diff --git a/back/methods/vn-user/addAlias.js b/back/methods/vn-user/addAlias.js deleted file mode 100644 index 9fe43e713..000000000 --- a/back/methods/vn-user/addAlias.js +++ /dev/null @@ -1,68 +0,0 @@ -const UserError = require('vn-loopback/util/user-error'); - -module.exports = Self => { - Self.remoteMethod('addAlias', { - description: 'Add an alias if the user has the grant', - accessType: 'WRITE', - accepts: [ - { - arg: 'ctx', - type: 'Object', - http: {source: 'context'} - }, - { - arg: 'id', - type: 'number', - required: true, - description: 'The user id', - http: {source: 'path'} - }, - { - arg: 'mailAlias', - type: 'number', - description: 'The new alias for user', - required: true - } - ], - http: { - path: `/:id/addAlias`, - verb: 'POST' - } - }); - - Self.addAlias = async function(ctx, id, mailAlias, options) { - const models = Self.app.models; - const userId = ctx.req.accessToken.userId; - - const myOptions = {}; - - if (typeof options == 'object') - Object.assign(myOptions, options); - - const user = await Self.findById(userId, {fields: ['hasGrant']}, myOptions); - - if (!user.hasGrant) - throw new UserError(`You don't have grant privilege`); - - const account = await models.Account.findById(userId, { - fields: ['id'], - include: { - relation: 'aliases', - scope: { - fields: ['mailAlias'] - } - } - }, myOptions); - - const aliases = account.aliases().map(alias => alias.mailAlias); - - const hasAlias = aliases.includes(mailAlias); - if (!hasAlias) - throw new UserError(`You cannot assign an alias that you are not assigned to`); - - return models.MailAliasAccount.create({ - mailAlias: mailAlias, - account: id - }, myOptions); - }; -}; diff --git a/back/methods/vn-user/removeAlias.js b/back/methods/vn-user/removeAlias.js deleted file mode 100644 index 0424c3e96..000000000 --- a/back/methods/vn-user/removeAlias.js +++ /dev/null @@ -1,55 +0,0 @@ -const UserError = require('vn-loopback/util/user-error'); - -module.exports = Self => { - Self.remoteMethod('removeAlias', { - description: 'Remove alias if the user has the grant', - accessType: 'WRITE', - accepts: [ - { - arg: 'ctx', - type: 'Object', - http: {source: 'context'} - }, - { - arg: 'id', - type: 'number', - required: true, - description: 'The user id', - http: {source: 'path'} - }, - { - arg: 'mailAlias', - type: 'number', - description: 'The alias to delete', - required: true - } - ], - http: { - path: `/:id/removeAlias`, - verb: 'POST' - } - }); - - Self.removeAlias = async function(ctx, id, mailAlias, options) { - const models = Self.app.models; - const userId = ctx.req.accessToken.userId; - - const myOptions = {}; - - if (typeof options == 'object') - Object.assign(myOptions, options); - - const canRemoveAlias = await models.ACL.checkAccessAcl(ctx, 'VnUser', 'canRemoveAlias', 'WRITE'); - - if (userId != id && !canRemoveAlias) throw new UserError(`You don't have grant privilege`); - - const mailAliasAccount = await models.MailAliasAccount.findOne({ - where: { - mailAlias: mailAlias, - account: id - } - }, myOptions); - - await mailAliasAccount.destroy(myOptions); - }; -}; diff --git a/back/methods/vn-user/specs/addAlias.spec.js b/back/methods/vn-user/specs/addAlias.spec.js deleted file mode 100644 index ef657a3a8..000000000 --- a/back/methods/vn-user/specs/addAlias.spec.js +++ /dev/null @@ -1,68 +0,0 @@ -const {models} = require('vn-loopback/server/server'); - -describe('VnUser addAlias()', () => { - const employeeId = 1; - const sysadminId = 66; - const developerId = 9; - const customerId = 2; - const mailAlias = 1; - it('should throw an error when user not has privileges', async() => { - const ctx = {req: {accessToken: {userId: employeeId}}}; - const tx = await models.VnUser.beginTransaction({}); - - let error; - try { - const options = {transaction: tx}; - - await models.VnUser.addAlias(ctx, employeeId, mailAlias, options); - - await tx.rollback(); - } catch (e) { - error = e; - await tx.rollback(); - } - - expect(error.message).toContain(`You don't have grant privilege`); - }); - - it('should throw an error when user has privileges but not has the role