This commit is contained in:
parent
ea7f4b7c02
commit
ee0cd2174f
|
|
@ -1,56 +0,0 @@
|
|||
module.exports = Self => {
|
||||
Self.remoteMethod('deleteSubscription', {
|
||||
description: 'delete a notification subscription',
|
||||
accessType: 'WRITE',
|
||||
accepts: [
|
||||
{
|
||||
arg: 'notificationId',
|
||||
type: 'string',
|
||||
required: true
|
||||
},
|
||||
{
|
||||
arg: 'userId',
|
||||
type: 'string',
|
||||
required: true
|
||||
}
|
||||
],
|
||||
returns: {
|
||||
type: 'object',
|
||||
root: true
|
||||
},
|
||||
http: {
|
||||
path: `/deleteSubscription`,
|
||||
verb: 'POST'
|
||||
}
|
||||
});
|
||||
|
||||
Self.deleteSubscription = async(notificationId, userId, options) => {
|
||||
const myOptions = {};
|
||||
let tx;
|
||||
|
||||
if (typeof options == 'object')
|
||||
|
||||
Object.assign(myOptions, options);
|
||||
|
||||
if (!myOptions.transaction) {
|
||||
tx = await Self.beginTransaction({});
|
||||
|
||||
myOptions.transaction = tx;
|
||||
}
|
||||
|
||||
try {
|
||||
const query = `DELETE FROM util.notificationSubscription
|
||||
WHERE notificationFk = ? AND userFk = ?`;
|
||||
|
||||
await Self.rawSql(query, [notificationId, userId], myOptions);
|
||||
|
||||
if (tx) await tx.commit();
|
||||
|
||||
return {success: true};
|
||||
} catch (error) {
|
||||
if (tx) await tx.rollback();
|
||||
|
||||
throw error;
|
||||
}
|
||||
};
|
||||
};
|
||||
|
|
@ -1,3 +1,73 @@
|
|||
const UserError = require('vn-loopback/util/user-error');
|
||||
|
||||
module.exports = Self => {
|
||||
require('../methods/notification/deleteSubcription')(Self);
|
||||
Self.observe('before save', async function(ctx) {
|
||||
let models = Self.app.models;
|
||||
let userId = ctx.options.accessToken.userId;
|
||||
let modifiedUser = await models.Worker.findOne({
|
||||
fields: ['id', 'bossFk'],
|
||||
where: {
|
||||
id: ctx.instance.userFk
|
||||
}
|
||||
});
|
||||
|
||||
if (userId == modifiedUser.id || userId == modifiedUser.bossFk)
|
||||
return;
|
||||
else
|
||||
throw new UserError('You dont have permission to modify this user');
|
||||
});
|
||||
|
||||
Self.remoteMethod('deleteNotification', {
|
||||
description: 'Gets the current user data',
|
||||
accepts: [
|
||||
{
|
||||
arg: 'ctx',
|
||||
type: 'object',
|
||||
http: {source: 'context'}
|
||||
},
|
||||
{
|
||||
arg: 'userId',
|
||||
type: 'string'
|
||||
},
|
||||
{
|
||||
arg: 'notificationId',
|
||||
type: 'number'
|
||||
},
|
||||
{
|
||||
arg: 'authorId',
|
||||
type: 'number'
|
||||
}
|
||||
],
|
||||
returns: {
|
||||
type: 'object',
|
||||
root: true
|
||||
},
|
||||
http: {
|
||||
verb: 'POST',
|
||||
path: '/deleteNotification'
|
||||
}
|
||||
});
|
||||
|
||||
Self.deleteNotification = async function(ctx) {
|
||||
let models = Self.app.models;
|
||||
let user = await ctx.args.authorId;
|
||||
let notificationId = await ctx.args.notificationId;
|
||||
let userId = await ctx.args.userId;
|
||||
let modifiedUser = await models.Worker.findOne({
|
||||
fields: ['id', 'bossFk'],
|
||||
where: {
|
||||
id: ctx.args.userId
|
||||
}
|
||||
});
|
||||
|
||||
if (user == modifiedUser.id || modifiedUser.bossFk == user) {
|
||||
const query = `DELETE FROM util.notificationSubscription
|
||||
WHERE notificationFk = ? AND userFk = ?`;
|
||||
|
||||
await Self.rawSql(query, [notificationId, userId]);
|
||||
|
||||
return;
|
||||
} else
|
||||
throw new UserError('You dont have permission to modify this user');
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@
|
|||
"properties": {
|
||||
"notificationFk": {
|
||||
"type": "number",
|
||||
"id": true,
|
||||
"description": "Identifier"
|
||||
},
|
||||
"userFk": {
|
||||
|
|
|
|||
|
|
@ -1,3 +1,11 @@
|
|||
INSERT INTO
|
||||
`salix`.`ACL` (
|
||||
`model`,
|
||||
`property`,
|
||||
`accessType`,
|
||||
`permission`,
|
||||
`principalId`
|
||||
)
|
||||
VALUES
|
||||
('NotificationSubscription', '*', '*', 'employee'),
|
||||
('NotificationAcl', '*', '*', 'employee');
|
||||
Loading…
Reference in New Issue