verdnatura/salix
verdnatura
/
salix
3
5
Fork 0
Code Issues Pull Requests 64 Releases Wiki Activity

5468-account_privileges #1552

Merged
vicent merged 40 commits from 5468-account_privileges into dev 2023-06-20 12:48:35 +00:00
Conversation 0 Commits 40 Files Changed 32 +215 -99
32 changed files with 215 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
back/models/vn-user.js
View File

@ -12,6 +12,8 @@ module.exports = function(Self) {
require('../methods/vn-user/privileges')(Self);
require('../methods/vn-user/renew-token')(Self);
Self.definition.settings.acls = Self.definition.settings.acls.filter(acl => acl.property !== 'create');
vicent marked this conversation as resolved Outdated
juan commented 2023-05-29 06:35:24 +00:00
Outdated
Review
Copy Link

Si al final has pogut fer açò perque en lloc de crear un nou mètode createUser no fiques els permisos que nosaltres volem al natiu?

Si al final has pogut fer açò perque en lloc de crear un nou mètode `createUser` no fiques els permisos que nosaltres volem al natiu?
vicent commented 2023-05-30 06:29:54 +00:00
Outdated
Review
Copy Link

Esq en les proves que vaig fer no funcionava bé, pero crec q era pq no tornava a fer el gulp. Pq ara ho he provat sí que funciona. Ho modifique.

Esq en les proves que vaig fer no funcionava bé, pero crec q era pq no tornava a fer el gulp. Pq ara ho he provat sí que funciona. Ho modifique.
// Validations
Self.validatesFormatOf('email', {

21
back/models/vn-user.json
View File

@ -118,5 +118,24 @@
"principalId": "$authenticated",
"permission": "ALLOW"
}
]
],
"scopes": {
"preview": {
"fields": [
"id",
"name",
"username",
vicent marked this conversation as resolved Outdated
juan commented 2023-05-29 06:33:10 +00:00
Outdated
Review
Copy Link

Si la linia te mes de 80 caracters ficar les propietats una en cada linia.

Si la linia te mes de 80 caracters ficar les propietats una en cada linia.
"roleFk",
"nickname",
"lang",
"active",
"created",
"updated",
"image",
"hasGrant",
"realm",
"email"
]
}
}
}

1
db/changes/231801/00-userAcl.sql
View File

@ -1,6 +1,5 @@
INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
VALUES
('VnUser', '*', '*', 'ALLOW', 'ROLE', 'employee'),
('VnUser','acl','READ','ALLOW','ROLE','account'),
('VnUser','getCurrentUserData','READ','ALLOW','ROLE','account'),
('VnUser','changePassword', 'WRITE', 'ALLOW', 'ROLE', 'account'),

8
db/changes/232601/00-aclAccount.sql Normal file
View File

@ -0,0 +1,8 @@
DELETE
FROM `salix`.`ACL`
WHERE model='Account' AND property='*' AND accessType='*';
INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
VALUES
('Account', '*', 'WRITE', 'ALLOW', 'ROLE', 'sysadmin'),
('Account', '*', 'READ', 'ALLOW', 'ROLE', 'employee');

5
db/changes/232601/00-aclMailAliasAccount.sql Normal file
View File

@ -0,0 +1,5 @@
DELETE FROM `salix`.`ACL` WHERE model = 'MailAliasAccount';
INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
VALUES
('MailAliasAccount', '*', 'READ', 'ALLOW', 'ROLE', 'employee'),
('MailAliasAccount', '*', 'WRITE', 'ALLOW', 'ROLE', 'itManagement');

5
db/changes/232601/00-aclMailForward.sql Normal file
View File

@ -0,0 +1,5 @@
DELETE FROM `salix`.`ACL` WHERE model = 'MailForward';
INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
VALUES
('MailForward', '*', 'READ', 'ALLOW', 'ROLE', 'employee'),
('MailForward', '*', 'WRITE', 'ALLOW', 'ROLE', 'itManagement');

