verdnatura/salix
verdnatura
/
salix
3
4
Fork 0
Code Issues Pull Requests 57 Releases Wiki Activity

chore: refs #7323 worker changes wip #2930

Merged
jorgep merged 5 commits from 7323-dynamicRole into dev 2024-09-06 12:03:21 +00:00
Conversation 0 Commits 5 Files Changed 4 +55 -2
4 changed files with 55 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
db/dump/fixtures.before.sql
View File

@ -108,6 +108,7 @@ INSERT INTO `vn`.`worker`(`id`,`code`, `firstName`, `lastName`, `bossFk`)
UPDATE `vn`.`worker` SET bossFk = NULL WHERE id = 20; UPDATE `vn`.`worker` SET bossFk = NULL WHERE id = 20;
UPDATE `vn`.`worker` SET bossFk = 20 WHERE id = 1 OR id = 9; UPDATE `vn`.`worker` SET bossFk = 20 WHERE id = 1 OR id = 9;
UPDATE `vn`.`worker` SET bossFk = 19 WHERE id = 18; UPDATE `vn`.`worker` SET bossFk = 19 WHERE id = 18;
UPDATE `vn`.`worker` SET bossFk = 50 WHERE id = 49;
DELETE FROM `vn`.`worker` WHERE firstName ='customer'; DELETE FROM `vn`.`worker` WHERE firstName ='customer';

4
db/versions/11215-purpleIvy/00-firstScript.sql Normal file
View File

@ -0,0 +1,4 @@
-- Place your SQL code here
INSERT INTO salix.ACL (model, property, accessType, permission, principalType, principalId)
VALUES ('Worker', '__get__descriptor', 'READ', 'ALLOW', 'ROLE', 'employee'),
('Worker', 'findById', 'READ', 'ALLOW', 'ROLE', '$subordinate');

12
loopback/server/boot/role-resolver.js Normal file
View File

@ -0,0 +1,12 @@
const UserError = require('vn-loopback/util/user-error');
module.exports = async function(app) {
const models = app.models;
models.VnRole.registerResolver('$subordinate', async(role, ctx) => {
Object.assign(ctx, {req: {accessToken: {userId: ctx.accessToken.userId}}});
const isSubordinate = await models.Worker.isSubordinate(ctx, +ctx.modelId);
if (!isSubordinate) throw new UserError(`You don't have enough privileges`);
});
};

40
modules/worker/back/models/worker.json
View File

@ -140,5 +140,41 @@
"principalType": "ROLE", "principalType": "ROLE",
"principalId": "$owner" "principalId": "$owner"
} }
] ],
} "scopes": {
"descriptor": {
"include": [
{
"relation": "user",
"scope": {
"fields": [
"name",
"nickname"
],
"include": {
"relation": "emailUser",
"scope": {
"fields": [
"email"
]
}
}
}
},
{
"relation": "department",
"scope": {
"include": [
{
"relation": "department"
}
]
}
},
{
"relation": "sip"
}
]
}
}
}