verdnatura/salix
verdnatura
/
salix
3
4
Fork 0
Code Issues Pull Requests 68 Releases Wiki Activity

Merge branch '3569-refactor_isEditable-canEdit' of https://gitea.verdnatura.es/verdnatura/salix into 3569-refactor_isEditable-canEdit

This commit is contained in:
Alex Moreno 2022-10-19 07:11:33 +02:00
parent 37d645c6de a5ceee07e9
commit f9e6cbc0dd
8 changed files with 42 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
back/methods/account/hasFuncionalityAcl.js
View File

@ -1,47 +0,0 @@
module.exports = Self => {
Self.remoteMethod('hasFuncionalityAcl', {
description: 'Return if user has permissions',
accepts: [
{
arg: 'model',
type: 'String',
description: 'The model',
required: true
},
{
arg: 'property',
type: 'String',
description: 'The property',
required: true
}
],
returns: {
type: 'Object',
root: true
},
http: {
path: `/hasFuncionalityAcl`,
verb: 'GET'
}
});
Self.hasFuncionalityAcl = async function(ctx, model, property) {
const userId = ctx.req.accessToken.userId;
const models = Self.app.models;
const acls = await models.FuncionalityAcl.find({
where: {
model: model,
property: property
}
});
let hasPermissions;
for (let acl of acls)
if (!hasPermissions) hasPermissions = await models.Account.hasRole(userId, acl.role);
if (hasPermissions)
return true;
return false;
};
};

1
back/models/account.js
View File

@ -7,7 +7,6 @@ module.exports = Self => {
require('../methods/account/change-password')(Self); require('../methods/account/change-password')(Self);
require('../methods/account/set-password')(Self); require('../methods/account/set-password')(Self);
require('../methods/account/validate-token')(Self); require('../methods/account/validate-token')(Self);
require('../methods/account/hasFuncionalityAcl')(Self);
require('../methods/account/privileges')(Self); require('../methods/account/privileges')(Self);
// Validations // Validations

3
db/changes/10491-august/00-editTrackedACL.sql Normal file
View File

@ -0,0 +1,3 @@
INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
VALUES
('Sale', 'editTracked', 'READ', 'ALLOW', 'ROLE', 'production');

15
db/changes/10491-august/00-funcionalityAcl.sql
View File

@ -1,15 +0,0 @@
CREATE TABLE `salix`.`funcionalityAcl` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`model` varchar(255) COLLATE utf8mb3_unicode_ci DEFAULT NULL,
`property` varchar(255) COLLATE utf8mb3_unicode_ci DEFAULT NULL,
`role` varchar(45) COLLATE utf8mb3_unicode_ci DEFAULT NULL,
PRIMARY KEY (`id`),
CONSTRAINT `role_FK` FOREIGN KEY (`role`) REFERENCES `account`.`role` (`name`) ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_unicode_ci;
INSERT INTO `salix`.`funcionalityAcl` (`model`, `property`, `role`)
VALUES
('Sale', 'editTracked', 'production'),
('Sale', 'editCloned', 66);
('Sale', 'editWeekly', 66);

8
loopback/server/datasources.json
View File

@ -40,6 +40,7 @@
"image/png", "image/png",
"image/jpeg", "image/jpeg",
"image/jpg", "image/jpg",
"image/webp",
"video/mp4" "video/mp4"
] ]
}, },
@ -60,7 +61,8 @@
"multipart/x-zip", "multipart/x-zip",
"image/png", "image/png",
"image/jpeg", "image/jpeg",
"image/jpg" "image/jpg",
"image/webp"
] ]
}, },
"imageStorage": { "imageStorage": {
@ -72,7 +74,8 @@
"allowedContentTypes": [ "allowedContentTypes": [
"image/png", "image/png",
"image/jpeg", "image/jpeg",
"image/jpg" "image/jpg",
"image/webp"
] ]
}, },
"invoiceStorage": { "invoiceStorage": {
@ -96,6 +99,7 @@
"image/png", "image/png",
"image/jpeg", "image/jpeg",
"image/jpg", "image/jpg",
"image/webp",
"video/mp4" "video/mp4"
] ]
}, },

28
modules/ticket/back/methods/sale/canEdit.js
View File

@ -40,16 +40,36 @@ module.exports = Self => {
const isTicketWeekly = const isTicketWeekly =
await models.TicketWeekly.findOne({where: {ticketFk: firstSale.ticketFk}}, myOptions); await models.TicketWeekly.findOne({where: {ticketFk: firstSale.ticketFk}}, myOptions);
const canEditTracked = await models.Account.hasFuncionalityAcl(ctx, 'Sale', 'editTracked'); // (principalType, principalId,model, property, accessType,callback);
const canEditCloned = await models.Account.hasFuncionalityAcl(ctx, 'Sale', 'editCloned'); // let canEditTracked = await models.ACL.checkPermission('ROLE', 'employee', 'Sale', 'updateConcept', '*');
const canEditWeekly = await models.Account.hasFuncionalityAcl(ctx, 'Ticket', 'editWeekly'); // let canEditTracked2 = await models.ACL.checkPermission('USER', 'developer', 'Sale', 'editTracked', 'READ');
const array = ['editTracked'];
let canEditTracked3 = await models.ACL.checkAccessForContext({
principals: [{
type: 'ROLE',
id: 'employee'
}],
model: 'Sale',
property: 'editTracked',
methodNames: array,
accessType: 'READ'
});
console.log(canEditTracked3);
// canEditTracked = await models.ACL.resolvePermission(canEditTracked);
// let canEditCloned = await models.ACL.checkPermission('ROLE', 'employee', 'Sale', 'editCloned', '*');
// let canEditWeekly = await models.ACL.checkPermission('ROLE', 'employee', 'Ticket', 'editWeekly', '*');
// console.log(canEditTracked, canEditTracked2);
console.log(canEditTracked3);
const shouldEditTracked = canEditTracked || !hasSaleTracking; const shouldEditTracked = canEditTracked || !hasSaleTracking;
const shouldEditCloned = canEditCloned || !hasSaleCloned; const shouldEditCloned = canEditCloned || !hasSaleCloned;
const shouldEditWeekly = canEditWeekly || !isTicketWeekly; const shouldEditWeekly = canEditWeekly || !isTicketWeekly;
const canEdit = shouldEditTracked && shouldEditCloned && shouldEditWeekly; const canEdit = shouldEditTracked && shouldEditCloned && shouldEditWeekly;
return canEdit; if (canEdit)
return true;
return false;
}; };
}; };

12
modules/ticket/back/methods/sale/specs/canEdit.spec.js
View File

@ -91,20 +91,20 @@ describe('sale canEdit()', () => {
it('should return true if any of the sales is cloned and has the correct role', async() => { it('should return true if any of the sales is cloned and has the correct role', async() => {
const tx = await models.Sale.beginTransaction({}); const tx = await models.Sale.beginTransaction({});
const roleEnabled = await models.FuncionalityAcl.findOne({ const roleEnabled = await models.ACL.findOne({
where: { where: {
model: 'Sale', model: 'Sale',
property: 'editCloned' property: 'editCloned'
} }
}); });
if (!roleEnabled || !roleEnabled.role) return; if (!roleEnabled || !roleEnabled.principalId) return;
try { try {
const options = {transaction: tx}; const options = {transaction: tx};
const roleId = await models.Role.findOne({ const roleId = await models.Role.findOne({
where: { where: {
name: roleEnabled.role name: roleEnabled.principalId
} }
}); });
const ctx = {req: {accessToken: {userId: roleId}}}; const ctx = {req: {accessToken: {userId: roleId}}};
@ -146,20 +146,20 @@ describe('sale canEdit()', () => {
it('should return true if any of the sales is of ticketWeekly and has the correct role', async() => { it('should return true if any of the sales is of ticketWeekly and has the correct role', async() => {
const tx = await models.Sale.beginTransaction({}); const tx = await models.Sale.beginTransaction({});
const roleEnabled = await models.FuncionalityAcl.findOne({ const roleEnabled = await models.ACL.findOne({
where: { where: {
model: 'Sale', model: 'Sale',
property: 'editWeekly' property: 'editWeekly'
} }
}); });
if (!roleEnabled || !roleEnabled.role) return; if (!roleEnabled || !roleEnabled.principalId) return;
try { try {
const options = {transaction: tx}; const options = {transaction: tx};
const roleId = await models.Role.findOne({ const roleId = await models.Role.findOne({
where: { where: {
name: roleEnabled.role name: roleEnabled.principalId
} }
}); });
const ctx = {req: {accessToken: {userId: roleId}}}; const ctx = {req: {accessToken: {userId: roleId}}};

6
modules/ticket/back/methods/sale/specs/reserve.spec.js
View File

@ -1,9 +1,9 @@
const models = require('vn-loopback/server/server').models; const models = require('vn-loopback/server/server').models;
describe('sale reserve()', () => { fdescribe('sale reserve()', () => {
const ctx = { const ctx = {
req: { req: {
accessToken: {userId: 9}, accessToken: {userId: 1},
headers: {origin: 'localhost:5000'}, headers: {origin: 'localhost:5000'},
__: () => {} __: () => {}
} }
@ -31,7 +31,7 @@ describe('sale reserve()', () => {
expect(error).toEqual(new Error(`The sales of this ticket can't be modified`)); expect(error).toEqual(new Error(`The sales of this ticket can't be modified`));
}); });
it('should update the given sales of a ticket to reserved', async() => { fit('should update the given sales of a ticket to reserved', async() => {
const tx = await models.Sale.beginTransaction({}); const tx = await models.Sale.beginTransaction({});
try { try {