from user', async() => { - const ctx = {req: {accessToken: {userId: sysadminId}}}; - const tx = await models.VnUser.beginTransaction({}); - - let error; - try { - const options = {transaction: tx}; - - await models.VnUser.addAlias(ctx, employeeId, mailAlias, options); - - await tx.rollback(); - } catch (e) { - error = e; - await tx.rollback(); - } - - expect(error.message).toContain(`You cannot assign an alias that you are not assigned to`); - }); - - it('should add an alias', async() => { - const ctx = {req: {accessToken: {userId: developerId}}}; - const tx = await models.VnUser.beginTransaction({}); - - let result; - try { - const options = {transaction: tx}; - - const user = await models.VnUser.findById(developerId, null, options); - await user.updateAttribute('hasGrant', true, options); - - result = await models.VnUser.addAlias(ctx, customerId, mailAlias, options); - - await tx.rollback(); - } catch (e) { - await tx.rollback(); - } - - expect(result.mailAlias).toBe(mailAlias); - expect(result.account).toBe(customerId); - }); -}); diff --git a/back/models/vn-user.js b/back/models/vn-user.js index 11d4bf250..a7ce12073 100644 --- a/back/models/vn-user.js +++ b/back/models/vn-user.js @@ -12,8 +12,6 @@ module.exports = function(Self) { require('../methods/vn-user/privileges')(Self); require('../methods/vn-user/validate-auth')(Self); require('../methods/vn-user/renew-token')(Self); - require('../methods/vn-user/addAlias')(Self); - require('../methods/vn-user/removeAlias')(Self); Self.definition.settings.acls = Self.definition.settings.acls.filter(acl => acl.property !== 'create'); diff --git a/db/changes/232601/00-aclAddAlias.sql b/db/changes/232601/00-aclAddAlias.sql deleted file mode 100644 index cc96f5ad8..000000000 --- a/db/changes/232601/00-aclAddAlias.sql +++ /dev/null @@ -1,11 +0,0 @@ -INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) - VALUES - ('VnUser', 'addAlias', 'WRITE', 'ALLOW', 'ROLE', 'employee'); - -INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) - VALUES - ('VnUser', 'removeAlias', 'WRITE', 'ALLOW', 'ROLE', 'employee'); - -INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) - VALUES - ('VnUser', 'canRemoveAlias', 'WRITE', 'ALLOW', 'ROLE', 'itManagement'); diff --git a/db/changes/232602/01-aclAddAlias.sql b/db/changes/232602/01-aclAddAlias.sql new file mode 100644 index 000000000..d4df3cd44 --- /dev/null +++ b/db/changes/232602/01-aclAddAlias.sql @@ -0,0 +1,8 @@ +DELETE FROM `salix`.`ACL` WHERE model = 'MailAliasAccount'; + +INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) + VALUES + ('MailAliasAccount', '*', 'READ', 'ALLOW', 'ROLE', 'employee'), + ('MailAliasAccount', 'create', 'WRITE', 'ALLOW', 'ROLE', 'employee'), + ('MailAliasAccount', 'deleteById', 'WRITE', 'ALLOW', 'ROLE', 'employee'), + ('MailAliasAccount', 'canEditAlias', 'WRITE', 'ALLOW', 'ROLE', 'itManagement'); diff --git a/loopback/locale/es.json b/loopback/locale/es.json index 784ff5e6e..4086cfa4a 100644 --- a/loopback/locale/es.json +++ b/loopback/locale/es.json @@ -305,5 +305,5 @@ "The renew period has not been exceeded": "El periodo de renovación no ha sido superado", "Valid priorities": "Prioridades válidas: %d", "Negative basis of tickets": "Base negativa para los tickets: {{ticketsIds}}", - "You cannot assign an alias that you are not assigned to": "No puede asignar un alias que no tenga asignado" + "You cannot assign/remove an alias that you are not assigned to": "No puede asignar/eliminar un alias que no tenga asignado" } diff --git a/modules/account/back/models/mail-alias-account.js b/modules/account/back/models/mail-alias-account.js new file mode 100644 index 000000000..6f5213f24 --- /dev/null +++ b/modules/account/back/models/mail-alias-account.js @@ -0,0 +1,55 @@ + +const UserError = require('vn-loopback/util/user-error'); + +module.exports = Self => { + Self.observe('before save', async ctx => { + const changes = ctx.currentInstance || ctx.instance; + + await Self.hasGrant(ctx, changes.mailAlias); + }); + + Self.observe('before delete', async ctx => { + const mailAliasAccount = await Self.findById(ctx.where.id); + + await