#6286 set right workerTimeControl acls #2557
|
@ -0,0 +1,18 @@
|
||||||
|
UPDATE salix.ACL
|
||||||
|
SET principalId = 'teamBoss'
|
||||||
|
WHERE property IN ('addTimeEntry', 'deleteTimeEntry', 'updateTimeEntry', 'weeklyHourRecordEmail');
|
||||||
|
|
||||||
|
UPDATE salix.ACL SET principalId = 'developer' WHERE property = 'sendMail';
|
||||||
|
|
||||||
|
UPDATE salix.ACL
|
||||||
|
SET property = 'updateMailState'
|
||||||
|
WHERE property = 'updateWorkerTimeControlMail';
|
||||||
|
|
||||||
|
INSERT INTO salix.ACL(model, property, accessType, permission, principalType, principalId)
|
||||||
|
VALUES
|
||||||
|
('WorkerTimeControl', 'addTimeEntry', 'WRITE', 'ALLOW', 'ROLE', 'hr'),
|
||||||
|
('WorkerTimeControl', 'deleteTimeEntry', 'WRITE', 'ALLOW', 'ROLE', 'hr'),
|
||||||
|
('WorkerTimeControl', 'updateTimeEntry', 'WRITE', 'ALLOW', 'ROLE', 'hr'),
|
||||||
|
('WorkerTimeControl', 'weeklyHourRecordEmail', 'WRITE', 'ALLOW', 'ROLE', 'hr'),
|
||||||
|
('WorkerTimeControl', 'sendMail', 'WRITE', 'ALLOW', 'ROLE', 'hr'),
|
||||||
|
('WorkerTimeControl', 'updateMailState', 'WRITE', 'ALLOW', 'ROLE', 'hr');
|
|
@ -1,3 +1,5 @@
|
||||||
|
const UserError = require('vn-loopback/util/user-error');
|
||||||
|
|
||||||
module.exports = Self => {
|
module.exports = Self => {
|
||||||
Self.remoteMethodCtx('getMailStates', {
|
Self.remoteMethodCtx('getMailStates', {
|
||||||
description: 'Get the states of a month about time control mail',
|
description: 'Get the states of a month about time control mail',
|
||||||
|
@ -36,6 +38,8 @@ module.exports = Self => {
|
||||||
if (typeof options == 'object')
|
if (typeof options == 'object')
|
||||||
Object.assign(myOptions, options);
|
Object.assign(myOptions, options);
|
||||||
|
|
||||||
|
if (!await models.Worker.isSubordinate(ctx, workerId)) throw new UserError(`You don't have enough privileges`);
|
||||||
|
|
||||||
const times = await models.Time.find({
|
const times = await models.Time.find({
|
||||||
fields: ['week'],
|
fields: ['week'],
|
||||||
where: {
|
where: {
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
const moment = require('moment');
|
const moment = require('moment');
|
||||||
|
const UserError = require('vn-loopback/util/user-error');
|
||||||
|
|
||||||
module.exports = Self => {
|
module.exports = Self => {
|
||||||
Self.remoteMethodCtx('resendWeeklyHourEmail', {
|
Self.remoteMethodCtx('resendWeeklyHourEmail', {
|
||||||
|
@ -35,6 +36,9 @@ module.exports = Self => {
|
||||||
const yearNumber = dated.getFullYear();
|
const yearNumber = dated.getFullYear();
|
||||||
const weekNumber = moment(dated).isoWeek();
|
const weekNumber = moment(dated).isoWeek();
|
||||||
|
|
||||||
|
if (!await models.Worker.isSubordinate(ctx, workerId) || workerId === ctx.req.accessToken.userId)
|
||||||
|
throw new UserError(`You don't have enough privileges`);
|
||||||
|
|
||||||
jgallego marked this conversation as resolved
|
|||||||
const workerTimeControlMail = await models.WorkerTimeControlMail.findOne({
|
const workerTimeControlMail = await models.WorkerTimeControlMail.findOne({
|
||||||
where: {
|
where: {
|
||||||
workerFk: workerId,
|
workerFk: workerId,
|
||||||
|
|
|
@ -1,28 +1,36 @@
|
||||||
const models = require('vn-loopback/server/server').models;
|
const models = require('vn-loopback/server/server').models;
|
||||||
|
|
||||||
describe('workerTimeControl getMailStates()', () => {
|
describe('workerTimeControl getMailStates()', () => {
|
||||||
const workerId = 9;
|
const developerId = 9;
|
||||||
const ctx = {args: {
|
const developerBossId = 120;
|
||||||
month: 12,
|
const employeeId = 1;
|
||||||
year: 2000
|
|
