2762 - Delete entry as teamBoss #533
|
@ -26,11 +26,11 @@ module.exports = Self => {
|
|||
const workerModel = Self.app.models.Worker;
|
||||
|
||||
const targetTimeEntry = await Self.findById(id);
|
||||
|
||||
const isSubordinate = await workerModel.isSubordinate(ctx, targetTimeEntry.userFk);
|
||||
const isHHRR = await Self.app.models.Account.hasRole(currentUserId, 'hr');
|
||||
const isTeamBoss = await Self.app.models.Account.hasRole(currentUserId, 'teamBoss');
|
||||
const isHimself = currentUserId == targetTimeEntry.userFk;
|
||||
|
||||
const notAllowed = isSubordinate === false || (isSubordinate && currentUserId == targetTimeEntry.userFk && !isHHRR);
|
||||
const notAllowed = isSubordinate === false || (isSubordinate && isHimself && !isTeamBoss);
|
||||
|
||||
if (notAllowed)
|
||||
throw new UserError(`You don't have enough privileges`);
|
||||
|
|
|
@ -5,6 +5,8 @@ describe('workerTimeControl add/delete timeEntry()', () => {
|
|||
const HHRRId = 37;
|
||||
const teamBossId = 13;
|
||||
const employeeId = 1;
|
||||
const salesPersonId = 106;
|
||||
const salesBossId = 19;
|
||||
let activeCtx = {
|
||||
accessToken: {userId: 50},
|
||||
};
|
||||
|
@ -85,13 +87,13 @@ describe('workerTimeControl add/delete timeEntry()', () => {
|
|||
});
|
||||
|
||||
it('should try but fail to delete his own time entry', async() => {
|
||||
activeCtx.accessToken.userId = teamBossId;
|
||||
activeCtx.accessToken.userId = salesBossId;
|
||||
let error;
|
||||
let todayAtSeven = new Date();
|
||||
todayAtSeven.setHours(19, 30, 0, 0);
|
||||
|
||||
let data = {
|
||||
workerFk: teamBossId,
|
||||
workerFk: salesPersonId,
|
||||
timed: todayAtSeven
|
||||
};
|
||||
|
||||
|
@ -100,6 +102,7 @@ describe('workerTimeControl add/delete timeEntry()', () => {
|
|||
createdTimeEntry = await app.models.WorkerTimeControl.findById(timeEntry.id);
|
||||
|
||||
try {
|
||||
activeCtx.accessToken.userId = salesPersonId;
|
||||
await app.models.WorkerTimeControl.deleteTimeEntry(ctx, createdTimeEntry.id);
|
||||
} catch (e) {
|
||||
error = e;
|
||||
|
@ -110,6 +113,30 @@ describe('workerTimeControl add/delete timeEntry()', () => {
|
|||
expect(error.message).toBe(`You don't have enough privileges`);
|
||||
});
|
||||
|
||||
it('should delete the created time entry for the team boss as himself', async() => {
|
||||
activeCtx.accessToken.userId = teamBossId;
|
||||
|
||||
let todayAtFive = new Date();
|
||||
todayAtFive.setHours(17, 30, 0, 0);
|
||||
|
||||
let data = {
|
||||
workerFk: teamBossId,
|
||||
timed: todayAtFive
|
||||
};
|
||||
|
||||
timeEntry = await app.models.WorkerTimeControl.addTimeEntry(ctx, data);
|
||||
|
||||
createdTimeEntry = await app.models.WorkerTimeControl.findById(timeEntry.id);
|
||||
|
||||
expect(createdTimeEntry).toBeDefined();
|
||||
|
||||
await app.models.WorkerTimeControl.deleteTimeEntry(ctx, createdTimeEntry.id);
|
||||
|
||||
createdTimeEntry = await app.models.WorkerTimeControl.findById(timeEntry.id);
|
||||
|
||||
expect(createdTimeEntry).toBeNull();
|
||||
});
|
||||
|
||||
it('should delete the created time entry for the team boss as HHRR', async() => {
|
||||
activeCtx.accessToken.userId = HHRRId;
|
||||
|
||||
|
|
Loading…
Reference in New Issue