verdnatura/salix
verdnatura
/
salix
3
4
Fork 0
Code Issues Pull Requests 65 Releases Wiki Activity

fix: prevent deleting absences for past dates #3346

Merged
jorgep merged 9 commits from hotfix-restrictAbsencePrivs into master 2025-01-09 08:53:25 +00:00
Conversation 0 Commits 9 Files Changed 5 +9 -7
3 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 838617e3f6 - Show all commits

4
db/versions/11400-turquoiseChrysanthemum/00-firstScript.sql
View File

@ -1,2 +1,4 @@
DELETE FROM salix.ACL WHERE property = 'canCreateAbsenceInPast';
INSERT INTO salix.ACL (model,property,accessType,permission,principalType,principalId)
VALUES ('Worker','canDeleteAbsenceInPast','WRITE','ALLOW','ROLE','hr');
VALUES ('Worker','canModifyAbsenceInPast','WRITE','ALLOW','ROLE','hr');

6
modules/worker/back/methods/worker/createAbsence.js
View File

@ -58,12 +58,12 @@ module.exports = Self => {
if (!isSubordinate || (isSubordinate && userId == id && !isTeamBoss))
throw new UserError(`You don't have enough privileges`);
const canCreateAbsenceInPast =
await models.ACL.checkAccessAcl(ctx, 'Worker', 'canCreateAbsenceInPast', 'WRITE');
const canModifyAbsenceInPast =
await models.ACL.checkAccessAcl(ctx, 'Worker', 'canModifyAbsenceInPast', 'WRITE');
const now = Date.vnNew();
const newDate = new Date(args.dated).getTime();
alexm commented 2025-01-09 06:46:14 +00:00
Review
Copy Link

No acabo de ver el duplicar el UserError

No acabo de ver el duplicar el UserError
if ((now.getTime() > newDate) && !canCreateAbsenceInPast)
if ((now.getTime() > newDate) && !canModifyAbsenceInPast)
throw new UserError(`Holidays to past days not available`);
const labour = await models.WorkerLabour.findById(args.businessFk,

6
modules/worker/back/methods/worker/deleteAbsence.js
View File

@ -53,10 +53,10 @@ module.exports = Self => {
}
}
}, myOptions);
const canDeleteAbsenceInPast =
await models.ACL.checkAccessAcl(ctx, 'Worker', 'canDeleteAbsenceInPast', 'WRITE');
const canModifyAbsenceInPast =
await models.ACL.checkAccessAcl(ctx, 'Worker', 'canModifyAbsenceInPast', 'WRITE');
jorgep marked this conversation as resolved Outdated
alexm commented 2025-01-08 13:02:23 +00:00
Outdated
Review
Copy Link

En create ya esta codigo parecido b14268ef1b/modules/worker/back/methods/worker/createAbsence.js (L63)

Ver si unificar

En create ya esta codigo parecido https://gitea.verdnatura.es/verdnatura/salix/src/commit/b14268ef1bfd0091526255e390255ad664f3839a/modules/worker/back/methods/worker/createAbsence.js#L63 Ver si unificar
if (!canDeleteAbsenceInPast && Date.vnNow() > absence.dated.getTime())
if (!canModifyAbsenceInPast && Date.vnNow() > absence.dated.getTime())
throw new UserError(`Holidays to past days not available`);
const result = await absence.destroy(myOptions);