||||||
}};
|
let ctx;
|
||||||
|
let tx;
|
||||||
|
let opts;
|
||||||
|
|
||||||
|
beforeEach(async() => {
|
||||||
|
ctx = {req: {accessToken: {userId: developerBossId}}, args: {month: 12, year: 2000}};
|
||||||
|
tx = await models.WorkerTimeControl.beginTransaction({});
|
||||||
|
opts = {transaction: tx};
|
||||||
|
});
|
||||||
|
|
||||||
|
afterEach(async() => await tx.rollback());
|
||||||
|
|
||||||
it('should get the states of a month about time control mail', async() => {
|
it('should get the states of a month about time control mail', async() => {
|
||||||
const tx = await models.WorkerTimeControl.beginTransaction({});
|
const response = await models.WorkerTimeControl.getMailStates(ctx, developerId, opts);
|
||||||
|
|
||||||
try {
|
|
||||||
const options = {transaction: tx};
|
|
||||||
|
|
||||||
const response = await models.WorkerTimeControl.getMailStates(ctx, workerId, options);
|
|
||||||
|
|
||||||
expect(response[0].state).toEqual('REVISE');
|
expect(response[0].state).toEqual('REVISE');
|
||||||
expect(response[1].state).toEqual('SENDED');
|
expect(response[1].state).toEqual('SENDED');
|
||||||
expect(response[2].state).toEqual('CONFIRMED');
|
expect(response[2].state).toEqual('CONFIRMED');
|
||||||
|
});
|
||||||
|
|
||||||
await tx.rollback();
|
it('should throw an error if they are not subordinates', async() => {
|
||||||
|
ctx.req.accessToken.userId = employeeId;
|
||||||
|
try {
|
||||||
|
await models.WorkerTimeControl.getMailStates(ctx, developerId, opts);
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
await tx.rollback();
|
expect(e.message).toEqual('You don\'t have enough privileges');
|
||||||
throw e;
|
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
|
@ -1,10 +1,11 @@
|
||||||
const models = require('vn-loopback/server/server').models;
|
const models = require('vn-loopback/server/server').models;
|
||||||
|
|
||||||
describe('updateWorkerTimeControlMail()', () => {
|
describe('updateMailState()', () => {
|
||||||
|
const developerId = 9;
|
||||||
|
const employeeId = 1;
|
||||||
it('should update WorkerTimeControlMail if exist record', async() => {
|
it('should update WorkerTimeControlMail if exist record', async() => {
|
||||||
const tx = await models.WorkerTimeControlMail.beginTransaction({});
|
const tx = await models.WorkerTimeControlMail.beginTransaction({});
|
||||||
const args = {
|
const args = {
|
||||||
workerId: 9,
|
|
||||||
week: 50,
|
week: 50,
|
||||||
year: 2000,
|
year: 2000,
|
||||||
state: 'CONFIRMED'
|
state: 'CONFIRMED'
|
||||||
|
@ -15,15 +16,15 @@ describe('updateWorkerTimeControlMail()', () => {
|
||||||
const options = {transaction: tx};
|
const options = {transaction: tx};
|
||||||
const beforeMail = await models.WorkerTimeControlMail.findOne({
|
const beforeMail = await models.WorkerTimeControlMail.findOne({
|
||||||
where: {
|
where: {
|
||||||
workerFk: args.workerId,
|
workerFk: developerId,
|
||||||
year: args.year,
|
year: args.year,
|
||||||
week: args.week,
|
week: args.week,
|
||||||
}
|
}
|
||||||
}, options);
|
}, options);
|
||||||
await models.WorkerTimeControl.updateWorkerTimeControlMail(ctx, options);
|
await models.WorkerTimeControl.updateMailState(ctx, developerId, options);
|
||||||
const afterMail = await models.WorkerTimeControlMail.findOne({
|
const afterMail = await models.WorkerTimeControlMail.findOne({
|
||||||
where: {
|
where: {
|
||||||
workerFk: args.workerId,
|
workerFk: developerId,
|
||||||
year: args.year,
|
year: args.year,
|
||||||
week: args.week,
|
week: args.week,
|
||||||
}
|
}
|
||||||
|
@ -42,7 +43,6 @@ describe('updateWorkerTimeControlMail()', () => {
|