5
db/changes/232601/00-aclRole.sql Normal file
View File

@ -0,0 +1,5 @@
DELETE FROM `salix`.`ACL` WHERE model = 'Role';
INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
VALUES
('Role', '*', 'READ', 'ALLOW', 'ROLE', 'employee'),
('Role', '*', 'WRITE', 'ALLOW', 'ROLE', 'it');

10
db/changes/232601/00-aclVnUser.sql Normal file
View File

@ -0,0 +1,10 @@
DELETE
FROM `salix`.`ACL`
WHERE model = 'VnUser' AND property = '*' AND principalId = 'employee';
INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
VALUES
('VnUser', '*', '*', 'ALLOW', 'ROLE', 'itManagement'),
('VnUser', '__get__preview', 'READ', 'ALLOW', 'ROLE', 'employee'),
('VnUser', 'preview', '*', 'ALLOW', 'ROLE', 'employee'),
('VnUser', 'create', '*', 'ALLOW', 'ROLE', 'itManagement');

2
e2e/paths/03-worker/06_create.spec.js
View File

@ -53,7 +53,7 @@ describe('Worker create path', () => {
expect(message.text).toContain('Data saved!');
// 'rollback'
await page.loginAndModule('sysadmin', 'account');
await page.loginAndModule('itManagement', 'account');
await page.accessToSearchResult(newWorker);
await page.waitToClick(selectors.accountDescriptor.menuButton);

2
e2e/paths/14-account/01_create_and_basic_data.spec.js
View File

@ -8,7 +8,7 @@ describe('Account create and basic data path', () => {
beforeAll(async() => {
browser = await getBrowser();
page = browser.page;
await page.loginAndModule('developer', 'account');
await page.loginAndModule('itManagement', 'account');
});
afterAll(async() => {

12
modules/account/front/aliases/index.html
View File

@ -17,7 +17,9 @@
<vn-icon-button
icon="delete"
translate-attr="{title: 'Unsubscribe'}"
ng-click="removeConfirm.show(row)">
ng-click="removeConfirm.show(row)"
vn-acl="itManagement"
vn-acl-action="remove">
</vn-icon-button>
</vn-item-section>
</vn-item>
@ -30,9 +32,11 @@
translate-attr="{title: 'Add'}"
vn-bind="+"
ng-click="$ctrl.onAddClick()"
fixed-bottom-right>
fixed-bottom-right
vn-acl="itManagement"
vn-acl-action="remove">
</vn-float-button>
<vn-dialog
<vn-dialog
vn-id="dialog"
on-accept="$ctrl.onAddSave()">
<tpl-body>
@ -49,7 +53,7 @@
<button response="accept" translate>Save</button>
</tpl-buttons>
</vn-dialog>
<vn-confirm
<vn-confirm
vn-id="removeConfirm"
message="User will be removed from alias"
question="Are you sure you want to continue?"

8
modules/account/front/card/index.js
View File

@ -5,6 +5,7 @@ import './style.scss';
class Controller extends ModuleCard {
reload() {
const filter = {
where: {id: this.$params.id},
include: {
relation: 'role',
scope: {
@ -14,8 +15,11 @@ class Controller extends ModuleCard {
};
return Promise.all([
this.$http.get(`VnUsers/${this.$params.id}`, {filter})
.then(res => this.user = res.data),
this.$http.get(`VnUsers/preview`, {filter})
.then(res => {
const [user] = res.data;
this.user = user;
}),
this.$http.get(`Accounts/${this.$params.id}/exists`)
.then(res => this.hasAccount = res.data.exists)
]);

4
modules/account/front/card/index.spec.js
View File

@ -15,12 +15,12 @@ describe('component vnUserCard', () => {
it('should reload the controller data', () => {
controller.$params.id = 1;
$httpBackend.expectGET('VnUsers/1').respond('foo');
$httpBackend.expectGET('VnUsers/preview').respond('foo');
$httpBackend.expectGET('Accounts/1/exists').respond({exists: true});
controller.reload();
$httpBackend.flush();
expect(controller.user).toBe('foo');
expect(controller.user).toBe('f');
expect(controller.hasAccount).toBeTruthy();
});
});

