back/models/specs/mailAliasAccount.spec.js

@@ -1,56 +1,108 @@
-const models = require('vn-loopback/server/server').models;
+const {models} = require('vn-loopback/server/server');
+const LoopBackContext = require('loopback-context');
 
 describe('loopback model MailAliasAccount', () => {
-    it('should add a mail Alias', async() => {
+    const employee = 1;
-        const tx = await models.MailAliasAccount.beginTransaction({});
+    const administrative = 5;
-        let error;
+    const developer = 9;
+    const salesBoss = 19;
+    const developerBoss = 120;
 
-        try {
+    const salesAlias = 3;
-            const options = {transaction: tx, accessToken: {userId: 9}};
+    const itAlias = 2;
-            await models.MailAliasAccount.create({mailAlias: 2, account: 5}, options);
 
+    let ctx;
+    let options;
+    let tx;
+
+    beforeEach(async() => {
+        ctx = {
+            req: {
+                accessToken: {},
+                headers: {origin: 'http://localhost'}
+            },
+            args: {}
+        };
+
+        spyOn(LoopBackContext, 'getCurrentContext').and.returnValue({
+            active: ctx.req
+        });
+
+        options = {transaction: tx};
+        tx = await models.MailAliasAccount.beginTransaction({});
+        options.transaction = tx;
+    });
+
+    afterEach(async() => {
         await tx.rollback();
-        } catch (e) {
+    });
-            await tx.rollback();
-            error = e;
-        }
 
-        expect(error).toBeUndefined();
+    it('should add a mail alias if they are developerBoss', async() => {
+        ctx.req.accessToken.userId = developerBoss;
+
+        const {mailAlias, account} = await models.MailAliasAccount.create({
+            account: employee,
+            mailAlias: salesAlias
+        }, options);
+
+        expect(mailAlias).toEqual(salesAlias);
+        expect(account).toEqual(employee);
     });
 
     it('should add a mail Alias of an inherit role', async() => {
-        const tx = await models.MailAliasAccount.beginTransaction({});
         let error;
 
         try {
-            const options = {transaction: tx, accessToken: {userId: 9}};
+            ctx.req.accessToken.userId = developer;
-            await models.MailAliasAccount.create({mailAlias: 3, account: 5}, options);
+            await models.MailAliasAccount.create({mailAlias: salesAlias, account: administrative}, options);
-
-            await tx.rollback();
         } catch (e) {
-            await tx.rollback();
             error = e;
         }
 
         expect(error).toBeUndefined();
     });
 
+    it('should add the sales alias if they are teamBoss and have it', async() => {
+        ctx.req.accessToken.userId = salesBoss;
+        const {mailAlias, account} = await models.MailAliasAccount.create({
+            mailAlias: salesAlias,
+            account: employee
+        }, options);
+
+        expect(mailAlias).toEqual(salesAlias);
+        expect(account).toEqual(employee);
+    });
+
     it('should delete a mail Alias', async() => {
-        const tx = await models.MailAliasAccount.beginTransaction({});
         let error;
 
         try {
-            const options = {transaction: tx, accessToken: {userId: 1}};
+            ctx.req.accessToken.userId = employee;
             const mailAclId = 2;
             await models.MailAliasAccount.destroyAll({id: mailAclId}, options);
-
-            await tx.rollback();
         } catch (e) {
-            await tx.rollback();
             error = e;
         }
 
         expect(error).toBeUndefined();
     });
+
+    it('should throw an error if they cannot edit an alias', async() => {
+        try {
+            ctx.req.accessToken.userId = administrative;
+            await models.MailAliasAccount.create({mailAlias: itAlias, account: employee}, options);
+        } catch (e) {
+            expect(e.message).toEqual('You are not allowed to modify the alias');
+        }
+    });
+
+    it('should throw an error if they are teamBoss but have not got the alias', async() => {
+        try {
+            ctx.req.accessToken.userId = salesBoss;
+            await models.MailAliasAccount.create({mailAlias: itAlias, account: employee}, options);
+        } catch (e) {
+            expect(e.message).toEqual('You are not allowed to modify the alias');
+        }
+    });
 });
 

db/dump/fixtures.before.sql

@@ -146,6 +146,7 @@ INSERT INTO `account`.`mailAliasAccount`(`mailAlias`, `account`)
         (1, 1),
         (1, 18),
         (3, 18),
+        (3, 19),
         (1, 9),
         (2, 9);
 

db/versions/10916-purpleCamellia/00-canEditOwnAlias.sql

@@ -0,0 +1,3 @@
+INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
+    VALUES
+        ('MailAliasAccount','canEditOwnAlias','WRITE','ALLOW','ROLE','teamBoss');

modules/account/back/models/mail-alias-account.js

@@ -38,8 +38,19 @@ module.exports = Self => {
                 principalType: 'USER',
                 roleId: {inq: allowedRoles.map(x => x.roleFk)}
             });
+        if (nRoles) return;
+
+        const canEditOwnAlias = await models.ACL.checkAccessAcl(ctx,
+            'MailAliasAccount', 'canEditOwnAlias', 'WRITE');
+
+        if (canEditOwnAlias) {
+            const hasAlias = await Self.count({
+                account: userId,
+                mailAlias: mailAliasFk
+            });
+            if (hasAlias) return;
+        }
 
-        if (!nRoles)
         throw new ForbiddenError('You are not allowed to modify the alias');
     }
 };