db/versions/11404-azureAnthurium/00-firstScript.sql

@@ -0,0 +1,6 @@
+INSERT INTO salix.ACL (model, property, accessType, permission, principalType, principalId)
+VALUES
+    ('WorkerDms', 'hasHighPrivs', 'READ', 'ALLOW', 'ROLE', 'hr'),
+    ('Business', 'updateAttributes', 'WRITE', 'ALLOW', 'ROLE', 'hr'),
+    ('Worker', '__get__business', 'READ', 'ALLOW', 'ROLE', 'hr')
+    ;

modules/client/back/models/business.json

@@ -13,6 +13,9 @@
         },
         "workcenterFk" : {
             "type": "number"
+        },
+        "notes" : {
+            "type": "string"
         }        
     },
     "relations": {

modules/worker/back/methods/worker-dms/filter.js

@@ -1,5 +1,6 @@
 const ParameterizedSQL = require('loopback-connector').ParameterizedSQL;
 const {mergeFilters, mergeWhere} = require('vn-loopback/util/filter');
+const UserError = require('vn-loopback/util/user-error');
 
 module.exports = Self => {
     Self.remoteMethodCtx('filter', {
@@ -33,7 +34,10 @@ module.exports = Self => {
         const conn = Self.dataSource.connector;
         const userId = ctx.req.accessToken.userId;
         const models = Self.app.models;
+        const hasPrivs = await models.ACL.checkAccessAcl(ctx, 'WorkerDms', 'hasHighPrivs', '*');
 
+        if (!hasPrivs && userId !== id)
+            throw new UserError('You don\'t have enough privileges');
         // Get ids alloweds
         const account = await models.VnUser.findById(userId);
 

modules/worker/back/models/worker.json

@@ -142,6 +142,11 @@
             "type": "hasMany",
             "model": "WorkerRelative",
             "foreignKey": "workerFK"
+        },
+        "business": {         
+            "type": "hasMany",
+            "model": "Business",
+            "foreignKey": "workerFk"
         }
     },
     "acls": [