8
modules/account/front/create/index.html
View File

@ -12,18 +12,18 @@
<vn-card class="vn-pa-lg">
<vn-vertical>
<vn-textfield
label="Name"
label="Name"
ng-model="$ctrl.user.name"
rule="VnUser"
vn-focus>
</vn-textfield>
<vn-textfield
label="Nickname"
label="Nickname"
ng-model="$ctrl.user.nickname"
rule="VnUser">
</vn-textfield>
<vn-textfield
label="Email"
label="Email"
ng-model="$ctrl.user.email"
rule="VnUser">
</vn-textfield>
@ -39,7 +39,7 @@
type="password">
</vn-textfield>
<vn-check
label="Active"
label="Active"
ng-model="$ctrl.user.active">
</vn-check>
</vn-vertical>

5
modules/account/front/create/index.js
View File

@ -2,6 +2,11 @@ import ngModule from '../module';
import Section from 'salix/components/section';
export default class Controller extends Section {
constructor($element, $) {
super($element, $);
this.user = {active: true};
}
onSubmit() {
return this.$.watcher.submit().then(res => {
this.$state.go('account.card.basicData', {id: res.data.id});

14
modules/account/front/descriptor/index.html
View File

@ -6,7 +6,7 @@
<vn-item
ng-click="deleteUser.show()"
name="deleteUser"
vn-acl="it"
vn-acl="itManagement"
vn-acl-action="remove"
translate>
Delete
@ -15,7 +15,7 @@
ng-if="::$root.user.id == $ctrl.id"
ng-click="$ctrl.onChangePassClick(true)"
name="changePassword"
vn-acl="hr"
vn-acl="sysadmin"
vn-acl-action="remove"
translate>
Change password
@ -23,7 +23,7 @@
<vn-item
ng-click="$ctrl.onChangePassClick(false)"
name="setPassword"
vn-acl="hr"
vn-acl="sysadmin"
vn-acl-action="remove"
translate>
Set password
@ -32,7 +32,7 @@
ng-if="!$ctrl.hasAccount"
ng-click="enableAccount.show()"
name="enableAccount"
vn-acl="it"
vn-acl="sysadmin"
vn-acl-action="remove"
translate>
Enable account
@ -41,7 +41,7 @@
ng-if="$ctrl.hasAccount"
ng-click="disableAccount.show()"
name="disableAccount"
vn-acl="it"
vn-acl="sysadmin"
vn-acl-action="remove"
translate>
Disable account
@ -50,7 +50,7 @@
ng-if="!$ctrl.user.active"
ng-click="activateUser.show()"
name="activateUser"
vn-acl="hr"
vn-acl="itManagement"
vn-acl-action="remove"
translate>
Activate user
@ -59,7 +59,7 @@
ng-if="$ctrl.user.active"
ng-click="deactivateUser.show()"
name="deactivateUser"
vn-acl="hr"
vn-acl="itManagement"
vn-acl-action="remove"
translate>
Deactivate user

10
modules/account/front/index/index.html
View File

@ -14,11 +14,11 @@
<vn-item-section>
<h6>{{::user.nickname}}</h6>
<vn-label-value
label="Id"
label="Id"
value="{{::user.id}}">
</vn-label-value>
<vn-label-value
label="User"
label="User"
value="{{::user.name}}">
</vn-label-value>
</vn-item-section>
@ -36,12 +36,12 @@
<vn-popup vn-id="summary">
<vn-user-summary user="$ctrl.selectedUser"></vn-user-summary>
</vn-popup>
<a
<a
fixed-bottom-right
ui-sref="account.create"
vn-tooltip="New user"
vn-bind="+"
vn-acl="it"
vn-acl="itManagement"
vn-acl-action="remove">
<vn-float-button icon="add"></vn-float-button>
</a>
</a>

4
modules/account/front/mail-forwarding/index.html
View File

@ -14,12 +14,12 @@
<vn-card class="vn-pa-lg">
<vn-vertical>
<vn-check
label="Enable mail forwarding"
label="Enable mail forwarding"
ng-model="watcher.hasData">
</vn-check>
<vn-textfield
ng-if="watcher.hasData"
label="Forward email"
label="Forward email"
ng-model="data.forwardTo"
info="All emails will be forwarded to the specified address."
rule="MailForward"

