5887-mailAlias_refactor #1659

Merged
vicent merged 6 commits from 5887-mailAlias_refactor into master 2023-07-12 06:34:45 +00:00
9 changed files with 222 additions and 18 deletions

View File

@ -0,0 +1,68 @@
const UserError = require('vn-loopback/util/user-error');
module.exports = Self => {
Self.remoteMethod('addAlias', {
description: 'Add an alias if the user has the grant',
vicent marked this conversation as resolved Outdated

Add an alias if the user has the grant

Add an alias if the user has the grant
accessType: 'WRITE',
accepts: [
{
arg: 'ctx',
type: 'Object',
http: {source: 'context'}
},
{
arg: 'id',
type: 'number',
required: true,
description: 'The user id',
http: {source: 'path'}
},
{
arg: 'mailAlias',
type: 'number',
description: 'The new alias for user',
required: true
}
],
http: {
path: `/:id/addAlias`,
verb: 'POST'
}
});
Self.addAlias = async function(ctx, id, mailAlias, options) {
const models = Self.app.models;
const userId = ctx.req.accessToken.userId;
const myOptions = {};
if (typeof options == 'object')
Object.assign(myOptions, options);
const user = await Self.findById(userId, {fields: ['hasGrant']}, myOptions);
if (!user.hasGrant)
throw new UserError(`You don't have grant privilege`);
const account = await models.Account.findById(userId, {
fields: ['id'],
include: {
relation: 'aliases',
scope: {
fields: ['mailAlias']
}
}
}, myOptions);
const aliases = account.aliases().map(alias => alias.mailAlias);
const hasAlias = aliases.includes(mailAlias);
if (!hasAlias)
throw new UserError(`You cannot assign an alias that you are not assigned to`);
return models.MailAliasAccount.create({
mailAlias: mailAlias,
account: id
}, myOptions);
};
};

View File

@ -0,0 +1,55 @@
const UserError = require('vn-loopback/util/user-error');
module.exports = Self => {
Self.remoteMethod('removeAlias', {
description: 'Remove alias if the user has the grant',
accessType: 'WRITE',
accepts: [
{
arg: 'ctx',
type: 'Object',
http: {source: 'context'}
},
{
arg: 'id',
type: 'number',
required: true,
description: 'The user id',
http: {source: 'path'}
},
{
arg: 'mailAlias',
type: 'number',
description: 'The alias to delete',
required: true
}
],
http: {
path: `/:id/removeAlias`,
verb: 'POST'
}
});
Self.removeAlias = async function(ctx, id, mailAlias, options) {
const models = Self.app.models;
const userId = ctx.req.accessToken.userId;
const myOptions = {};
if (typeof options == 'object')
Object.assign(myOptions, options);
const canRemoveAlias = await models.ACL.checkAccessAcl(ctx, 'VnUser', 'canRemoveAlias', 'WRITE');
if (userId != id && !canRemoveAlias) throw new UserError(`You don't have grant privilege`);
const mailAliasAccount = await models.MailAliasAccount.findOne({
where: {
mailAlias: mailAlias,
account: id
}
}, myOptions);
await mailAliasAccount.destroy(myOptions);
};
};

View File

@ -0,0 +1,68 @@
const {models} = require('vn-loopback/server/server');
describe('VnUser addAlias()', () => {
const employeeId = 1;
const sysadminId = 66;
const developerId = 9;
const customerId = 2;
const mailAlias = 1;
it('should throw an error when user not has privileges', async() => {
const ctx = {req: {accessToken: {userId: employeeId}}};
const tx = await models.VnUser.beginTransaction({});
let error;
try {
const options = {transaction: tx};
await models.VnUser.addAlias(ctx, employeeId, mailAlias, options);
await tx.rollback();
} catch (e) {
error = e;
await tx.rollback();
}
expect(error.message).toContain(`You don't have grant privilege`);
});
it('should throw an error when user has privileges but not has the role from user', async() => {
const ctx = {req: {accessToken: {userId: sysadminId}}};
const tx = await models.VnUser.beginTransaction({});
let error;
try {
const options = {transaction: tx};
await models.VnUser.addAlias(ctx, employeeId, mailAlias, options);
await tx.rollback();
} catch (e) {
error = e;
await tx.rollback();
}
expect(error.message).toContain(`You cannot assign an alias that you are not assigned to`);
});
it('should add an alias', async() => {
const ctx = {req: {accessToken: {userId: developerId}}};
const tx = await models.VnUser.beginTransaction({});
let result;
try {
const options = {transaction: tx};
const user = await models.VnUser.findById(developerId, null, options);
await user.updateAttribute('hasGrant', true, options);
result = await models.VnUser.addAlias(ctx, customerId, mailAlias, options);
await tx.rollback();
} catch (e) {
await tx.rollback();
}
expect(result.mailAlias).toBe(mailAlias);
expect(result.account).toBe(customerId);
});
});

View File

@ -11,6 +11,8 @@ module.exports = function(Self) {
require('../methods/vn-user/validate-token')(Self); require('../methods/vn-user/validate-token')(Self);
require('../methods/vn-user/privileges')(Self); require('../methods/vn-user/privileges')(Self);
require('../methods/vn-user/renew-token')(Self); require('../methods/vn-user/renew-token')(Self);
require('../methods/vn-user/addAlias')(Self);
require('../methods/vn-user/removeAlias')(Self);
Self.definition.settings.acls = Self.definition.settings.acls.filter(acl => acl.property !== 'create'); Self.definition.settings.acls = Self.definition.settings.acls.filter(acl => acl.property !== 'create');

