chore: refs #7323 worker changes wip #2930

Merged
jorgep merged 5 commits from 7323-dynamicRole into dev 2024-09-06 12:03:21 +00:00
3 changed files with 54 additions and 2 deletions
Showing only changes of commit 18d93d93a6 - Show all commits

View File

@ -0,0 +1,4 @@
-- Place your SQL code here
INSERT INTO salix.ACL (model, property, accessType, permission, principalType, principalId)
VALUES ('Worker', '__get__descriptor', 'READ', 'ALLOW', 'ROLE', 'employee'),
('Worker', 'findById', 'READ', 'ALLOW', 'ROLE', '$subordinate');

View File

@ -0,0 +1,12 @@
const UserError = require('vn-loopback/util/user-error');
module.exports = async function(app) {
const models = app.models;
models.VnRole.registerResolver('$subordinate', async(role, ctx) => {
Object.assign(ctx, {req: {accessToken: {userId: ctx.accessToken.userId}}});
const isSubordinate = await models.Worker.isSubordinate(ctx, +ctx.modelId);
if (!isSubordinate) throw new UserError(`You don't have enough privileges`);
});
};

View File

@ -140,5 +140,41 @@
"principalType": "ROLE",
"principalId": "$owner"
}
],
"scopes": {
"descriptor": {
"include": [
{
"relation": "user",
"scope": {
"fields": [
"name",
"nickname"
],
"include": {
"relation": "emailUser",
"scope": {
"fields": [
"email"
]
}
}
}
},
{
"relation": "department",
"scope": {
"include": [
{
"relation": "department"
}
]
}
},
{
"relation": "sip"
}
]
}
}
}