1
modules/account/front/mail-forwarding/locale/es.yml
View File

@ -4,3 +4,4 @@ Enable mail forwarding: Habilitar redirección de correo
All emails will be forwarded to the specified address.: >
Todos los correos serán reenviados a la dirección especificada, no se
mantendrá copia de los mismos en el buzón del usuario.
You don't have enough privileges: No tienes suficientes permisos

2
modules/account/front/main/index.html
View File

@ -1,6 +1,6 @@
<vn-crud-model
vn-id="model"
url="VnUsers"
url="VnUsers/preview"
filter="::$ctrl.filter"
limit="20">
</vn-crud-model>

9
modules/account/front/privileges/index.html
View File

@ -1,9 +1,7 @@
<mg-ajax path="VnUsers/{{post.params.id}}/privileges" options="vnPost"></mg-ajax>
<vn-watcher
vn-id="watcher"
url="VnUsers"
data="$ctrl.user"
id-value="$ctrl.$params.id"
form="form"
save="post">
</vn-watcher>
@ -11,15 +9,16 @@
name="form"
ng-submit="watcher.submit()"
class="vn-w-md">
<vn-card class="vn-pa-lg" vn-focus>
<vn-card class="vn-pa-lg">
<vn-vertical>
<vn-check
label="Has grant"
ng-model="$ctrl.user.hasGrant">
</vn-check>
</vn-vertical>
<vn-vertical
class="vn-mt-md">
</vn-card>
<vn-card class="vn-pa-lg vn-mt-md">
<vn-vertical>
<vn-autocomplete
label="Role"
ng-model="$ctrl.user.roleFk"

16
modules/account/front/privileges/index.js
View File

@ -1,9 +1,21 @@
import ngModule from '../module';
import Section from 'salix/components/section';
export default class Controller extends Section {}
export default class Controller extends Section {
get user() {
return this._user;
}
set user(value) {
this._user = value;
if (!value) return;
}
}
ngModule.component('vnUserPrivileges', {
template: require('./index.html'),
controller: Controller
controller: Controller,
vicent marked this conversation as resolved
juan commented 2023-06-06 19:41:56 +00:00
Review
Copy Link

Para que se han implementado estos métodos en el controlador? Se utilizan?

Para que se han implementado estos métodos en el controlador? Se utilizan?
bindings: {
user: '<'
}
});

21
modules/account/front/routes.json
View File

@ -49,15 +49,13 @@
"url": "/index?q",
"state": "account.index",
"component": "vn-user-index",
"description": "Users",
"acl": ["marketing", "hr"]
"description": "Users"
},
{
"url": "/create",
"state": "account.create",
"component": "vn-user-create",
"description": "New user",
"acl": ["it"]
"description": "New user"
},
{
"url": "/:id",
@ -80,7 +78,7 @@
"state": "account.card.basicData",
"component": "vn-user-basic-data",
"description": "Basic data",
"acl": ["hr"]
"acl": ["itManagement"]
},
{
"url" : "/log",
@ -98,8 +96,7 @@
"url": "/roles",
"state": "account.card.roles",
"component": "vn-user-roles",
"description": "Inherited roles",
"acl": ["it"]
"description": "Inherited roles"
},
{
"url": "/mail-forwarding",
@ -111,15 +108,16 @@
"url": "/aliases",
"state": "account.card.aliases",
"component": "vn-user-aliases",
"description": "Mail aliases",
"acl": ["marketing", "hr"]
"description": "Mail aliases"
},
{
"url": "/privileges",
"state": "account.card.privileges",
"component": "vn-user-privileges",
"description": "Privileges",
"acl": ["hr"]
"params": {
"user": "$ctrl.user"
}
},
{
"url": "/role?q",
@ -180,8 +178,7 @@
"url": "/alias?q",
"state": "account.alias",
"component": "vn-alias",
"description": "Mail aliases",
"acl": ["marketing"]
"description": "Mail aliases"
},
{
"url": "/create",