View File

@ -0,0 +1,11 @@
INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
VALUES
('VnUser', 'addAlias', 'WRITE', 'ALLOW', 'ROLE', 'employee');
INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
VALUES
('VnUser', 'removeAlias', 'WRITE', 'ALLOW', 'ROLE', 'employee');
INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
VALUES
('VnUser', 'canRemoveAlias', 'WRITE', 'ALLOW', 'ROLE', 'itManagement');

View File

@ -296,7 +296,8 @@
"Fecha fuera de rango": "Fecha fuera de rango", "Fecha fuera de rango": "Fecha fuera de rango",
"Error while generating PDF": "Error al generar PDF", "Error while generating PDF": "Error al generar PDF",
"Error when sending mail to client": "Error al enviar el correo al cliente", "Error when sending mail to client": "Error al enviar el correo al cliente",
"Mail not sent": "Se ha producido un fallo al enviar la factura al cliente [{{clientId}}]({{{clientUrl}}}), por favor revisa la dirección de correo electrónico", "Mail not sent": "Se ha producido un fallo al enviar la factura al cliente [{{clientId}}]({{{clientUrl}}}), por favor revisa la dirección de correo electrónico",
"The renew period has not been exceeded": "El periodo de renovación no ha sido superado", "The renew period has not been exceeded": "El periodo de renovación no ha sido superado",
"Negative basis of tickets": "Base negativa para los tickets: {{ticketsIds}}" "Negative basis of tickets": "Base negativa para los tickets: {{ticketsIds}}",
"You cannot assign an alias that you are not assigned to": "No puede asignar un alias que no tenga asignado"
vicent marked this conversation as resolved Outdated

"You cannot assign an alias that you are not assigned to": "No puedes asignar un alias que no tienes asignado"

"You cannot assign an alias that you are not assigned to": "No puedes asignar un alias que no tienes asignado"
} }

View File

@ -17,9 +17,7 @@
<vn-icon-button <vn-icon-button
icon="delete" icon="delete"
translate-attr="{title: 'Unsubscribe'}" translate-attr="{title: 'Unsubscribe'}"
ng-click="removeConfirm.show(row)" ng-click="removeConfirm.show(row)">
vn-acl="itManagement"
vn-acl-action="remove">
</vn-icon-button> </vn-icon-button>
</vn-item-section> </vn-item-section>
</vn-item> </vn-item>
@ -32,9 +30,7 @@
translate-attr="{title: 'Add'}" translate-attr="{title: 'Add'}"
vn-bind="+" vn-bind="+"
ng-click="$ctrl.onAddClick()" ng-click="$ctrl.onAddClick()"
fixed-bottom-right fixed-bottom-right>
vn-acl="itManagement"
vn-acl-action="remove">
</vn-float-button> </vn-float-button>
<vn-dialog <vn-dialog
vn-id="dialog" vn-id="dialog"

View File

@ -21,12 +21,11 @@ export default class Controller extends Section {
} }
onAddClick() { onAddClick() {
this.addData = {account: this.$params.id};
this.$.dialog.show(); this.$.dialog.show();
} }
onAddSave() { onAddSave() {
return this.$http.post(`MailAliasAccounts`, this.addData) return this.$http.post(`VnUsers/${this.$params.id}/addAlias`, this.addData)
.then(() => this.refresh()) .then(() => this.refresh())
.then(() => this.vnApp.showSuccess( .then(() => this.vnApp.showSuccess(
this.$t('Subscribed to alias!')) this.$t('Subscribed to alias!'))
@ -34,11 +33,12 @@ export default class Controller extends Section {
} }
onRemove(row) { onRemove(row) {
return this.$http.delete(`MailAliasAccounts/${row.id}`) const params = {
.then(() => { mailAlias: row.mailAlias
this.$.data.splice(this.$.data.indexOf(row), 1); };
this.vnApp.showSuccess(this.$t('Unsubscribed from alias!')); return this.$http.post(`VnUsers/${this.$params.id}/removeAlias`, params)
}); .then(() => this.refresh())
.then(() => this.vnApp.showSuccess(this.$t('Data saved!')));
} }
} }

View File

@ -25,8 +25,9 @@ describe('component vnUserAliases', () => {
describe('onAddSave()', () => { describe('onAddSave()', () => {
it('should add the new row', () => { it('should add the new row', () => {
controller.addData = {account: 1}; controller.addData = {account: 1};
controller.$params = {id: 1};
$httpBackend.expectPOST('MailAliasAccounts').respond(); $httpBackend.expectPOST('VnUsers/1/addAlias').respond();
$httpBackend.expectGET('MailAliasAccounts').respond('foo'); $httpBackend.expectGET('MailAliasAccounts').respond('foo');
controller.onAddSave(); controller.onAddSave();
$httpBackend.flush(); $httpBackend.flush();
@ -41,12 +42,14 @@ describe('component vnUserAliases', () => {
{id: 1, alias: 'foo'}, {id: 1, alias: 'foo'},
{id: 2, alias: 'bar'} {id: 2, alias: 'bar'}
]; ];
controller.$params = {id: 1};
$httpBackend.expectDELETE('MailAliasAccounts/1').respond(); $httpBackend.expectPOST('VnUsers/1/removeAlias').respond();
$httpBackend.expectGET('MailAliasAccounts').respond(controller.$.data[1]);
controller.onRemove(controller.$.data[0]); controller.onRemove(controller.$.data[0]);
$httpBackend.flush(); $httpBackend.flush();
expect(controller.$.data).toEqual([{id: 2, alias: 'bar'}]); expect(controller.$.data).toEqual({id: 2, alias: 'bar'});
expect(controller.vnApp.showSuccess).toHaveBeenCalled(); expect(controller.vnApp.showSuccess).toHaveBeenCalled();
}); });
}); });