refs #5468 descriptor account solo lo puede ejecutar sysadmin y mail-forwarding solo el mismo o un superior
gitea/salix/pipeline/head This commit looks good
Details
gitea/salix/pipeline/head This commit looks good
Details
This commit is contained in:
parent
f2bef8dcf6
commit
af0523a155
|
@ -0,0 +1,6 @@
|
|||
DELETE
|
||||
FROM `salix`.`ACL`
|
||||
WHERE model='Account' AND property='*' AND accessType='*';
|
||||
|
||||
INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
|
||||
VALUES('Account', '*', 'WRITE', 'ALLOW', 'ROLE', 'sysadmin');
|
|
@ -15,7 +15,9 @@
|
|||
</vn-item-section>
|
||||
<vn-item-section side>
|
||||
<vn-icon-button
|
||||
ng-if="!$ctrl.isSubordinate"
|
||||
icon="delete"
|
||||
label="$ctrl.isSubordinate"
|
||||
translate-attr="{title: 'Unsubscribe'}"
|
||||
ng-click="removeConfirm.show(row)">
|
||||
</vn-icon-button>
|
||||
|
|
|
@ -4,6 +4,13 @@ import Section from 'salix/components/section';
|
|||
export default class Controller extends Section {
|
||||
$onInit() {
|
||||
this.refresh();
|
||||
this.getIsSubordinate();
|
||||
console.log(this.isSubordinate);
|
||||
}
|
||||
|
||||
getIsSubordinate() {
|
||||
this.$http.get(`Workers/${this.$params.id}/isSubordinate`)
|
||||
.then(res => this.isSubordinate = res.data);
|
||||
}
|
||||
|
||||
refresh() {
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<vn-item
|
||||
ng-click="deleteUser.show()"
|
||||
name="deleteUser"
|
||||
vn-acl="it"
|
||||
vn-acl="sysadmin"
|
||||
vn-acl-action="remove"
|
||||
translate>
|
||||
Delete
|
||||
|
@ -15,7 +15,7 @@
|
|||
ng-if="::$root.user.id == $ctrl.id"
|
||||
ng-click="$ctrl.onChangePassClick(true)"
|
||||
name="changePassword"
|
||||
vn-acl="hr"
|
||||
vn-acl="sysadmin"
|
||||
vn-acl-action="remove"
|
||||
translate>
|
||||
Change password
|
||||
|
@ -23,7 +23,7 @@
|
|||
<vn-item
|
||||
ng-click="$ctrl.onChangePassClick(false)"
|
||||
name="setPassword"
|
||||
vn-acl="hr"
|
||||
vn-acl="sysadmin"
|
||||
vn-acl-action="remove"
|
||||
translate>
|
||||
Set password
|
||||
|
@ -32,7 +32,7 @@
|
|||
ng-if="!$ctrl.hasAccount"
|
||||
ng-click="enableAccount.show()"
|
||||
name="enableAccount"
|
||||
vn-acl="it"
|
||||
vn-acl="sysadmin"
|
||||
vn-acl-action="remove"
|
||||
translate>
|
||||
Enable account
|
||||
|
@ -41,7 +41,7 @@
|
|||
ng-if="$ctrl.hasAccount"
|
||||
ng-click="disableAccount.show()"
|
||||
name="disableAccount"
|
||||
vn-acl="it"
|
||||
vn-acl="sysadmin"
|
||||
vn-acl-action="remove"
|
||||
translate>
|
||||
Disable account
|
||||
|
@ -50,8 +50,7 @@
|
|||
ng-if="!$ctrl.user.active"
|
||||
ng-click="activateUser.show()"
|
||||
name="activateUser"
|
||||
vn-acl="hr"
|
||||
vn-acl-action="remove"
|
||||
vn-acl="sysadmin"
|
||||
translate>
|
||||
Activate user
|
||||
</vn-item>
|
||||
|
@ -59,8 +58,7 @@
|
|||
ng-if="$ctrl.user.active"
|
||||
ng-click="deactivateUser.show()"
|
||||
name="deactivateUser"
|
||||
vn-acl="hr"
|
||||
vn-acl-action="remove"
|
||||
vn-acl="sysadmin"
|
||||
translate>
|
||||
Deactivate user
|
||||
</vn-item>
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
</vn-watcher>
|
||||
<form
|
||||
name="form"
|
||||
ng-submit="watcher.submit()"
|
||||
ng-submit="$ctrl.onSubmit()"
|
||||
class="vn-w-md">
|
||||
<vn-card class="vn-pa-lg">
|
||||
<vn-vertical>
|
||||
|
|
|
@ -1,7 +1,22 @@
|
|||
import ngModule from '../module';
|
||||
import Section from 'salix/components/section';
|
||||
import UserError from 'core/lib/user-error';
|
||||
|
||||
export default class Controller extends Section {}
|
||||
export default class Controller extends Section {
|
||||
onSubmit() {
|
||||
this.getIsAuthorized();
|
||||
}
|
||||
|
||||
getIsAuthorized() {
|
||||
this.$http.get(`Workers/${this.$params.id}/authorizeSelfOrSuperior`)
|
||||
.then(res => {
|
||||
this.isAuthorized = res.data;
|
||||
|
||||
if (!this.isAuthorized) throw new UserError(`You don't have enough privileges`);
|
||||
this.$.watcher.submit();
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
ngModule.component('vnUserMailForwarding', {
|
||||
template: require('./index.html'),
|
||||
|
|
|
@ -0,0 +1,44 @@
|
|||
module.exports = Self => {
|
||||
Self.remoteMethod('authorizeSelfOrSuperior', {
|
||||
description: 'Return true if is himself or a superior',
|
||||
accessType: 'READ',
|
||||
accepts: [{
|
||||
arg: 'ctx',
|
||||
type: 'Object',
|
||||
http: {source: 'context'}
|
||||
}, {
|
||||
arg: 'id',
|
||||
type: 'number',
|
||||
required: true,
|
||||
description: 'The worker id',
|
||||
http: {source: 'path'}
|
||||
}],
|
||||
returns: {
|
||||
type: 'boolean',
|
||||
root: true
|
||||
},
|
||||
http: {
|
||||
path: `/:id/authorizeSelfOrSuperior`,
|
||||
verb: 'GET'
|
||||
}
|
||||
});
|
||||
|
||||
Self.authorizeSelfOrSuperior = async(ctx, id, options) => {
|
||||
const models = Self.app.models;
|
||||
const currentUserId = ctx.req.accessToken.userId;
|
||||
const isHimself = currentUserId == id;
|
||||
|
||||
const myOptions = {};
|
||||
|
||||
if (typeof options == 'object')
|
||||
Object.assign(myOptions, options);
|
||||
|
||||
const isSubordinate = await models.Worker.isSubordinate(ctx, id, myOptions);
|
||||
const isTeamBoss = await models.VnUser.hasRole(currentUserId, 'teamBoss', myOptions);
|
||||
|
||||
if (!isSubordinate || (isSubordinate && !isHimself && !isTeamBoss))
|
||||
return false;
|
||||
|
||||
return true;
|
||||
};
|
||||
};
|
|
@ -16,6 +16,7 @@ module.exports = Self => {
|
|||
require('../methods/worker/new')(Self);
|
||||
require('../methods/worker/deallocatePDA')(Self);
|
||||
require('../methods/worker/allocatePDA')(Self);
|
||||
require('../methods/worker/authorizeSelfOrSuperior')(Self);
|
||||
|
||||
Self.validatesUniquenessOf('locker', {
|
||||
message: 'This locker has already been assigned'
|
||||
|
|
Loading…
Reference in New Issue