8
modules/account/front/summary/index.js
View File

@ -8,6 +8,7 @@ class Controller extends Summary {
if (!value) return;
const filter = {
where: {id: value.id},
include: {
relation: 'role',
scope: {
@ -15,8 +16,11 @@ class Controller extends Summary {
}
}
};
this.$http.get(`VnUsers/${value.id}`, {filter})
.then(res => this.$.summary = res.data);
this.$http.get(`VnUsers/preview`, {filter})
.then(res => {
const [summary] = res.data;
this.$.summary = summary;
});
}
get isHr() {
return this.aclService.hasAny(['hr']);

8
modules/client/front/web-access/index.html
View File

@ -1,7 +1,5 @@
<vn-watcher
vn-id="watcher"
url="VnUsers"
id-field="id"
data="$ctrl.account"
form="form">
</vn-watcher>
@ -51,9 +49,9 @@
label="Save">
</vn-submit>
<vn-button
ng-if="$ctrl.canChangePassword"
label="Change password"
vn-dialog="change-pass">
ng-if="$ctrl.canChangePassword"
label="Change password"
vn-dialog="change-pass">
</vn-button>
<vn-button
class="cancel"

16
modules/client/front/web-access/index.js
View File

@ -8,6 +8,22 @@ export default class Controller extends Section {
this.canEnableCheckBox = true;
}
set client(value) {
this._client = value;
if (!value) return;
const filter = {where: {id: value.id}};
this.$http.get(`VnUsers/preview`, {filter})
.then(res => {
const [user] = res.data;
this.account = user;
});
}
get client() {
return this._client;
}
$onChanges() {
if (this.client) {
this.account = this.client.account;

16
modules/client/front/web-access/index.spec.js
View File

@ -5,12 +5,14 @@ describe('Component VnClientWebAccess', () => {
let $scope;
let vnApp;
let controller;
let $httpParamSerializer;
beforeEach(ngModule('client'));
beforeEach(inject(($componentController, $rootScope, _$httpBackend_, _vnApp_) => {
beforeEach(inject(($componentController, $rootScope, _$httpBackend_, _$httpParamSerializer_, _vnApp_) => {
$scope = $rootScope.$new();
$httpBackend = _$httpBackend_;
$httpParamSerializer = _$httpParamSerializer_;
vnApp = _vnApp_;
jest.spyOn(vnApp, 'showError');
const $element = angular.element('<vn-client-web-access></vn-client-web-access>');
@ -32,7 +34,10 @@ describe('Component VnClientWebAccess', () => {
describe('isCustomer()', () => {
it('should return true if the password can be modified', () => {
controller.client = {id: '1234'};
const filter = {where: {id: controller.client.id}};
const serializedParams = $httpParamSerializer({filter});
$httpBackend.expectGET(`VnUsers/preview?${serializedParams}`).respond('foo');
$httpBackend.expectGET(`Clients/${controller.client.id}/hasCustomerRole`).respond(true);
controller.isCustomer();
$httpBackend.flush();
@ -42,7 +47,10 @@ describe('Component VnClientWebAccess', () => {
it(`should return a false if the password can't be modified`, () => {
controller.client = {id: '1234'};
const filter = {where: {id: controller.client.id}};
const serializedParams = $httpParamSerializer({filter});
$httpBackend.expectGET(`VnUsers/preview?${serializedParams}`).respond('foo');
$httpBackend.expectGET(`Clients/${controller.client.id}/hasCustomerRole`).respond(false);
controller.isCustomer();
$httpBackend.flush();
@ -54,9 +62,12 @@ describe('Component VnClientWebAccess', () => {
describe('checkConditions()', () => {
it('should perform a query to check if the client is valid', () => {
controller.client = {id: '1234'};
const filter = {where: {id: controller.client.id}};
const serializedParams = $httpParamSerializer({filter});
expect(controller.canEnableCheckBox).toBeTruthy();
$httpBackend.expectGET(`VnUsers/preview?${serializedParams}`).respond('foo');
$httpBackend.expectGET(`Clients/${controller.client.id}/isValidClient`).respond(false);
controller.checkConditions();
$httpBackend.flush();
@ -82,7 +93,10 @@ describe('Component VnClientWebAccess', () => {
controller.newPassword = 'm24x8';
controller.repeatPassword = 'm24x8';
controller.canChangePassword = true;
const filter = {where: {id: controller.client.id}};
const serializedParams = $httpParamSerializer({filter});
$httpBackend.expectGET(`VnUsers/preview?${serializedParams}`).respond('foo');
const query = `Clients/${controller.client.id}/setPassword`;
$httpBackend.expectPATCH(query, {newPassword: controller.newPassword}).respond('done');
controller.onPassChange();

