parent
330af56d2f
commit
f65d06fc7d
|
@ -29,6 +29,8 @@ module.exports = Self => {
|
||||||
});
|
});
|
||||||
|
|
||||||
Self.privileges = async function(ctx, id, roleFk, hasGrant, options) {
|
Self.privileges = async function(ctx, id, roleFk, hasGrant, options) {
|
||||||
|
if (!(hasGrant != null || roleFk)) return;
|
||||||
|
|
||||||
const models = Self.app.models;
|
const models = Self.app.models;
|
||||||
const userId = ctx.req.accessToken.userId;
|
const userId = ctx.req.accessToken.userId;
|
||||||
|
|
||||||
|
@ -37,22 +39,26 @@ module.exports = Self => {
|
||||||
if (typeof options == 'object')
|
if (typeof options == 'object')
|
||||||
Object.assign(myOptions, options);
|
Object.assign(myOptions, options);
|
||||||
|
|
||||||
const user = await models.Account.findById(userId, null, myOptions);
|
const user = await models.Account.findById(userId, {fields: ['hasGrant']}, myOptions);
|
||||||
|
|
||||||
if (!user.hasGrant)
|
if (!user.hasGrant)
|
||||||
throw new UserError(`You don't have enough privileges`);
|
throw new UserError(`You don't have grant privilege`);
|
||||||
|
|
||||||
const userToUpdate = await models.Account.findById(id);
|
const userToUpdate = await models.Account.findById(id, ['name', 'hasGrant', 'roleFk'], myOptions);
|
||||||
if (hasGrant != null)
|
if (hasGrant != null)
|
||||||
return await userToUpdate.updateAttribute('hasGrant', hasGrant, myOptions);
|
userToUpdate.hasGrant = hasGrant;
|
||||||
if (!roleFk) return;
|
|
||||||
|
|
||||||
const role = await models.Role.findById(roleFk, null, myOptions);
|
if (roleFk) {
|
||||||
const hasRole = await models.Account.hasRole(userId, role.name, myOptions);
|
const role = await models.Role.findById(roleFk, {fields: ['name']}, myOptions);
|
||||||
|
const hasRole = await models.Account.hasRole(userId, role.name, myOptions);
|
||||||
|
|
||||||
if (!hasRole)
|
if (!hasRole)
|
||||||
throw new UserError(`You don't have enough privileges`);
|
throw new UserError(`You don't own the role and you can't assign it to another user`);
|
||||||
|
|
||||||
await userToUpdate.updateAttribute('roleFk', roleFk, myOptions);
|
userToUpdate.roleFk = roleFk;
|
||||||
|
}
|
||||||
|
|
||||||
|
await userToUpdate.save(userToUpdate);
|
||||||
|
await models.UserAccount.sync(userToUpdate.name);
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -4,7 +4,7 @@ describe('account privileges()', () => {
|
||||||
const employeeId = 1;
|
const employeeId = 1;
|
||||||
const developerId = 9;
|
const developerId = 9;
|
||||||
const sysadminId = 66;
|
const sysadminId = 66;
|
||||||
const bruceWayneId = 1101;
|
const clarkKent = 1103;
|
||||||
|
|
||||||
it('should throw an error when user not has privileges', async() => {
|
it('should throw an error when user not has privileges', async() => {
|
||||||
const ctx = {req: {accessToken: {userId: developerId}}};
|
const ctx = {req: {accessToken: {userId: developerId}}};
|
||||||
|
@ -22,7 +22,7 @@ describe('account privileges()', () => {
|
||||||
await tx.rollback();
|
await tx.rollback();
|
||||||
}
|
}
|
||||||
|
|
||||||
expect(error.message).toContain(`You don't have enough privileges`);
|
expect(error.message).toContain(`You don't have grant privilege`);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should throw an error when user has privileges but not has the role', async() => {
|
it('should throw an error when user has privileges but not has the role', async() => {
|
||||||
|
@ -46,7 +46,7 @@ describe('account privileges()', () => {
|
||||||
await tx.rollback();
|
await tx.rollback();
|
||||||
}
|
}
|
||||||
|
|
||||||
expect(error.message).toContain(`You don't have enough privileges`);
|
expect(error.message).toContain(`You don't own the role and you can't assign it to another user`);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should change role', async() => {
|
it('should change role', async() => {
|
||||||
|
@ -63,8 +63,8 @@ describe('account privileges()', () => {
|
||||||
let error;
|
let error;
|
||||||
