verdnatura/salix
verdnatura
/
salix
3
4
Fork 0
Code Issues Pull Requests 59 Releases Wiki Activity

Merge pull request '4581-client.web-access' (#1074) from 4581-client.web-access into dev
gitea/salix/pipeline/head Something is wrong with the build of this commit Details 

Reviewed-on: #1074
Reviewed-by: Joan Sanchez <joan@verdnatura.es>
This commit is contained in:
Joan Sanchez 2022-10-06 08:20:06 +00:00
parent 1bf090b6ee fd219f853f
commit 954c4d5d85
7 changed files with 84 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
e2e/paths/02-client/07_edit_web_access.spec.js
View File

@ -8,7 +8,7 @@ describe('Client Edit web access path', () => {
beforeAll(async() => { beforeAll(async() => {
browser = await getBrowser(); browser = await getBrowser();
page = browser.page; page = browser.page;
await page.loginAndModule('employee', 'client'); await page.loginAndModule('salesPerson', 'client');
await page.accessToSearchResult('max'); await page.accessToSearchResult('max');
await page.accessToSection('client.card.webAccess'); await page.accessToSection('client.card.webAccess');
}); });

3
loopback/locale/en.json
View File

@ -131,5 +131,6 @@
"Fichadas impares": "Odd signs", "Fichadas impares": "Odd signs",
"Descanso diario 9h.": "Daily rest 9h.", "Descanso diario 9h.": "Daily rest 9h.",
"Descanso semanal 36h. / 72h.": "Weekly rest 36h. / 72h.", "Descanso semanal 36h. / 72h.": "Weekly rest 36h. / 72h.",
"Password does not meet requirements": "Password does not meet requirements" "Password does not meet requirements": "Password does not meet requirements",
"Not enough privileges to edit a client": "Not enough privileges to edit a client"
} }

5
loopback/locale/es.json
View File

@ -232,5 +232,8 @@
"Fichadas impares": "Fichadas impares", "Fichadas impares": "Fichadas impares",
"Descanso diario 12h.": "Descanso diario 12h.", "Descanso diario 12h.": "Descanso diario 12h.",
"Descanso semanal 36h. / 72h.": "Descanso semanal 36h. / 72h.", "Descanso semanal 36h. / 72h.": "Descanso semanal 36h. / 72h.",
"Dirección incorrecta": "Dirección incorrecta" "Dirección incorrecta": "Dirección incorrecta",
"Modifiable user details only by an administrator": "Detalles de usuario modificables solo por un administrador",
"Modifiable password only via recovery or by an administrator": "Contraseña modificable solo a través de la recuperación o por un administrador",
"Not enough privileges to edit a client": "No tienes suficientes privilegios para editar un cliente"
} }

19
modules/client/back/methods/client/setPassword.js
View File

@ -1,5 +1,6 @@
const UserError = require('vn-loopback/util/user-error');
module.exports = Self => { module.exports = Self => {
Self.remoteMethod('setPassword', { Self.remoteMethodCtx('setPassword', {
description: 'Sets the password of a non-worker client', description: 'Sets the password of a non-worker client',
accepts: [ accepts: [
{ {
@ -20,13 +21,21 @@ module.exports = Self => {
} }
}); });
Self.setPassword = async function(id, newPassword) { Self.setPassword = async function(ctx, id, newPassword) {
const models = Self.app.models; const models = Self.app.models;
const userId = ctx.req.accessToken.userId;
const isWorker = await models.Worker.findById(id); const isSalesPerson = await models.Account.hasRole(userId, 'salesPerson');
if (isWorker)
throw new Error(`Can't change the password of another worker`);
if (!isSalesPerson)
throw new UserError(`Not enough privileges to edit a client`);
const isClient = await models.Client.findById(id, null);
const isUserAccount = await models.UserAccount.findById(id, null);
if (isClient && !isUserAccount)
await models.Account.setPassword(id, newPassword); await models.Account.setPassword(id, newPassword);
else
throw new UserError(`Modifiable password only via recovery or by an administrator`);
}; };
}; };

