Merge branch 'master' into 6684-driverRouteHotfix
gitea/salix/pipeline/pr-master This commit looks good Details

This commit is contained in:
Pablo Natek 2024-01-31 12:54:03 +00:00
commit 85230d2647
6 changed files with 38 additions and 48 deletions

View File

@ -1,23 +1,6 @@
const models = require('vn-loopback/server/server').models; const models = require('vn-loopback/server/server').models;
describe('loopback model MailAliasAccount', () => { describe('loopback model MailAliasAccount', () => {
it('should fail to add a mail Alias if the worker doesnt have ACLs', async() => {
const tx = await models.MailAliasAccount.beginTransaction({});
let error;
try {
const options = {transaction: tx, accessToken: {userId: 57}};
await models.MailAliasAccount.create({mailAlias: 2, account: 5}, options);
await tx.rollback();
} catch (e) {
await tx.rollback();
error = e;
}
expect(error.message).toEqual('The alias cant be modified');
});
it('should add a mail Alias', async() => { it('should add a mail Alias', async() => {
const tx = await models.MailAliasAccount.beginTransaction({}); const tx = await models.MailAliasAccount.beginTransaction({});
let error; let error;

View File

@ -0,0 +1,5 @@
DELETE FROM salix.ACL
WHERE model = 'MailAliasAccount'
AND property = 'canEditAlias'
AND principalType = 'ROLE'
AND principalId = 'marketingBoss';

View File

@ -234,13 +234,13 @@ async function dockerStart() {
const container = new Docker('salix-db'); const container = new Docker('salix-db');
await container.start(); await container.start();
} }
dockerStart.description = `Starts the salix-db container`; dockerStart.description = `Starts the DB container`;
async function docker() { async function docker() {
const container = new Docker('salix-db'); const container = new Docker('salix-db');
await container.run(); await container.run();
} }
docker.description = `Runs the salix-db container`; docker.description = `Builds and starts the DB container`;
module.exports = { module.exports = {
default: defaultTask, default: defaultTask,

View File

@ -203,5 +203,7 @@
"Cannot past travels with entries": "Cannot past travels with entries", "Cannot past travels with entries": "Cannot past travels with entries",
"It was not able to remove the next expeditions:": "It was not able to remove the next expeditions: {{expeditions}}", "It was not able to remove the next expeditions:": "It was not able to remove the next expeditions: {{expeditions}}",
"Incorrect pin": "Incorrect pin.", "Incorrect pin": "Incorrect pin.",
"The notification subscription of this worker cant be modified": "The notification subscription of this worker cant be modified" "The notification subscription of this worker cant be modified": "The notification subscription of this worker cant be modified",
} "You are not allowed to modify the alias": "You are not allowed to modify the alias",
"You already have the mailAlias": "You already have the mailAlias"
}

View File

@ -335,6 +335,6 @@
"This user does not have an assigned tablet": "Este usuario no tiene tablet asignada", "This user does not have an assigned tablet": "Este usuario no tiene tablet asignada",
"Incorrect pin": "Pin incorrecto.", "Incorrect pin": "Pin incorrecto.",
"You already have the mailAlias": "Ya tienes este alias de correo", "You already have the mailAlias": "Ya tienes este alias de correo",
"The alias cant be modified": "Este alias de correo no puede ser modificado", "You are not allowed to modify the alias": "No estás autorizado a modificar el alias",
"No tickets to invoice": "No hay tickets para facturar" "No tickets to invoice": "No hay tickets para facturar"
} }

View File

@ -1,5 +1,5 @@
const UserError = require('vn-loopback/util/user-error'); const ForbiddenError = require('vn-loopback/util/forbiddenError');
module.exports = Self => { module.exports = Self => {
Self.rewriteDbError(function(err) { Self.rewriteDbError(function(err) {
@ -8,38 +8,38 @@ module.exports = Self => {
return err; return err;
}); });
Self.observe('before save', async ctx => { Self.beforeRemote('create', async function(ctx) {
const changes = ctx.currentInstance || ctx.instance; const mailAlias = ctx.args.data?.mailAlias;
if (!mailAlias) return;
await checkModifyPermission(ctx, changes.mailAlias); await checkModifyPermission(ctx, mailAlias);
}); });
Self.beforeRemote('deleteById', async function(ctx) {
Self.observe('before delete', async ctx => { const instance = await Self.findById(ctx.args.id,
const mailAliasAccount = await Self.findById(ctx.where.id); {fields: ['mailAlias']}
);
await checkModifyPermission(ctx, mailAliasAccount.mailAlias); await checkModifyPermission(ctx, instance.mailAlias);
}); });
async function checkModifyPermission(ctx, mailAliasFk) { async function checkModifyPermission(ctx, mailAliasFk) {
const userId = ctx.options.accessToken.userId;
const models = Self.app.models; const models = Self.app.models;
const userId = ctx.req.accessToken.userId;
const roles = await models.RoleMapping.find({ const canEditAlias = await models.ACL.checkAccessAcl(ctx,
fields: ['roleId'], 'MailAliasAccount', 'canEditAlias', 'WRITE');
where: {principalId: userId} if (canEditAlias) return;
const allowedRoles = await models.MailAliasAcl.find({
fields: ['roleFk'],
where: {mailAliasFk}
}); });
const nRoles = allowedRoles.length &&
await models.RoleMapping.count({
principalId: userId,
principalType: 'USER',
roleId: {inq: allowedRoles.map(x => x.roleFk)}
});
const availableMailAlias = await models.MailAliasAcl.findOne({ if (!nRoles)
fields: ['mailAliasFk'], throw new ForbiddenError('You are not allowed to modify the alias');
include: {relation: 'mailAlias'},
where: {
roleFk: {
inq: roles.map(role => role.roleId),
},
mailAliasFk
}
});
if (!availableMailAlias) throw new UserError('The alias cant be modified');
} }
}; };