: 'id',
+                type: 'number',
+                required: true,
+                description: 'The user id',
+                http: {source: 'path'}
+            },
+            {
+                arg: 'mailAlias',
+                type: 'number',
+                description: 'The alias to delete',
+                required: true
+            }
+        ],
+        http: {
+            path: `/:id/removeAlias`,
+            verb: 'POST'
+        }
+    });
+
+    Self.removeAlias = async function(ctx, id, mailAlias, options) {
+        const models = Self.app.models;
+        const userId = ctx.req.accessToken.userId;
+
+        const myOptions = {};
+
+        if (typeof options == 'object')
+            Object.assign(myOptions, options);
+
+        const canRemoveAlias = await models.ACL.checkAccessAcl(ctx, 'VnUser', 'canRemoveAlias', 'WRITE');
+
+        if (userId != id && !canRemoveAlias) throw new UserError(`You don't have grant privilege`);
+
+        const mailAliasAccount = await models.MailAliasAccount.findOne({
+            where: {
+                mailAlias: mailAlias,
+                account: id
+            }
+        }, myOptions);
+
+        await mailAliasAccount.destroy(myOptions);
+    };
+};
--- a/back/methods/vn-user/specs/addAlias.spec.js
+++ b/back/methods/vn-user/specs/addAlias.spec.js
@ -0,0 +1,68 @@
+const {models} = require('vn-loopback/server/server');
+
+describe('VnUser addAlias()', () => {
+    const employeeId = 1;
+    const sysadminId = 66;
+    const developerId = 9;
+    const customerId = 2;
+    const mailAlias = 1;
+    it('should throw an error when user not has privileges', async() => {
+        const ctx = {req: {accessToken: {userId: employeeId}}};
+        const tx = await models.VnUser.beginTransaction({});
+
+        let error;
+        try {
+            const options = {transaction: tx};
+
+            await models.VnUser.addAlias(ctx, employeeId, mailAlias, options);
+
+            await tx.rollback();
+        } catch (e) {
+            error = e;
+            await tx.rollback();
+        }
+
+        expect(error.message).toContain(`You don't have grant privilege`);
+    });
+
+    it('should throw an error when user has privileges but not has the role from user', async() => {
+        const ctx = {req: {accessToken: {userId: sysadminId}}};
+        const tx = await models.VnUser.beginTransaction({});
+
+        let error;
+        try {
+            const options = {transaction: tx};
+
+            await models.VnUser.addAlias(ctx, employeeId, mailAlias, options);
+
+            await tx.rollback();
+        } catch (e) {
+            error = e;
+            await tx.rollback();
+        }
+
+        expect(error.message).toContain(`You cannot assign an alias that you are not assigned to`);
+    });
+
+    it('should add an alias', async() => {
+        const ctx = {req: {accessToken: {userId: developerId}}};
+        const tx = await models.VnUser.beginTransaction({});
+
+        let result;
+        try {
+            const options = {transaction: tx};
+
+            const user = await models.VnUser.findById(developerId, null, options);
+            await user.updateAttribute('hasGrant', true, options);
+
+            result = await models.VnUser.addAlias(ctx, customerId, mailAlias, options);
+
+            await tx.rollback();
+        } catch (e) {
+            await tx.rollback();
+        }
+
+        expect(result.mailAlias).toBe(mailAlias);
+        expect(result.account).toBe(customerId);
+    });
+});
--- a/back/models/vn-user.js
+++ b/back/models/vn-user.js
@ -11,6 +11,8 @@ module.exports = function(Self) {
    require('../methods/vn-user/validate-token')(Self);
    require('../methods/vn-user/privileges')(Self);
    require('../methods/vn-user/renew-token')(Self);
+    require('../methods/vn-user/addAlias')(Self);
+    require('../methods/vn-user/removeAlias')(Self);

    Self.definition.settings.acls = Self.definition.settings.acls.filter(acl => acl.property !== 'create');

