verdnatura/salix
verdnatura
/
salix
3
4
Fork 0
Code Issues Pull Requests 57 Releases Wiki Activity

refs #5488 removes 'role =='
gitea/salix/pipeline/head This commit looks good Details

This commit is contained in:
Alex Moreno 2023-04-18 15:03:23 +02:00
parent d6fb05cc93
commit db19f153fb
4 changed files with 12 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
db/changes/231601/00-acls.sql Normal file
View File

@ -0,0 +1,6 @@
INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
VALUES
('Ticket', 'editDiscount', 'WRITE', 'ALLOW', 'ROLE', 'claimManager'),
('Ticket', 'editDiscount', 'WRITE', 'ALLOW', 'ROLE', 'salesPerson');
('Agency', 'seeExpired', 'READ', 'ALLOW', 'ROLE', 'administrative');
('Agency', 'seeExpired', 'READ', 'ALLOW', 'ROLE', 'productionBoss');

7
modules/ticket/back/methods/ticket/updateDiscount.js
View File

@ -85,17 +85,14 @@ module.exports = Self => {
const userId = ctx.req.accessToken.userId;
const isLocked = await models.Ticket.isLocked(id, myOptions);
const roles = await models.Account.getRoles(userId, myOptions);
const hasAllowedRoles = roles.filter(role =>
role == 'salesPerson' || role == 'claimManager'
);
const canEditDiscount = await models.ACL.checkAccessAcl(ctx, 'Ticket', 'editDiscount');
const state = await Self.app.models.TicketState.findOne({
where: {ticketFk: id}
}, myOptions);
const alertLevel = state ? state.alertLevel : null;
if (isLocked || (!hasAllowedRoles && alertLevel > 0))
if (isLocked || (!canEditDiscount && alertLevel > 0))
throw new UserError(`The sales of this ticket can't be modified`);
const usesMana = await models.Sale.usesMana(ctx, myOptions);

9
modules/zone/back/methods/agency/getLanded.js
View File

@ -35,17 +35,14 @@ module.exports = Self => {
});
Self.getLanded = async(ctx, shipped, addressFk, agencyModeFk, warehouseFk, options) => {
const models = Self.app.models;
const myOptions = {};
if (typeof options == 'object')
Object.assign(myOptions, options);
const userId = ctx.req.accessToken.userId;
const models = Self.app.models;
const roles = await models.Account.getRoles(userId);
const canSeeExpired = roles.filter(role =>
role == 'productionBoss' || role == 'administrative'
);
const canSeeExpired = await models.ACL.checkAccessAcl(ctx, 'Agency', 'editDiscount');
let showExpired = false;
if (canSeeExpired.length) showExpired = true;

6
modules/zone/back/methods/zone/includingExpired.js
View File

@ -24,7 +24,6 @@ module.exports = Self => {
if (typeof options == 'object')
Object.assign(myOptions, options);
const userId = ctx.req.accessToken.userId;
const conn = Self.dataSource.connector;
const models = Self.app.models;
const where = filter.where;
@ -36,10 +35,7 @@ module.exports = Self => {
&& where.agencyModeFk && where.warehouseFk;
if (filterByAvailability) {
const roles = await models.Account.getRoles(userId, myOptions);
const canSeeExpired = roles.filter(role =>
role == 'productionBoss' || role == 'administrative'
);
const canSeeExpired = await models.ACL.checkAccessAcl(ctx, 'Agency', 'editDiscount');
let showExpired = false;
if (canSeeExpired.length) showExpired = true;