From c07e30a89c691e11e2bace073b0c587e54d15d9d Mon Sep 17 00:00:00 2001 From: jorgep Date: Wed, 8 Jan 2025 12:48:28 +0100 Subject: [PATCH] fix: prevent deleting absences for past dates --- db/versions/11400-turquoiseChrysanthemum/00-firstScript.sql | 2 ++ modules/worker/back/methods/worker/deleteAbsence.js | 6 ++++++ 2 files changed, 8 insertions(+) create mode 100644 db/versions/11400-turquoiseChrysanthemum/00-firstScript.sql diff --git a/db/versions/11400-turquoiseChrysanthemum/00-firstScript.sql b/db/versions/11400-turquoiseChrysanthemum/00-firstScript.sql new file mode 100644 index 000000000..8ab24cb0d --- /dev/null +++ b/db/versions/11400-turquoiseChrysanthemum/00-firstScript.sql @@ -0,0 +1,2 @@ +INSERT INTO salix.ACL (model,property,accessType,permission,principalType,principalId) + VALUES ('Worker','canDeleteAbsenceInPast','WRITE','ALLOW','ROLE','hr'); \ No newline at end of file diff --git a/modules/worker/back/methods/worker/deleteAbsence.js b/modules/worker/back/methods/worker/deleteAbsence.js index b71d077a4..a7c6efc21 100644 --- a/modules/worker/back/methods/worker/deleteAbsence.js +++ b/modules/worker/back/methods/worker/deleteAbsence.js @@ -53,6 +53,12 @@ module.exports = Self => { } } }, myOptions); + const canDeleteAbsenceInPast = + await models.ACL.checkAccessAcl(ctx, 'Worker', 'canDeleteAbsenceInPast', 'WRITE'); + + if (!canDeleteAbsenceInPast && Date.vnNow() > absence.dated.getTime()) + throw new UserError(`Holidays to past days not available`); + const result = await absence.destroy(myOptions); const labour = absence.labour(); const department = labour && labour.department();