2025-02-05 12:23:05 +00:00
3 changed files with 15 additions and 0 deletions
--- a/db/versions/11404-azureAnthurium/00-firstScript.sql
+++ b/db/versions/11404-azureAnthurium/00-firstScript.sql
@ -0,0 +1,6 @@
+INSERT INTO salix.ACL (model, property, accessType, permission, principalType, principalId)
+VALUES
+    ('WorkerDms', 'hasHighPrivs', 'READ', 'ALLOW', 'ROLE', 'hr'),
+    ('Business', 'updateAttributes', 'WRITE', 'ALLOW', 'ROLE', 'hr'),
+    ('Worker', '__get__business', 'READ', 'ALLOW', 'ROLE', 'hr')
+    ;
--- a/modules/worker/back/methods/worker-dms/filter.js
+++ b/modules/worker/back/methods/worker-dms/filter.js
@ -1,5 +1,6 @@
 const ParameterizedSQL = require('loopback-connector').ParameterizedSQL;
 const {mergeFilters, mergeWhere} = require('vn-loopback/util/filter');
+const UserError = require('vn-loopback/util/user-error');

 module.exports = Self => {
    Self.remoteMethodCtx('filter', {
@ -33,7 +34,10 @@ module.exports = Self => {
        const conn = Self.dataSource.connector;
        const userId = ctx.req.accessToken.userId;
        const models = Self.app.models;
+        const hasPrivs = await models.ACL.checkAccessAcl(ctx, 'WorkerDms', 'hasHighPrivs', '*');

+        if (!hasPrivs && userId !== id)
+            throw new UserError('You don\'t have enough privileges');
        // Get ids alloweds
        const account = await models.VnUser.findById(userId);

--- a/modules/worker/back/models/worker.json
+++ b/modules/worker/back/models/worker.json
@ -155,6 +155,11 @@
            "type": "hasMany",
            "model": "WorkerRelative",
            "foreignKey": "workerFK"
+        },
+        "business": {         
+            "type": "hasMany",
+            "model": "Business",
+            "foreignKey": "workerFk"
        }
    },
    "acls": [