2762 - Delete entry ass teamBoss

modules/worker/back/methods/worker-time-control/deleteTimeEntry.js

@@ -26,11 +26,11 @@ module.exports = Self => {
         const workerModel = Self.app.models.Worker;
 
         const targetTimeEntry = await Self.findById(id);
-
         const isSubordinate = await workerModel.isSubordinate(ctx, targetTimeEntry.userFk);
-        const isHHRR = await Self.app.models.Account.hasRole(currentUserId, 'hr');
+        const isTeamBoss = await Self.app.models.Account.hasRole(currentUserId, 'teamBoss');
+        const isHimself = currentUserId == targetTimeEntry.userFk;
 
-        const notAllowed = isSubordinate === false || (isSubordinate && currentUserId == targetTimeEntry.userFk && !isHHRR);
+        const notAllowed = isSubordinate === false || (isSubordinate && isHimself && !isTeamBoss);
 
         if (notAllowed)
             throw new UserError(`You don't have enough privileges`);

modules/worker/back/methods/worker-time-control/specs/timeEntry.spec.js

@@ -1,10 +1,12 @@
 const app = require('vn-loopback/server/server');
 const LoopBackContext = require('loopback-context');
 
-describe('workerTimeControl add/delete timeEntry()', () => {
+fdescribe('workerTimeControl add/delete timeEntry()', () => {
     const HHRRId = 37;
     const teamBossId = 13;
     const employeeId = 1;
+    const salesPersonId = 106;
+    const salesBossId = 19;
     let activeCtx = {
         accessToken: {userId: 50},
     };
@@ -85,13 +87,13 @@ describe('workerTimeControl add/delete timeEntry()', () => {
     });
 
     it('should try but fail to delete his own time entry', async() => {
-        activeCtx.accessToken.userId = teamBossId;
+        activeCtx.accessToken.userId = salesBossId;
         let error;
         let todayAtSeven = new Date();
         todayAtSeven.setHours(19, 30, 0, 0);
 
         let data = {
-            workerFk: teamBossId,
+            workerFk: salesPersonId,
             timed: todayAtSeven
         };
 
@@ -100,6 +102,7 @@ describe('workerTimeControl add/delete timeEntry()', () => {
         createdTimeEntry = await app.models.WorkerTimeControl.findById(timeEntry.id);
 
         try {
+            activeCtx.accessToken.userId = salesPersonId;
             await app.models.WorkerTimeControl.deleteTimeEntry(ctx, createdTimeEntry.id);
         } catch (e) {
             error = e;
@@ -110,6 +113,30 @@ describe('workerTimeControl add/delete timeEntry()', () => {
         expect(error.message).toBe(`You don't have enough privileges`);
     });
 
+    it('should delete the created time entry for the team boss as himself', async() => {
+        activeCtx.accessToken.userId = teamBossId;
+
+        let todayAtFive = new Date();
+        todayAtFive.setHours(17, 30, 0, 0);
+
+        let data = {
+            workerFk: teamBossId,
+            timed: todayAtFive
+        };
+
+        timeEntry = await app.models.WorkerTimeControl.addTimeEntry(ctx, data);
+
+        createdTimeEntry = await app.models.WorkerTimeControl.findById(timeEntry.id);
+
+        expect(createdTimeEntry).toBeDefined();
+
+        await app.models.WorkerTimeControl.deleteTimeEntry(ctx, createdTimeEntry.id);
+
+        createdTimeEntry = await app.models.WorkerTimeControl.findById(timeEntry.id);
+
+        expect(createdTimeEntry).toBeNull();
+    });
+
     it('should delete the created time entry for the team boss as HHRR', async() => {
         activeCtx.accessToken.userId = HHRRId;