30
modules/client/back/methods/client/specs/setPassword.spec.js
View File

@ -1,23 +1,43 @@
const models = require('vn-loopback/server/server').models; const models = require('vn-loopback/server/server').models;
describe('Client setPassword', () => { describe('Client setPassword', () => {
it('should throw an error the setPassword target is not just a client but a worker', async() => { const salesPersonId = 19;
let error; const ctx = {
req: {accessToken: {userId: salesPersonId}}
};
it(`should throw an error if you don't have enough permissions`, async() => {
let error;
const employeeId = 1;
const ctx = {
req: {accessToken: {userId: employeeId}}
};
try { try {
await models.Client.setPassword(1106, 'newPass?'); await models.Client.setPassword(ctx, 1, 't0pl3v3l.p455w0rd!');
} catch (e) { } catch (e) {
error = e; error = e;
} }
expect(error.message).toEqual(`Can't change the password of another worker`); expect(error.message).toEqual(`Not enough privileges to edit a client`);
});
it('should throw an error the setPassword target is not just a client but a worker', async() => {
let error;
try {
await models.Client.setPassword(ctx, 1, 't0pl3v3l.p455w0rd!');
} catch (e) {
error = e;
}
expect(error.message).toEqual(`Modifiable password only via recovery or by an administrator`);
}); });
it('should change the password of the client', async() => { it('should change the password of the client', async() => {
let error; let error;
try { try {
await models.Client.setPassword(1101, 't0pl3v3l.p455w0rd!'); await models.Client.setPassword(ctx, 1101, 't0pl3v3l.p455w0rd!');
} catch (e) { } catch (e) {
error = e; error = e;
} }

24
modules/client/back/methods/client/specs/updateUser.spec.js
View File

@ -10,8 +10,9 @@ describe('Client updateUser', () => {
} }
} }
}; };
const salesPersonId = 19;
const ctx = { const ctx = {
req: {accessToken: {userId: employeeId}}, req: {accessToken: {userId: salesPersonId}},
args: {name: 'test', active: true} args: {name: 'test', active: true}
}; };
@ -21,8 +22,13 @@ describe('Client updateUser', () => {
}); });
}); });
it('should throw an error the target user is not just a client but a worker', async() => { it(`should throw an error if you don't have enough permissions`, async() => {
let error; let error;
const employeeId = 1;
const ctx = {
req: {accessToken: {userId: employeeId}},
args: {name: 'test', active: true}
};
try { try {
const clientID = 1106; const clientID = 1106;
await models.Client.updateUser(ctx, clientID); await models.Client.updateUser(ctx, clientID);
@ -30,7 +36,19 @@ describe('Client updateUser', () => {
error = e; error = e;
} }
expect(error.message).toEqual(`Can't update the user details of another worker`); expect(error.message).toEqual(`Not enough privileges to edit a client`);
});
it('should throw an error the target user is not just a client but a worker', async() => {
let error;
try {
const clientID = 1;
await models.Client.updateUser(ctx, clientID);
} catch (e) {
error = e;
}
expect(error.message).toEqual(`Modifiable user details only by an administrator`);
}); });
it('should update the user data', async() => { it('should update the user data', async() => {

21
modules/client/back/methods/client/updateUser.js
View File

@ -1,3 +1,4 @@
const UserError = require('vn-loopback/util/user-error');
module.exports = Self => { module.exports = Self => {
Self.remoteMethodCtx('updateUser', { Self.remoteMethodCtx('updateUser', {
description: 'Updates the user information', description: 'Updates the user information',
@ -5,8 +6,7 @@ module.exports = Self => {
{ {
arg: 'id', arg: 'id',
type: 'number', type: 'number',
description: 'The user id', description: 'The user id'
http: {source: 'path'}
}, },
{ {
arg: 'name', arg: 'name',
@ -15,7 +15,7 @@ module.exports = Self => {
}, },
{ {
arg: 'email', arg: 'email',
type: 'string', type: 'any',
description: 'the user email' description: 'the user email'
}, },
{ {
@ -32,6 +32,7 @@ module.exports = Self => {
Self.updateUser = async function(ctx, id, options) { Self.updateUser = async function(ctx, id, options) {
const models = Self.app.models; const models = Self.app.models;
const userId = ctx.req.accessToken.userId;
let tx; let tx;
const myOptions = {}; const myOptions = {};
@ -44,13 +45,19 @@ module.exports = Self => {
} }
try { try {
const isWorker = await models.Worker.findById(id, null, myOptions); const isSalesPerson = await models.Account.hasRole(userId, 'salesPerson', myOptions);
if (isWorker)
throw new Error(`Can't update the user details of another worker`);
if (!isSalesPerson)
throw new UserError(`Not enough privileges to edit a client`);
const isClient = await models.Client.findById(id, null, myOptions);
const isUserAccount = await models.UserAccount.findById(id, null, myOptions);
if (isClient && !isUserAccount) {
const user = await models.Account.findById(id, null, myOptions); const user = await models.Account.findById(id, null, myOptions);
await user.updateAttributes(ctx.args, myOptions); await user.updateAttributes(ctx.args, myOptions);
} else
throw new UserError(`Modifiable user details only by an administrator`);
if (tx) await tx.commit(); if (tx) await tx.commit();
} catch (e) { } catch (e) {