diff --git a/back/methods/vn-user/addAlias.js b/back/methods/vn-user/addAlias.js new file mode 100644 index 000000000..a9a5dcb85 --- /dev/null +++ b/back/methods/vn-user/addAlias.js @@ -0,0 +1,68 @@ +const UserError = require('vn-loopback/util/user-error'); + +module.exports = Self => { + Self.remoteMethod('addAlias', { + description: 'Add alias if user has grant', + accessType: 'WRITE', + accepts: [ + { + arg: 'ctx', + type: 'Object', + http: {source: 'context'} + }, + { + arg: 'id', + type: 'number', + required: true, + description: 'The user id', + http: {source: 'path'} + }, + { + arg: 'mailAlias', + type: 'number', + description: 'The new alias for user', + required: true + } + ], + http: { + path: `/:id/addAlias`, + verb: 'POST' + } + }); + + Self.addAlias = async function(ctx, id, mailAlias, options) { + const models = Self.app.models; + const userId = ctx.req.accessToken.userId; + + const myOptions = {}; + + if (typeof options == 'object') + Object.assign(myOptions, options); + + const user = await Self.findById(userId, {fields: ['hasGrant']}, myOptions); + + if (!user.hasGrant) + throw new UserError(`You don't have grant privilege`); + + const account = await models.Account.findById(userId, { + fields: ['id'], + include: { + relation: 'aliases', + scope: { + fields: ['mailAlias'] + } + } + }, myOptions); + + const aliases = account.aliases().map(alias => alias.mailAlias); + + const hasAlias = aliases.includes(mailAlias); + if (!hasAlias) + throw new UserError(`You don't have the alias assigned and you can't assign it to another user`); + + return models.MailAliasAccount.create({ + mailAlias: mailAlias, + account: id + }, myOptions); + }; +}; diff --git a/back/methods/vn-user/removeAlias.js b/back/methods/vn-user/removeAlias.js new file mode 100644 index 000000000..4c402cc54 --- /dev/null +++ b/back/methods/vn-user/removeAlias.js @@ -0,0 +1,55 @@ +const UserError = require('vn-loopback/util/user-error'); + +module.exports = Self => { + Self.remoteMethod('removeAlias', { + description: 'Add alias if user has grant', + accessType: 'WRITE', + accepts: [ + { + arg: 'ctx', + type: 'Object', + http: {source: 'context'} + }, + { + arg: 'id', + type: 'number', + required: true, + description: 'The user id', + http: {source: 'path'} + }, + { + arg: 'mailAlias', + type: 'number', + description: 'The alias to delete', + required: true + } + ], + http: { + path: `/:id/removeAlias`, + verb: 'POST' + } + }); + + Self.removeAlias = async function(ctx, id, mailAlias, options) { + const models = Self.app.models; + const userId = ctx.req.accessToken.userId; + + const myOptions = {}; + + if (typeof options == 'object') + Object.assign(myOptions, options); + + const canRemoveAlias = await models.ACL.checkAccessAcl(ctx, 'VnUser', 'canRemoveAlias', 'WRITE'); + + if (userId != id && !canRemoveAlias) throw new UserError(`You don't have grant privilege`); + + const mailAliasAccount = await models.MailAliasAccount.findOne({ + where: { + mailAlias: mailAlias, + account: id + } + }, myOptions); + + await mailAliasAccount.destroy(myOptions); + }; +}; diff --git a/db/changes/232601/00-aclAddAlias.sql b/db/changes/232601/00-aclAddAlias.sql new file mode 100644 index 000000000..cc96f5ad8 --- /dev/null +++ b/db/changes/232601/00-aclAddAlias.sql @@ -0,0 +1,11 @@ +INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) + VALUES + ('VnUser', 'addAlias', 'WRITE', 'ALLOW', 'ROLE', 'employee'); + +INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) + VALUES + ('VnUser', 'removeAlias', 'WRITE', 'ALLOW', 'ROLE', 'employee'); + +INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) + VALUES + ('VnUser', 'canRemoveAlias', 'WRITE', 'ALLOW', 'ROLE', 'itManagement');