2762 - Delete entry ass teamBoss

2021-02-02 10:07:13 +01:00 · 2021-02-02 10:07:13 +01:00 · a21d8acde6
parent 220b417ade
commit a21d8acde6
2 changed files with 33 additions and 6 deletions
--- a/modules/worker/back/methods/worker-time-control/deleteTimeEntry.js
+++ b/modules/worker/back/methods/worker-time-control/deleteTimeEntry.js
@ -26,11 +26,11 @@ module.exports = Self => {
        const workerModel = Self.app.models.Worker;

        const targetTimeEntry = await Self.findById(id);
-
        const isSubordinate = await workerModel.isSubordinate(ctx, targetTimeEntry.userFk);
-        const isHHRR = await Self.app.models.Account.hasRole(currentUserId, 'hr');
+        const isTeamBoss = await Self.app.models.Account.hasRole(currentUserId, 'teamBoss');
+        const isHimself = currentUserId == targetTimeEntry.userFk;

-        const notAllowed = isSubordinate === false || (isSubordinate && currentUserId == targetTimeEntry.userFk && !isHHRR);
+        const notAllowed = isSubordinate === false || (isSubordinate && isHimself && !isTeamBoss);

        if (notAllowed)
            throw new UserError(`You don't have enough privileges`);
--- a/modules/worker/back/methods/worker-time-control/specs/timeEntry.spec.js
+++ b/modules/worker/back/methods/worker-time-control/specs/timeEntry.spec.js
@ -1,10 +1,12 @@
 const app = require('vn-loopback/server/server');
 const LoopBackContext = require('loopback-context');

-describe('workerTimeControl add/delete timeEntry()', () => {
+fdescribe('workerTimeControl add/delete timeEntry()', () => {
    const HHRRId = 37;
    const teamBossId = 13;
    const employeeId = 1;
+    const salesPersonId = 106;
+    const salesBossId = 19;
    let activeCtx = {
        accessToken: {userId: 50},
    };
@ -85,13 +87,13 @@ describe('workerTimeControl add/delete timeEntry()', () => {
    });

    it('should try but fail to delete his own time entry', async() => {
-        activeCtx.accessToken.userId = teamBossId;
+        activeCtx.accessToken.userId = salesBossId;
        let error;
        let todayAtSeven = new Date();
        todayAtSeven.setHours(19, 30, 0, 0);

        let data = {
-            workerFk: teamBossId,
+            workerFk: salesPersonId,
            timed: todayAtSeven
        };

@ -100,6 +102,7 @@ describe('workerTimeControl add/delete timeEntry()', () => {
        createdTimeEntry = await app.models.WorkerTimeControl.findById(timeEntry.id);

        try {
+            activeCtx.accessToken.userId = salesPersonId;
            await app.models.WorkerTimeControl.deleteTimeEntry(ctx, createdTimeEntry.id);
        } catch (e) {
            error = e;
@ -110,6 +113,30 @@ describe('workerTimeControl add/delete timeEntry()', () => {
        expect(error.message).toBe(`You don't have enough privileges`);
    });

+    it('should delete the created time entry for the team boss as himself', async() => {
+        activeCtx.accessToken.userId = teamBossId;
+
+        let todayAtFive = new Date();
+        todayAtFive.setHours(17, 30, 0, 0);
+
+        let data = {
+            workerFk: teamBossId,
+            timed: todayAtFive
+        };
+
+        timeEntry = await app.models.WorkerTimeControl.addTimeEntry(ctx, data);
+
+        createdTimeEntry = await app.models.WorkerTimeControl.findById(timeEntry.id);
+
+        expect(createdTimeEntry).toBeDefined();
+
+        await app.models.WorkerTimeControl.deleteTimeEntry(ctx, createdTimeEntry.id);
+
+        createdTimeEntry = await app.models.WorkerTimeControl.findById(timeEntry.id);
+
+        expect(createdTimeEntry).toBeNull();
+    });
+
    it('should delete the created time entry for the team boss as HHRR', async() => {
        activeCtx.accessToken.userId = HHRRId;