||||||
it('should insert WorkerTimeControlMail if exist record', async() => {
|
it('should insert WorkerTimeControlMail if exist record', async() => {
|
||||||
const tx = await models.WorkerTimeControlMail.beginTransaction({});
|
const tx = await models.WorkerTimeControlMail.beginTransaction({});
|
||||||
const args = {
|
const args = {
|
||||||
workerId: 1,
|
|
||||||
week: 51,
|
week: 51,
|
||||||
year: 2000,
|
year: 2000,
|
||||||
state: 'SENDED'
|
state: 'SENDED'
|
||||||
|
@ -53,15 +53,15 @@ describe('updateWorkerTimeControlMail()', () => {
|
||||||
const options = {transaction: tx};
|
const options = {transaction: tx};
|
||||||
const beforeMail = await models.WorkerTimeControlMail.find({
|
const beforeMail = await models.WorkerTimeControlMail.find({
|
||||||
where: {
|
where: {
|
||||||
workerFk: args.workerId,
|
workerFk: employeeId,
|
||||||
year: args.year,
|
year: args.year,
|
||||||
week: args.week,
|
week: args.week,
|
||||||
}
|
}
|
||||||
}, options);
|
}, options);
|
||||||
await models.WorkerTimeControl.updateWorkerTimeControlMail(ctx, options);
|
await models.WorkerTimeControl.updateMailState(ctx, employeeId, options);
|
||||||
const afterMail = await models.WorkerTimeControlMail.find({
|
const afterMail = await models.WorkerTimeControlMail.find({
|
||||||
where: {
|
where: {
|
||||||
workerFk: args.workerId,
|
workerFk: employeeId,
|
||||||
year: args.year,
|
year: args.year,
|
||||||
week: args.week,
|
week: args.week,
|
||||||
}
|
}
|
||||||
|
@ -80,7 +80,7 @@ describe('updateWorkerTimeControlMail()', () => {
|
||||||
it('should throw error if not exist any record in this week', async() => {
|
it('should throw error if not exist any record in this week', async() => {
|
||||||
const tx = await models.WorkerTimeControlMail.beginTransaction({});
|
const tx = await models.WorkerTimeControlMail.beginTransaction({});
|
||||||
const ctx = {args: {
|
const ctx = {args: {
|
||||||
workerId: 1,
|
workerId: employeeId,
|
||||||
week: 1,
|
week: 1,
|
||||||
year: 0,
|
year: 0,
|
||||||
state: 'SENDED'
|
state: 'SENDED'
|
||||||
|
@ -89,7 +89,7 @@ describe('updateWorkerTimeControlMail()', () => {
|
||||||
let error;
|
let error;
|
||||||
try {
|
try {
|
||||||
const options = {transaction: tx};
|
const options = {transaction: tx};
|
||||||
await models.WorkerTimeControl.updateWorkerTimeControlMail(ctx, options);
|
await models.WorkerTimeControl.updateMailState(ctx, employeeId, options);
|
||||||
|
|
||||||
await tx.rollback();
|
await tx.rollback();
|
||||||
} catch (e) {
|
} catch (e) {
|
|
@ -1,12 +1,13 @@
|
||||||
const UserError = require('vn-loopback/util/user-error');
|
const UserError = require('vn-loopback/util/user-error');
|
||||||
module.exports = Self => {
|
module.exports = Self => {
|
||||||
Self.remoteMethodCtx('updateWorkerTimeControlMail', {
|
Self.remoteMethodCtx('updateMailState', {
|
||||||
description: 'Updates the state of WorkerTimeControlMail',
|
description: 'Updates the state of WorkerTimeControlMail',
|
||||||
accessType: 'WRITE',
|
accessType: 'WRITE',
|
||||||
accepts: [{
|
accepts: [{
|
||||||
arg: 'workerId',
|
arg: 'id',
|
||||||
type: 'number',
|
type: 'number',
|
||||||
required: true
|
description: 'The worker id',
|
||||||
|
http: {source: 'path'}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
arg: 'year',
|
arg: 'year',
|
||||||
|
@ -32,12 +33,12 @@ module.exports = Self => {
|
||||||
root: true
|
root: true
|
||||||
},
|
},
|
||||||
http: {
|
http: {
|
||||||
path: `/updateWorkerTimeControlMail`,
|
path: `/:id/updateMailState`,
|
||||||
verb: 'POST'
|
verb: 'POST'
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