44
modules/worker/back/methods/worker/isAuthorized.js Normal file
View File

@ -0,0 +1,44 @@
module.exports = Self => {
Self.remoteMethod('isAuthorized', {
description: 'Return true if the current user is a superior of the worker that is passed by parameter',
accessType: 'READ',
accepts: [{
arg: 'ctx',
type: 'Object',
http: {source: 'context'}
}, {
arg: 'id',
type: 'number',
required: true,
description: 'The worker id',
http: {source: 'path'}
}],
returns: {
type: 'boolean',
root: true
},
http: {
path: `/:id/isAuthorized`,
verb: 'GET'
}
});
Self.isAuthorized = async(ctx, id, options) => {
const models = Self.app.models;
const currentUserId = ctx.req.accessToken.userId;
const isHimself = currentUserId == id;
const myOptions = {};
if (typeof options == 'object')
Object.assign(myOptions, options);
const isSubordinate = await models.Worker.isSubordinate(ctx, id, myOptions);
const isTeamBoss = await models.VnUser.hasRole(currentUserId, 'teamBoss', myOptions);
if (!isSubordinate || (isSubordinate && isHimself && !isTeamBoss))
return false;
return true;
};
};

1
modules/worker/back/models/worker.js
View File

@ -16,6 +16,7 @@ module.exports = Self => {
require('../methods/worker/new')(Self);
require('../methods/worker/deallocatePDA')(Self);
require('../methods/worker/allocatePDA')(Self);
require('../methods/worker/isAuthorized')(Self);
Self.validatesUniquenessOf('locker', {
message: 'This locker has already been assigned'

33
modules/worker/front/account/index.html
View File

@ -1,33 +0,0 @@
<mg-ajax
path="VnUsers/{{$ctrl.worker.userFk}}"
actions="user = edit.model"
options="mgEdit">
</mg-ajax>
<vn-watcher
vn-id="watcher"
url="VnUsers"
id-field="id"
data="user"
form="form">
</vn-watcher>
<form name="form" ng-submit="$ctrl.onSubmit()" class="vn-w-md">
<vn-card class="vn-pa-lg">
<vn-vertical>
<vn-horizontal>
<vn-field
vn-one
label="Nickname"
ng-model="user.nickname">
</vn-field>
</vn-horizontal>
</vn-vertical>
</vn-card>
<vn-button-bar>
<vn-submit label="Save"></vn-submit>
<vn-button
label="Undo changes"
ng-if="watcher.dataChanged()"
ng-click="watcher.loadOriginalData()">
</vn-button>
</vn-button-bar>
</form>

1
modules/worker/front/calendar/index.html
View File

@ -63,6 +63,7 @@
ng-model="$ctrl.businessId"
search-function="{businessFk: $search}"
value-field="businessFk"
show-field="businessFk"
order="businessFk DESC"
limit="5">
<tpl-item>

12
modules/worker/front/calendar/index.js
View File

@ -71,10 +71,6 @@ class Controller extends Section {
}
}
get payedHolidays() {
return this._businessId;
}
buildYearFilter() {
const now = Date.vnNew();
now.setFullYear(now.getFullYear() + 1);
@ -95,10 +91,10 @@ class Controller extends Section {
}
getActiveContract() {
this.$http.get(`Workers/${this.worker.id}/activeContract`).then(res => {
if (res.data)
this.businessId = res.data.businessFk;
});
this.$http.get(`Workers/${this.worker.id}/activeContract`)
.then(res => {
if (res.data) this.businessId = res.data.businessFk;
});
vicent marked this conversation as resolved Outdated
juan commented 2023-06-09 20:35:11 +00:00
Outdated
Review
Copy Link

Has olvidado quitar el console.log

Has olvidado quitar el `console.log`
}
getContractHolidays() {