MASTER_4073-user_hasGrant #1107
|
|
@ -44,15 +44,28 @@ module.exports = Self => {
|
||||||
if (!user.hasGrant)
|
if (!user.hasGrant)
|
||||||
throw new UserError(`You don't have grant privilege`);
|
throw new UserError(`You don't have grant privilege`);
|
||||||
|
|
||||||
const userToUpdate = await models.Account.findById(id, ['name', 'hasGrant', 'roleFk'], myOptions);
|
const [userToUpdate] = await models.Account.find({
|
||||||
|
fields: ['id', 'name', 'hasGrant', 'roleFk', 'password'],
|
||||||
|
include: {
|
||||||
|
relation: 'role',
|
||||||
|
scope: {
|
||||||
|
fields: ['name']
|
||||||
|
}
|
||||||
|
},
|
||||||
|
where: {
|
||||||
|
id: id
|
||||||
|
}
|
||||||
|
}, myOptions);
|
||||||
|
|
||||||
if (hasGrant != null)
|
if (hasGrant != null)
|
||||||
userToUpdate.hasGrant = hasGrant;
|
userToUpdate.hasGrant = hasGrant;
|
||||||
|
|
||||||
if (roleFk) {
|
if (roleFk) {
|
||||||
const role = await models.Role.findById(roleFk, {fields: ['name']}, myOptions);
|
const role = await models.Role.findById(roleFk, {fields: ['name']}, myOptions);
|
||||||
const hasRole = await models.Account.hasRole(userId, role.name, myOptions);
|
const hasRole = await models.Account.hasRole(userId, role.name, myOptions);
|
||||||
|
const hasRoleFromUser = await models.Account.hasRole(userId, userToUpdate.role().name, myOptions);
|
||||||
|
|
||||||
if (!hasRole)
|
if (!hasRole || !hasRoleFromUser)
|
||||||
throw new UserError(`You don't own the role and you can't assign it to another user`);
|
throw new UserError(`You don't own the role and you can't assign it to another user`);
|
||||||
|
|
||||||
userToUpdate.roleFk = roleFk;
|
userToUpdate.roleFk = roleFk;
|
||||||
|
|
|
||||||
|
|
@ -102,6 +102,13 @@
|
||||||
"principalType": "ROLE",
|
"principalType": "ROLE",
|
||||||
"principalId": "$authenticated",
|
"principalId": "$authenticated",
|
||||||
"permission": "ALLOW"
|
"permission": "ALLOW"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"property": "privileges",
|
||||||
|
"accessType": "*",
|
||||||
|
"principalType": "ROLE",
|
||||||
|
"principalId": "$authenticated",
|
||||||
|
"permission": "ALLOW"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1 @@
|
||||||
ALTER TABLE `account`.`user` ADD hasGrant TINYINT(1) NOT NULL;
|
ALTER TABLE `account`.`user` ADD hasGrant TINYINT(1) NOT NULL;
|
||||||
|
|
||||||
INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
|
|
||||||
VALUES('Account', 'privileges', '*', 'ALLOW', 'ROLE', '$authenticated');
|
|
||||||
|
|
|
||||||
|
|
@ -1,2 +1,2 @@
|
||||||
Privileges: Privilegios
|
Privileges: Privilegios
|
||||||
Has grant: Puede dar privilegios
|
Has grant: Puede delegar privilegios
|
||||||
|
|
|
||||||
|
|
@ -37,7 +37,7 @@
|
||||||
"node-ssh": "^11.0.0",
|
"node-ssh": "^11.0.0",
|
||||||
"object-diff": "0.0.4",
|
"object-diff": "0.0.4",
|
||||||
"object.pick": "^1.3.0",
|
"object.pick": "^1.3.0",
|
||||||
"puppeteer": "^18.0.5",
|
"puppeteer": "^19.0.0",
|
||||||
"read-chunk": "^3.2.0",
|
"read-chunk": "^3.2.0",
|
||||||
"require-yaml": "0.0.1",
|
"require-yaml": "0.0.1",
|
||||||
"sharp": "^0.27.1",
|
"sharp": "^0.27.1",
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue