verdnatura/salix
verdnatura
/
salix
3
4
Fork 0
Code Issues Pull Requests 67 Releases Wiki Activity

requested changes refs #4797 @2h
gitea/salix/pipeline/head This commit looks good Details

This commit is contained in:
Pau 2022-12-27 14:32:19 +01:00
parent ea7f4b7c02
commit ee0cd2174f
4 changed files with 83 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
back/methods/notification/deleteSubcription.js
View File

@ -1,56 +0,0 @@
module.exports = Self => {
Self.remoteMethod('deleteSubscription', {
description: 'delete a notification subscription',
accessType: 'WRITE',
accepts: [
{
arg: 'notificationId',
type: 'string',
required: true
},
{
arg: 'userId',
type: 'string',
required: true
}
],
returns: {
type: 'object',
root: true
},
http: {
path: `/deleteSubscription`,
verb: 'POST'
}
});
Self.deleteSubscription = async(notificationId, userId, options) => {
const myOptions = {};
let tx;
if (typeof options == 'object')
Object.assign(myOptions, options);
if (!myOptions.transaction) {
tx = await Self.beginTransaction({});
myOptions.transaction = tx;
}
try {
const query = `DELETE FROM util.notificationSubscription
WHERE notificationFk = ? AND userFk = ?`;
await Self.rawSql(query, [notificationId, userId], myOptions);
if (tx) await tx.commit();
return {success: true};
} catch (error) {
if (tx) await tx.rollback();
throw error;
}
};
};

72
back/models/notificationSubscription.js
View File

@ -1,3 +1,73 @@
const UserError = require('vn-loopback/util/user-error');
module.exports = Self => { module.exports = Self => {
require('../methods/notification/deleteSubcription')(Self); Self.observe('before save', async function(ctx) {
let models = Self.app.models;
let userId = ctx.options.accessToken.userId;
let modifiedUser = await models.Worker.findOne({
fields: ['id', 'bossFk'],
where: {
id: ctx.instance.userFk
}
});
if (userId == modifiedUser.id || userId == modifiedUser.bossFk)
return;
else
throw new UserError('You dont have permission to modify this user');
});
Self.remoteMethod('deleteNotification', {
description: 'Gets the current user data',
accepts: [
{
arg: 'ctx',
type: 'object',
http: {source: 'context'}
},
{
arg: 'userId',
type: 'string'
},
{
arg: 'notificationId',
type: 'number'
},
{
arg: 'authorId',
type: 'number'
}
],
returns: {
type: 'object',
root: true
},
http: {
verb: 'POST',
path: '/deleteNotification'
}
});
Self.deleteNotification = async function(ctx) {
let models = Self.app.models;
let user = await ctx.args.authorId;
let notificationId = await ctx.args.notificationId;
let userId = await ctx.args.userId;
let modifiedUser = await models.Worker.findOne({
fields: ['id', 'bossFk'],
where: {
id: ctx.args.userId
}
});
if (user == modifiedUser.id || modifiedUser.bossFk == user) {
const query = `DELETE FROM util.notificationSubscription
WHERE notificationFk = ? AND userFk = ?`;
await Self.rawSql(query, [notificationId, userId]);
return;
} else
throw new UserError('You dont have permission to modify this user');
};
}; };

1
back/models/notificationSubscription.json
View File

@ -9,6 +9,7 @@
"properties": { "properties": {
"notificationFk": { "notificationFk": {
"type": "number", "type": "number",
"id": true,
"description": "Identifier" "description": "Identifier"
}, },
"userFk": { "userFk": {

8
db/changes/230201/00-acl_notifications.sql
View File

@ -1,3 +1,11 @@
INSERT INTO
`salix`.`ACL` (
`model`,
`property`,
`accessType`,
`permission`,
`principalId`
)
VALUES VALUES
('NotificationSubscription', '*', '*', 'employee'), ('NotificationSubscription', '*', '*', 'employee'),
('NotificationAcl', '*', '*', 'employee'); ('NotificationAcl', '*', '*', 'employee');