--- a/db/changes/232601/00-aclAddAlias.sql
+++ b/db/changes/232601/00-aclAddAlias.sql
@ -0,0 +1,11 @@
+INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
+    VALUES
+        ('VnUser', 'addAlias', 'WRITE', 'ALLOW', 'ROLE', 'employee');
+
+INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
+    VALUES
+        ('VnUser', 'removeAlias', 'WRITE', 'ALLOW', 'ROLE', 'employee');
+
+INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
+    VALUES
+        ('VnUser', 'canRemoveAlias', 'WRITE', 'ALLOW', 'ROLE', 'itManagement');
--- a/loopback/locale/es.json
+++ b/loopback/locale/es.json
@ -296,7 +296,8 @@
 	"Fecha fuera de rango": "Fecha fuera de rango",
 	"Error while generating PDF": "Error al generar PDF",
 	"Error when sending mail to client": "Error al enviar el correo al cliente",
-    "Mail not sent": "Se ha producido un fallo al enviar la factura al cliente [{{clientId}}]({{{clientUrl}}}), por favor revisa la dirección de correo electrónico",
+	"Mail not sent": "Se ha producido un fallo al enviar la factura al cliente [{{clientId}}]({{{clientUrl}}}), por favor revisa la dirección de correo electrónico",
 	"The renew period has not been exceeded": "El periodo de renovación no ha sido superado",
-    "Negative basis of tickets": "Base negativa para los tickets: {{ticketsIds}}"
+	"Negative basis of tickets": "Base negativa para los tickets: {{ticketsIds}}",
+	"You cannot assign an alias that you are not assigned to": "No puede asignar un alias que no tenga asignado"
 }
--- a/modules/account/front/aliases/index.html
+++ b/modules/account/front/aliases/index.html
@ -17,9 +17,7 @@
                        <vn-icon-button
                            icon="delete"
                            translate-attr="{title: 'Unsubscribe'}"
-                            ng-click="removeConfirm.show(row)"
-                            vn-acl="itManagement"
-                            vn-acl-action="remove">
+                            ng-click="removeConfirm.show(row)">
                        </vn-icon-button>
                    </vn-item-section>
                </vn-item>
@ -32,9 +30,7 @@
        translate-attr="{title: 'Add'}"
        vn-bind="+"
        ng-click="$ctrl.onAddClick()"
-        fixed-bottom-right
-        vn-acl="itManagement"
-        vn-acl-action="remove">
+        fixed-bottom-right>
    </vn-float-button>
    <vn-dialog
        vn-id="dialog"
--- a/modules/account/front/aliases/index.js
+++ b/modules/account/front/aliases/index.js
@ -21,12 +21,11 @@ export default class Controller extends Section {
    }

    onAddClick() {
-        this.addData = {account: this.$params.id};
        this.$.dialog.show();
    }

    onAddSave() {
-        return this.$http.post(`MailAliasAccounts`, this.addData)
+        return this.$http.post(`VnUsers/${this.$params.id}/addAlias`, this.addData)
            .then(() => this.refresh())
            .then(() => this.vnApp.showSuccess(
                this.$t('Subscribed to alias!'))
@ -34,11 +33,12 @@ export default class Controller extends Section {
    }

    onRemove(row) {
-        return this.$http.delete(`MailAliasAccounts/${row.id}`)
-            .then(() => {
-                this.$.data.splice(this.$.data.indexOf(row), 1);
-                this.vnApp.showSuccess(this.$t('Unsubscribed from alias!'));
-            });
+        const params = {
+            mailAlias: row.mailAlias
+        };
+        return this.$http.post(`VnUsers/${this.$params.id}/removeAlias`, params)
+            .then(() => this.refresh())
+            .then(() => this.vnApp.showSuccess(this.$t('Data saved!')));
    }
 }

--- a/modules/account/front/aliases/index.spec.js
+++ b/modules/account/front/aliases/index.spec.js
@ -25,8 +25,9 @@ describe('component vnUserAliases', () => {
    describe('onAddSave()', () => {
        it('should add the new row', () => {
            controller.addData = {account: 1};
+            controller.$params = {id: 1};

-            $httpBackend.expectPOST('MailAliasAccounts').respond();
+            $httpBackend.expectPOST('VnUsers/1/addAlias').respond();
            $httpBackend.expectGET('MailAliasAccounts').respond('foo');
            controller.onAddSave();
            $httpBackend.flush();
@ -41,12 +42,14 @@ describe('component vnUserAliases', () => {
                {id: 1, alias: 'foo'},
                {id: 2, alias: 'bar'}
            ];
+            controller.$params = {id: 1};

-            $httpBackend.expectDELETE('MailAliasAccounts/1').respond();
+            $httpBackend.expectPOST('VnUsers/1/removeAlias').respond();
+            $httpBackend.expectGET('MailAliasAccounts').respond(controller.$.data[1]);
            controller.onRemove(controller.$.data[0]);
            $httpBackend.flush();

-            expect(controller.$.data).toEqual([{id: 2, alias: 'bar'}]);
+            expect(controller.$.data).toEqual({id: 2, alias: 'bar'});
            expect(controller.vnApp.showSuccess).toHaveBeenCalled();
        });
    });