let result;
|
let result;
|
||||||
try {
|
try {
|
||||||
await models.Account.privileges(ctx, bruceWayneId, agency.id, null, options);
|
await models.Account.privileges(ctx, clarkKent, agency.id, null, options);
|
||||||
result = await models.Account.findById(bruceWayneId, null, options);
|
result = await models.Account.findById(clarkKent, null, options);
|
||||||
|
|
||||||
await tx.rollback();
|
await tx.rollback();
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
|
@ -84,8 +84,8 @@ describe('account privileges()', () => {
|
||||||
let result;
|
let result;
|
||||||
try {
|
try {
|
||||||
const options = {transaction: tx};
|
const options = {transaction: tx};
|
||||||
await models.Account.privileges(ctx, bruceWayneId, null, true, options);
|
await models.Account.privileges(ctx, clarkKent, null, true, options);
|
||||||
result = await models.Account.findById(bruceWayneId, null, options);
|
result = await models.Account.findById(clarkKent, null, options);
|
||||||
|
|
||||||
await tx.rollback();
|
await tx.rollback();
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
|
|
|
@ -1 +1,4 @@
|
||||||
ALTER TABLE `account`.`user` ADD hasGrant TINYINT(1) NOT NULL;
|
ALTER TABLE `account`.`user` ADD hasGrant TINYINT(1) NOT NULL;
|
||||||
|
|
||||||
|
INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
|
||||||
|
VALUES('Account', 'privileges', '*', 'ALLOW', 'ROLE', '$authenticated');
|
||||||
|
|
|
@ -14,10 +14,10 @@ INSERT INTO `salix`.`AccessToken` (`id`, `ttl`, `created`, `userId`)
|
||||||
('DEFAULT_TOKEN', '1209600', util.VN_CURDATE(), 66);
|
('DEFAULT_TOKEN', '1209600', util.VN_CURDATE(), 66);
|
||||||
|
|
||||||
INSERT INTO `salix`.`printConfig` (`id`, `itRecipient`, `incidencesEmail`)
|
INSERT INTO `salix`.`printConfig` (`id`, `itRecipient`, `incidencesEmail`)
|
||||||
VALUES
|
VALUES
|
||||||
(1, 'it@gotamcity.com', 'incidences@gotamcity.com');
|
(1, 'it@gotamcity.com', 'incidences@gotamcity.com');
|
||||||
|
|
||||||
INSERT INTO `vn`.`ticketConfig` (`id`, `scopeDays`)
|
INSERT INTO `vn`.`ticketConfig` (`id`, `scopeDays`)
|
||||||
VALUES
|
VALUES
|
||||||
('1', '6');
|
('1', '6');
|
||||||
|
|
||||||
|
@ -45,8 +45,8 @@ INSERT INTO `account`.`roleConfig`(`id`, `mysqlPassword`, `rolePrefix`, `userPre
|
||||||
|
|
||||||
CALL `account`.`role_sync`;
|
CALL `account`.`role_sync`;
|
||||||
|
|
||||||
INSERT INTO `account`.`user`(`id`,`name`, `nickname`, `password`,`role`,`active`,`email`, `lang`, `image`)
|
INSERT INTO `account`.`user`(`id`,`name`, `nickname`, `password`,`role`,`active`,`email`, `lang`, `image`, `bcryptPassword`)
|
||||||
SELECT id, name, CONCAT(name, 'Nick'),MD5('nightmare'), id, 1, CONCAT(name, '@mydomain.com'), 'en', '4fa3ada0-3ac4-11eb-9ab8-27f6fc3b85fd'
|
SELECT id, name, CONCAT(name, 'Nick'),MD5('nightmare'), id, 1, CONCAT(name, '@mydomain.com'), 'en', '4fa3ada0-3ac4-11eb-9ab8-27f6fc3b85fd', '$2b$10$UzQHth.9UUQ1T5aiQJ21lOU0oVlbxoqH4PFM9V8T90KNSAcg0eEL2'
|
||||||
FROM `account`.`role` WHERE id <> 20
|
FROM `account`.`role` WHERE id <> 20
|
||||||
ORDER BY id;
|
ORDER BY id;
|
||||||
|
|
||||||
|
|
|
@ -29,4 +29,13 @@ describe('Account LDAP path', () => {
|
||||||
|
|
||||||
expect(message.text).toContain('Data saved!');
|
expect(message.text).toContain('Data saved!');
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('should reset data', async() => {
|
||||||
|
await page.waitToClick(selectors.accountLdap.checkEnable);
|
||||||
|
await page.waitToClick(selectors.accountLdap.save);
|
||||||
|
|
||||||
|
const message = await page.waitForSnackbar();
|
||||||
|
|
||||||
|
expect(message.text).toContain('Data saved!');
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
|
@ -29,4 +29,13 @@ describe('Account Samba path', () => {
|
||||||
|
|
||||||
expect(message.text).toContain('Data saved!');
|
expect(message.text).toContain('Data saved!');
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('should reset data', async() => {
|
||||||
|
await page.waitToClick(selectors.accountSamba.checkEnable);
