fix: update access control for modifying absences in the past
gitea/salix/pipeline/pr-master This commit looks good
Details
gitea/salix/pipeline/pr-master This commit looks good
Details
This commit is contained in:
parent
f557b41feb
commit
838617e3f6
|
@ -1,2 +1,4 @@
|
||||||
|
DELETE FROM salix.ACL WHERE property = 'canCreateAbsenceInPast';
|
||||||
|
|
||||||
INSERT INTO salix.ACL (model,property,accessType,permission,principalType,principalId)
|
INSERT INTO salix.ACL (model,property,accessType,permission,principalType,principalId)
|
||||||
VALUES ('Worker','canDeleteAbsenceInPast','WRITE','ALLOW','ROLE','hr');
|
VALUES ('Worker','canModifyAbsenceInPast','WRITE','ALLOW','ROLE','hr');
|
||||||
|
|
|
@ -58,12 +58,12 @@ module.exports = Self => {
|
||||||
if (!isSubordinate || (isSubordinate && userId == id && !isTeamBoss))
|
if (!isSubordinate || (isSubordinate && userId == id && !isTeamBoss))
|
||||||
throw new UserError(`You don't have enough privileges`);
|
throw new UserError(`You don't have enough privileges`);
|
||||||
|
|
||||||
const canCreateAbsenceInPast =
|
const canModifyAbsenceInPast =
|
||||||
await models.ACL.checkAccessAcl(ctx, 'Worker', 'canCreateAbsenceInPast', 'WRITE');
|
await models.ACL.checkAccessAcl(ctx, 'Worker', 'canModifyAbsenceInPast', 'WRITE');
|
||||||
const now = Date.vnNew();
|
const now = Date.vnNew();
|
||||||
const newDate = new Date(args.dated).getTime();
|
const newDate = new Date(args.dated).getTime();
|
||||||
|
|
||||||
if ((now.getTime() > newDate) && !canCreateAbsenceInPast)
|
if ((now.getTime() > newDate) && !canModifyAbsenceInPast)
|
||||||
throw new UserError(`Holidays to past days not available`);
|
throw new UserError(`Holidays to past days not available`);
|
||||||
|
|
||||||
const labour = await models.WorkerLabour.findById(args.businessFk,
|
const labour = await models.WorkerLabour.findById(args.businessFk,
|
||||||
|
|
|
@ -53,10 +53,10 @@ module.exports = Self => {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}, myOptions);
|
}, myOptions);
|
||||||
const canDeleteAbsenceInPast =
|
const canModifyAbsenceInPast =
|
||||||
await models.ACL.checkAccessAcl(ctx, 'Worker', 'canDeleteAbsenceInPast', 'WRITE');
|
await models.ACL.checkAccessAcl(ctx, 'Worker', 'canModifyAbsenceInPast', 'WRITE');
|
||||||
|
|
||||||
if (!canDeleteAbsenceInPast && Date.vnNow() > absence.dated.getTime())
|
if (!canModifyAbsenceInPast && Date.vnNow() > absence.dated.getTime())
|
||||||
throw new UserError(`Holidays to past days not available`);
|
throw new UserError(`Holidays to past days not available`);
|
||||||
|
|
||||||
const result = await absence.destroy(myOptions);
|
const result = await absence.destroy(myOptions);
|
||||||
|
|
Loading…
Reference in New Issue