Self.updateWorkerTimeControlMail = async(ctx, options) => {
|
Self.updateMailState = async(ctx, id, options) => {
|
||||||
const models = Self.app.models;
|
const models = Self.app.models;
|
||||||
const args = ctx.args;
|
const args = ctx.args;
|
||||||
const myOptions = {};
|
const myOptions = {};
|
||||||
|
@ -59,14 +60,14 @@ module.exports = Self => {
|
||||||
{
|
{
|
||||||
year: args.year,
|
year: args.year,
|
||||||
week: args.week,
|
week: args.week,
|
||||||
workerFk: args.workerId
|
workerFk: id
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
state: args.state,
|
state: args.state,
|
||||||
reason: args.reason,
|
reason: args.reason,
|
||||||
year: args.year,
|
year: args.year,
|
||||||
week: args.week,
|
week: args.week,
|
||||||
workerFk: args.workerId
|
workerFk: id
|
||||||
},
|
},
|
||||||
myOptions);
|
myOptions);
|
||||||
|
|
|
@ -61,7 +61,7 @@ module.exports = Self => {
|
||||||
const url = `${salix.url}worker/${args.workerId}/time-control?timestamp=${timestamp}`;
|
const url = `${salix.url}worker/${args.workerId}/time-control?timestamp=${timestamp}`;
|
||||||
ctx.args.url = url;
|
ctx.args.url = url;
|
||||||
|
|
||||||
await models.WorkerTimeControl.updateWorkerTimeControlMail(ctx, myOptions);
|
await models.WorkerTimeControl.updateMailState(ctx, ctx.workerId, myOptions);
|
||||||
return Self.sendTemplate(ctx, 'weekly-hour-record');
|
return Self.sendTemplate(ctx, 'weekly-hour-record');
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@ module.exports = Self => {
|
||||||
require('../methods/worker-time-control/deleteTimeEntry')(Self);
|
require('../methods/worker-time-control/deleteTimeEntry')(Self);
|
||||||
require('../methods/worker-time-control/updateTimeEntry')(Self);
|
require('../methods/worker-time-control/updateTimeEntry')(Self);
|
||||||
require('../methods/worker-time-control/sendMail')(Self);
|
require('../methods/worker-time-control/sendMail')(Self);
|
||||||
require('../methods/worker-time-control/updateWorkerTimeControlMail')(Self);
|
require('../methods/worker-time-control/updateMailState')(Self);
|
||||||
require('../methods/worker-time-control/weeklyHourRecordEmail')(Self);
|
require('../methods/worker-time-control/weeklyHourRecordEmail')(Self);
|
||||||
require('../methods/worker-time-control/getMailStates')(Self);
|
require('../methods/worker-time-control/getMailStates')(Self);
|
||||||
require('../methods/worker-time-control/resendWeeklyHourEmail')(Self);
|
require('../methods/worker-time-control/resendWeeklyHourEmail')(Self);
|
||||||
|
|
|
@ -46,5 +46,14 @@
|
||||||
"model": "Warehouse",
|
"model": "Warehouse",
|
||||||
"foreignKey": "warehouseFk"
|
"foreignKey": "warehouseFk"
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
"acls": [
|
||||||
|
{
|
||||||
|
"property": "updateMailState",
|
||||||
|
"accessType": "WRITE",
|
||||||
|
"permission": "ALLOW",
|
||||||
|
"principalType": "ROLE",
|
||||||
|
"principalId": "$owner"
|
||||||
jgallego
commented
Pregunta a @alexm si esto funciona Pregunta a @alexm si esto funciona
alexm
commented
Si $owner, hace que solo tenga permiso para el propio usuario. Para que funcione la tabla debe tener relación con la tabla user (vn-user) Si $owner, hace que solo tenga permiso para el propio usuario. Para que funcione la tabla debe tener relación con la tabla user (vn-user)
|
|||||||
}
|
}
|
||||||
|
]
|
||||||
}
|
}
|
Loading…
Reference in New Issue
Aquí uno se puede autoenviar sus fichadas, se quiere eso?
Aquí solo se puede si eres teamBoss. Lo hablé con @carlosap, quedamos en hacerlo así porque al llamar deleteTimeEntry, se llama a resendWeelyHourEmail y falla esa parte.