|
||||||
|
await page.waitToClick(selectors.accountSamba.save);
|
||||||
|
|
||||||
|
const message = await page.waitForSnackbar();
|
||||||
|
|
||||||
|
expect(message.text).toContain('Data saved!');
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
|
@ -24,7 +24,7 @@ describe('Account privileges path', () => {
|
||||||
|
|
||||||
const message = await page.waitForSnackbar();
|
const message = await page.waitForSnackbar();
|
||||||
|
|
||||||
expect(message.text).toContain(`You don't have enough privileges`);
|
expect(message.text).toContain(`You don't have grant privilege`);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should throw error when change role', async() => {
|
it('should throw error when change role', async() => {
|
||||||
|
@ -33,7 +33,7 @@ describe('Account privileges path', () => {
|
||||||
|
|
||||||
const message = await page.waitForSnackbar();
|
const message = await page.waitForSnackbar();
|
||||||
|
|
||||||
expect(message.text).toContain(`You don't have enough privileges`);
|
expect(message.text).toContain(`You don't have grant privilege`);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -56,7 +56,16 @@ describe('Account privileges path', () => {
|
||||||
expect(result).toBe('checked');
|
expect(result).toBe('checked');
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should change role', async() => {
|
it('should throw error when change role and not own role', async() => {
|
||||||
|
await page.autocompleteSearch(selectors.accountPrivileges.role, 'itBoss');
|
||||||
|
await page.waitToClick(selectors.accountPrivileges.save);
|
||||||
|
|
||||||
|
const message = await page.waitForSnackbar();
|
||||||
|
|
||||||
|
expect(message.text).toContain(`You don't own the role and you can't assign it to another user`);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('should change role to employee', async() => {
|
||||||
await page.autocompleteSearch(selectors.accountPrivileges.role, 'employee');
|
await page.autocompleteSearch(selectors.accountPrivileges.role, 'employee');
|
||||||
await page.waitToClick(selectors.accountPrivileges.save);
|
await page.waitToClick(selectors.accountPrivileges.save);
|
||||||
const message = await page.waitForSnackbar();
|
const message = await page.waitForSnackbar();
|
||||||
|
@ -67,6 +76,18 @@ describe('Account privileges path', () => {
|
||||||
expect(message.text).toContain(`Data saved!`);
|
expect(message.text).toContain(`Data saved!`);
|
||||||
expect(result).toContain('employee');
|
expect(result).toContain('employee');
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('should return role to developer', async() => {
|
||||||
|
await page.autocompleteSearch(selectors.accountPrivileges.role, 'developer');
|
||||||
|
await page.waitToClick(selectors.accountPrivileges.save);
|
||||||
|
const message = await page.waitForSnackbar();
|
||||||
|
|
||||||
|
await page.reloadSection('account.card.privileges');
|
||||||
|
const result = await page.waitToGetProperty(selectors.accountPrivileges.role, 'value');
|
||||||
|
|
||||||
|
expect(message.text).toContain(`Data saved!`);
|
||||||
|
expect(result).toContain('developer');
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
describe('as developer again', () => {
|
describe('as developer again', () => {
|
||||||
|
@ -76,7 +97,12 @@ describe('Account privileges path', () => {
|
||||||
|
|
||||||
await page.waitToClick(selectors.accountPrivileges.checkHasGrant);
|
await page.waitToClick(selectors.accountPrivileges.checkHasGrant);
|
||||||
await page.waitToClick(selectors.accountPrivileges.save);
|
await page.waitToClick(selectors.accountPrivileges.save);
|
||||||
|
const message = await page.waitForSnackbar();
|
||||||
|
|
||||||
|
expect(message.text).toContain(`Data saved!`);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('should logIn in developer', async() => {
|
||||||
await page.reloadSection('account.card.privileges');
|
await page.reloadSection('account.card.privileges');
|
||||||
