refs #5468 feat: comprobacion de acl en el back en 'Reenvío de correo'
gitea/salix/pipeline/head This commit looks good
Details
gitea/salix/pipeline/head This commit looks good
Details
This commit is contained in:
parent
96163cb07f
commit
940ed29dfc
|
|
@ -5,4 +5,5 @@ DELETE
|
|||
INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
|
||||
VALUES
|
||||
('Account', '*', 'WRITE', 'ALLOW', 'ROLE', 'sysadmin'),
|
||||
('Account', '*', 'READ', 'ALLOW', 'ROLE', 'employee');
|
||||
('Account', '*', 'READ', 'ALLOW', 'ROLE', 'employee'),
|
||||
('Account', 'changeMailForwarding', 'WRITE', 'ALLOW', 'ROLE', 'employee');
|
||||
|
|
|
|||
|
|
@ -0,0 +1,38 @@
|
|||
|
||||
const UserError = require('vn-loopback/util/user-error');
|
||||
|
||||
module.exports = Self => {
|
||||
Self.remoteMethodCtx('changeMailForwarding', {
|
||||
description: 'Changes the mail forwarding',
|
||||
accessType: 'WRITE',
|
||||
accepts: [{
|
||||
arg: 'id',
|
||||
type: 'number',
|
||||
description: 'The user id',
|
||||
http: {source: 'path'}
|
||||
}, {
|
||||
arg: 'forwardTo',
|
||||
type: 'string',
|
||||
description: 'The mail forward'
|
||||
}],
|
||||
http: {
|
||||
path: `/:id/changeMailForwarding`,
|
||||
verb: 'POST'
|
||||
}
|
||||
});
|
||||
|
||||
Self.changeMailForwarding = async function(ctx, id, forwardTo) {
|
||||
const models = Self.app.models;
|
||||
|
||||
const isSubordinate = await models.Worker.isSubordinate(ctx, id);
|
||||
if (!isSubordinate)
|
||||
throw new UserError(`You don't have enough privileges`);
|
||||
|
||||
if (!forwardTo) return models.MailForward.destroyById(id);
|
||||
|
||||
const mailForward = await models.MailForward.findById(id);
|
||||
|
||||
if (mailForward) return mailForward.updateAttribute('forwardTo', forwardTo);
|
||||
else return models.MailForward.create({account: id, forwardTo: forwardTo});
|
||||
};
|
||||
};
|
||||
|
|
@ -7,4 +7,5 @@ module.exports = Self => {
|
|||
require('../methods/account/logout')(Self);
|
||||
require('../methods/account/change-password')(Self);
|
||||
require('../methods/account/set-password')(Self);
|
||||
require('../methods/account/change-mail-forwarding')(Self);
|
||||
};
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
url="MailForwards"
|
||||
id-field="account"
|
||||
id-value="$ctrl.$params.id"
|
||||
data="data"
|
||||
data="$ctrl.data"
|
||||
form="form">
|
||||
</vn-watcher>
|
||||
<form
|
||||
|
|
@ -20,7 +20,7 @@
|
|||
<vn-textfield
|
||||
ng-if="watcher.hasData"
|
||||
label="Forward email"
|
||||
ng-model="data.forwardTo"
|
||||
ng-model="$ctrl.data.forwardTo"
|
||||
info="All emails will be forwarded to the specified address."
|
||||
rule="MailForward"
|
||||
vn-focus>
|
||||
|
|
|
|||
|
|
@ -4,16 +4,14 @@ import UserError from 'core/lib/user-error';
|
|||
|
||||
export default class Controller extends Section {
|
||||
onSubmit() {
|
||||
this.getIsAuthorized();
|
||||
}
|
||||
|
||||
getIsAuthorized() {
|
||||
this.$http.get(`Workers/${this.$params.id}/isSubordinate`)
|
||||
.then(res => {
|
||||
this.isSubordinate = res.data;
|
||||
if (!this.isSubordinate) throw new UserError(`You don't have enough privileges`);
|
||||
|
||||
this.$.watcher.submit();
|
||||
const query = `Accounts/${this.$params.id}/changeMailForwarding`;
|
||||
const params = {
|
||||
forwardTo: this.data?.forwardTo || undefined
|
||||
};
|
||||
this.$http.post(query, params)
|
||||
.then(() => {
|
||||
this.$.watcher.notifySaved();
|
||||
this.$.watcher.updateOriginalData();
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue