refs #5468 feat: modificalos acl de VnUser

2023-05-23 08:45:03 +02:00 · 2023-05-23 08:45:03 +02:00 · aea39dd0b7
parent 3b7b31deb1
commit aea39dd0b7
6 changed files with 87 additions and 11 deletions
--- a/back/methods/vn-user/createUser.js
+++ b/back/methods/vn-user/createUser.js
@ -0,0 +1,72 @@
+module.exports = function(Self) {
+    Self.remoteMethodCtx('createUser', {
+        description: 'Create a user',
+        accessType: 'WRITE',
+        accepts: [{
+            arg: 'name',
+            type: 'string',
+            required: true
+        },
+        {
+            arg: 'nickname',
+            type: 'string',
+            required: true
+        },
+        {
+            arg: 'email',
+            type: 'string',
+            required: true
+        },
+        {
+            arg: 'roleFk',
+            type: 'number',
+            required: true
+        },
+        {
+            arg: 'password',
+            type: 'string',
+            required: true
+        },
+        {
+            arg: 'active',
+            type: 'boolean'
+        }],
+        returns: {
+            root: true,
+            type: 'object'
+        },
+        http: {
+            verb: 'POST',
+            path: '/createUser'
+        }
+    });
+
+    Self.createUser = async(ctx, options) => {
+        const models = Self.app.models;
+        const args = ctx.args;
+        let tx;
+        const myOptions = {};
+
+        if (typeof options == 'object')
+            Object.assign(myOptions, options);
+
+        if (!myOptions.transaction) {
+            tx = await Self.beginTransaction({});
+            myOptions.transaction = tx;
+        }
+
+        try {
+            if (!args.active) args.active = false;
+
+            delete args.ctx; // Remove unwanted properties
+            const newUser = await models.VnUser.create(args, myOptions);
+
+            if (tx) await tx.commit();
+
+            return newUser;
+        } catch (e) {
+            if (tx) await tx.rollback();
+            throw e;
+        }
+    };
+};
--- a/back/models/vn-user.js
+++ b/back/models/vn-user.js
@ -10,6 +10,9 @@ module.exports = function(Self) {
    require('../methods/vn-user/recover-password')(Self);
    require('../methods/vn-user/validate-token')(Self);
    require('../methods/vn-user/privileges')(Self);
+    require('../methods/vn-user/createUser')(Self);
+
+    Self.definition.settings.acls.find(acl => acl.property == 'create').permission = 'DENY';

    // Validations

--- a/db/changes/232201/00-aclAccount.sql
+++ b/db/changes/232201/00-aclAccount.sql
--- a/db/changes/232201/00-aclVnUser.sql
+++ b/db/changes/232201/00-aclVnUser.sql
@ -6,4 +6,5 @@ INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalTyp
    VALUES
        ('VnUser', '*', '*', 'ALLOW', 'ROLE', 'itManagement'),
        ('VnUser', '__get__preview', 'READ', 'ALLOW', 'ROLE', 'employee'),
-        ('VnUser', 'preview', '*', 'ALLOW', 'ROLE', 'employee');
+        ('VnUser', 'preview', '*', 'ALLOW', 'ROLE', 'employee'),
+        ('VnUser', 'createUser', 'WRITE', 'ALLOW', 'ROLE', 'itManagement');
--- a/modules/account/front/create/index.html
+++ b/modules/account/front/create/index.html
@ -1,6 +1,6 @@
 <vn-watcher
    vn-id="watcher"
-    url="VnUsers"
+    url="VnUsers/createUser"
    data="$ctrl.user"
    insert-mode="true"
    form="form">
--- a/modules/account/front/index/index.html
+++ b/modules/account/front/index/index.html
@ -41,7 +41,7 @@
    ui-sref="account.create"
    vn-tooltip="New user"
    vn-bind="+"
-    vn-acl="it"
+    vn-acl="itManagement"
    vn-acl-action="remove">
    <vn-float-button icon="add"></vn-float-button>
 </a>