Merge branch '2617-add_scope_days_on_travel_index' of https://gitea.verdnatura.es/verdnatura/salix into 2617-add_scope_days_on_travel_index

This commit is contained in:
Jorge Padawan 2021-02-02 11:49:53 +01:00
commit a2e78a8f25
2 changed files with 32 additions and 5 deletions

View File

@ -26,11 +26,11 @@ module.exports = Self => {
const workerModel = Self.app.models.Worker;
const targetTimeEntry = await Self.findById(id);
const isSubordinate = await workerModel.isSubordinate(ctx, targetTimeEntry.userFk);
const isHHRR = await Self.app.models.Account.hasRole(currentUserId, 'hr');
const isTeamBoss = await Self.app.models.Account.hasRole(currentUserId, 'teamBoss');
const isHimself = currentUserId == targetTimeEntry.userFk;
const notAllowed = isSubordinate === false || (isSubordinate && currentUserId == targetTimeEntry.userFk && !isHHRR);
const notAllowed = isSubordinate === false || (isSubordinate && isHimself && !isTeamBoss);
if (notAllowed)
throw new UserError(`You don't have enough privileges`);

View File

@ -5,6 +5,8 @@ describe('workerTimeControl add/delete timeEntry()', () => {
const HHRRId = 37;
const teamBossId = 13;
const employeeId = 1;
const salesPersonId = 106;
const salesBossId = 19;
let activeCtx = {
accessToken: {userId: 50},
};
@ -85,13 +87,13 @@ describe('workerTimeControl add/delete timeEntry()', () => {
});
it('should try but fail to delete his own time entry', async() => {
activeCtx.accessToken.userId = teamBossId;
activeCtx.accessToken.userId = salesBossId;
let error;
let todayAtSeven = new Date();
todayAtSeven.setHours(19, 30, 0, 0);
let data = {
workerFk: teamBossId,
workerFk: salesPersonId,
timed: todayAtSeven
};
@ -100,6 +102,7 @@ describe('workerTimeControl add/delete timeEntry()', () => {
createdTimeEntry = await app.models.WorkerTimeControl.findById(timeEntry.id);
try {
activeCtx.accessToken.userId = salesPersonId;
await app.models.WorkerTimeControl.deleteTimeEntry(ctx, createdTimeEntry.id);
} catch (e) {
error = e;
@ -110,6 +113,30 @@ describe('workerTimeControl add/delete timeEntry()', () => {
expect(error.message).toBe(`You don't have enough privileges`);
});
it('should delete the created time entry for the team boss as himself', async() => {
activeCtx.accessToken.userId = teamBossId;
let todayAtFive = new Date();
todayAtFive.setHours(17, 30, 0, 0);
let data = {
workerFk: teamBossId,
timed: todayAtFive
};
timeEntry = await app.models.WorkerTimeControl.addTimeEntry(ctx, data);
createdTimeEntry = await app.models.WorkerTimeControl.findById(timeEntry.id);
expect(createdTimeEntry).toBeDefined();
await app.models.WorkerTimeControl.deleteTimeEntry(ctx, createdTimeEntry.id);
createdTimeEntry = await app.models.WorkerTimeControl.findById(timeEntry.id);
expect(createdTimeEntry).toBeNull();
});
it('should delete the created time entry for the team boss as HHRR', async() => {
activeCtx.accessToken.userId = HHRRId;