const result = await page.checkboxState(selectors.accountPrivileges.checkHasGrant);
|
const result = await page.checkboxState(selectors.accountPrivileges.checkHasGrant);
|
||||||
|
|
||||||
|
|
|
@ -133,5 +133,7 @@
|
||||||
"Descanso semanal 36h. / 72h.": "Weekly rest 36h. / 72h.",
|
"Descanso semanal 36h. / 72h.": "Weekly rest 36h. / 72h.",
|
||||||
"Password does not meet requirements": "Password does not meet requirements",
|
"Password does not meet requirements": "Password does not meet requirements",
|
||||||
"You don't have privileges to change the zone": "You don't have privileges to change the zone or for these parameters there are more than one shipping options, talk to agencies",
|
"You don't have privileges to change the zone": "You don't have privileges to change the zone or for these parameters there are more than one shipping options, talk to agencies",
|
||||||
"Not enough privileges to edit a client": "Not enough privileges to edit a client"
|
"Not enough privileges to edit a client": "Not enough privileges to edit a client",
|
||||||
}
|
"You don't have grant privilege": "You don't have grant privilege",
|
||||||
|
"You don't own the role and you can't assign it to another user": "You don't own the role and you can't assign it to another user"
|
||||||
|
}
|
||||||
|
|
|
@ -235,5 +235,7 @@
|
||||||
"Dirección incorrecta": "Dirección incorrecta",
|
"Dirección incorrecta": "Dirección incorrecta",
|
||||||
"Modifiable user details only by an administrator": "Detalles de usuario modificables solo por un administrador",
|
"Modifiable user details only by an administrator": "Detalles de usuario modificables solo por un administrador",
|
||||||
"Modifiable password only via recovery or by an administrator": "Contraseña modificable solo a través de la recuperación o por un administrador",
|
"Modifiable password only via recovery or by an administrator": "Contraseña modificable solo a través de la recuperación o por un administrador",
|
||||||
"Not enough privileges to edit a client": "No tienes suficientes privilegios para editar un cliente"
|
"Not enough privileges to edit a client": "No tienes suficientes privilegios para editar un cliente",
|
||||||
}
|
"You don't have grant privilege": "No tienes privilegios para dar privilegios",
|
||||||
|
"You don't own the role and you can't assign it to another user": "No eres el propietario del rol y no puedes asignarlo a otro usuario"
|
||||||
|
}
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
Privileges: Privilegios
|
Privileges: Privilegios
|
||||||
Has grant: Tiene privilegios
|
Has grant: Puede dar privilegios
|
||||||
|
|
|
@ -425,14 +425,19 @@ module.exports = Self => {
|
||||||
|
|
||||||
account.observe('before save', async ctx => {
|
account.observe('before save', async ctx => {
|
||||||
if (ctx.isNewInstance) return;
|
if (ctx.isNewInstance) return;
|
||||||
ctx.hookState.oldInstance = JSON.parse(JSON.stringify(ctx.currentInstance));
|
if (ctx.currentInstance)
|
||||||
|
ctx.hookState.oldInstance = JSON.parse(JSON.stringify(ctx.currentInstance));
|
||||||
});
|
});
|
||||||
|
|
||||||
account.observe('after save', async ctx => {
|
account.observe('after save', async ctx => {
|
||||||
const changes = ctx.data || ctx.instance;
|
const changes = ctx.data || ctx.instance;
|
||||||
if (!ctx.isNewInstance && changes) {
|
if (!ctx.isNewInstance && changes) {
|
||||||
const oldData = ctx.hookState.oldInstance;
|
const oldData = ctx.hookState.oldInstance;
|
||||||
const hasChanges = oldData.name != changes.name || oldData.active != changes.active;
|
let hasChanges;
|
||||||
|
|
||||||
|
if (oldData)
|
||||||
|
hasChanges = oldData.name != changes.name || oldData.active != changes.active;
|
||||||
|
|
||||||
if (!hasChanges) return;
|
if (!hasChanges) return;
|
||||||
|
|
||||||
const isClient = await Self.app.models.Client.count({id: oldData.id});
|
const isClient = await Self.app.models.Client.count({id: oldData.id});
|
||||||
|
|
Loading…
Reference in New Issue