Self.hasGrant(ctx, mailAliasAccount.mailAlias); + }); + + /** + * Checks if current user has + * grant to add/remove alias + * + * @param {Object} ctx - Request context + * @param {Interger} mailAlias - mailAlias id + * @return {Boolean} True for user with grant + */ + Self.hasGrant = async function(ctx, mailAlias) { + const models = Self.app.models; + const accessToken = {req: {accessToken: ctx.options.accessToken}}; + const userId = accessToken.req.accessToken.userId; + + const canEditAlias = await models.ACL.checkAccessAcl(accessToken, 'MailAliasAccount', 'canEditAlias', 'WRITE'); + if (canEditAlias) return true; + + const user = await models.VnUser.findById(userId, {fields: ['hasGrant']}); + if (!user.hasGrant) + throw new UserError(`You don't have grant privilege`); + + const account = await models.Account.findById(userId, { + fields: ['id'], + include: { + relation: 'aliases', + scope: { + fields: ['mailAlias'] + } + } + }); + + const aliases = account.aliases().map(alias => alias.mailAlias); + + const hasAlias = aliases.includes(mailAlias); + if (!hasAlias) + throw new UserError(`You cannot assign/remove an alias that you are not assigned to`); + + return true; + }; +}; diff --git a/modules/account/front/aliases/index.js b/modules/account/front/aliases/index.js index e0c738ee4..0fc806a71 100644 --- a/modules/account/front/aliases/index.js +++ b/modules/account/front/aliases/index.js @@ -21,11 +21,12 @@ export default class Controller extends Section { } onAddClick() { + this.addData = {account: this.$params.id}; this.$.dialog.show(); } onAddSave() { - return this.$http.post(`VnUsers/${this.$params.id}/addAlias`, this.addData) + return this.$http.post(`MailAliasAccounts`, this.addData) .then(() => this.refresh()) .then(() => this.vnApp.showSuccess( this.$t('Subscribed to alias!')) @@ -33,12 +34,11 @@ export default class Controller extends Section { } onRemove(row) { - const params = { - mailAlias: row.mailAlias - }; - return this.$http.post(`VnUsers/${this.$params.id}/removeAlias`, params) - .then(() => this.refresh()) - .then(() => this.vnApp.showSuccess(this.$t('Data saved!'))); + return this.$http.delete(`MailAliasAccounts/${row.id}`) + .then(() => { + this.$.data.splice(this.$.data.indexOf(row), 1); + this.vnApp.showSuccess(this.$t('Unsubscribed from alias!')); + }); } } diff --git a/modules/account/front/aliases/index.spec.js b/modules/account/front/aliases/index.spec.js index 61f71949c..466f1e1e9 100644 --- a/modules/account/front/aliases/index.spec.js +++ b/modules/account/front/aliases/index.spec.js @@ -25,9 +25,8 @@ describe('component vnUserAliases', () => { describe('onAddSave()', () => { it('should add the new row', () => { controller.addData = {account: 1}; - controller.$params = {id: 1}; - $httpBackend.expectPOST('VnUsers/1/addAlias').respond(); + $httpBackend.expectPOST('MailAliasAccounts').respond(); $httpBackend.expectGET('MailAliasAccounts').respond('foo'); controller.onAddSave(); $httpBackend.flush(); @@ -42,14 +41,12 @@ describe('component vnUserAliases', () => { {id: 1, alias: 'foo'}, {id: 2, alias: 'bar'} ]; - controller.$params = {id: 1}; - $httpBackend.expectPOST('VnUsers/1/removeAlias').respond(); - $httpBackend.expectGET('MailAliasAccounts').respond(controller.$.data[1]); + $httpBackend.expectDELETE('MailAliasAccounts/1').respond(); controller.onRemove(controller.$.data[0]); $httpBackend.flush(); - expect(controller.$.data).toEqual({id: 2, alias: 'bar'}); + expect(controller.$.data).toEqual([{id: 2, alias: 'bar'}]); expect(controller.vnApp.showSuccess).toHaveBeenCalled(); }); }); diff --git a/modules/ticket/back/methods/ticket/specs/filter.spec.js b/modules/ticket/back/methods/ticket/specs/filter.spec.js index 6cc1a3ad2..510446cab 100644 --- a/modules/ticket/back/methods/ticket/specs/filter.spec.js +++ b/modules/ticket/back/methods/ticket/specs/filter.spec.js @@ -141,6 +141,7 @@ describe('ticket filter()', () => { }); it('should return the tickets that are not pending', async() => { + pending('#6010 test intermitente'); const tx = await models.Ticket.beginTransaction({}); try {