verdnatura/salix
verdnatura
/
salix
3
4
Fork 0
Code Issues Pull Requests 65 Releases Wiki Activity

fix: prevent deleting absences for past dates #3346

Merged
jorgep merged 9 commits from hotfix-restrictAbsencePrivs into master 2025-01-09 08:53:25 +00:00
Conversation 0 Commits 9 Files Changed 5 +9 -7
3 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 838617e3f6 - Show all commits

4
db/versions/11400-turquoiseChrysanthemum/00-firstScript.sql
View File

@ -1,2 +1,4 @@
DELETE FROM salix.ACL WHERE property = 'canCreateAbsenceInPast';
INSERT INTO salix.ACL (model,property,accessType,permission,principalType,principalId) INSERT INTO salix.ACL (model,property,accessType,permission,principalType,principalId)
VALUES ('Worker','canDeleteAbsenceInPast','WRITE','ALLOW','ROLE','hr'); VALUES ('Worker','canModifyAbsenceInPast','WRITE','ALLOW','ROLE','hr');

6
modules/worker/back/methods/worker/createAbsence.js
View File

@ -58,12 +58,12 @@ module.exports = Self => {
if (!isSubordinate || (isSubordinate && userId == id && !isTeamBoss)) if (!isSubordinate || (isSubordinate && userId == id && !isTeamBoss))
throw new UserError(`You don't have enough privileges`); throw new UserError(`You don't have enough privileges`);
const canCreateAbsenceInPast = const canModifyAbsenceInPast =
await models.ACL.checkAccessAcl(ctx, 'Worker', 'canCreateAbsenceInPast', 'WRITE'); await models.ACL.checkAccessAcl(ctx, 'Worker', 'canModifyAbsenceInPast', 'WRITE');
const now = Date.vnNew(); const now = Date.vnNew();
const newDate = new Date(args.dated).getTime(); const newDate = new Date(args.dated).getTime();
alexm commented 2025-01-09 06:46:14 +00:00
Review
Copy Link

No acabo de ver el duplicar el UserError

No acabo de ver el duplicar el UserError
if ((now.getTime() > newDate) && !canCreateAbsenceInPast) if ((now.getTime() > newDate) && !canModifyAbsenceInPast)
throw new UserError(`Holidays to past days not available`); throw new UserError(`Holidays to past days not available`);
const labour = await models.WorkerLabour.findById(args.businessFk, const labour = await models.WorkerLabour.findById(args.businessFk,

6
modules/worker/back/methods/worker/deleteAbsence.js
View File

@ -53,10 +53,10 @@ module.exports = Self => {
} }
} }
}, myOptions); }, myOptions);
const canDeleteAbsenceInPast = const canModifyAbsenceInPast =
await models.ACL.checkAccessAcl(ctx, 'Worker', 'canDeleteAbsenceInPast', 'WRITE'); await models.ACL.checkAccessAcl(ctx, 'Worker', 'canModifyAbsenceInPast', 'WRITE');
if (!canDeleteAbsenceInPast && Date.vnNow() > absence.dated.getTime()) if (!canModifyAbsenceInPast && Date.vnNow() > absence.dated.getTime())
throw new UserError(`Holidays to past days not available`); throw new UserError(`Holidays to past days not available`);
const result = await absence.destroy(myOptions); const result = await absence.destroy(myOptions);