salix/modules/ticket/back/methods/ticket/isEditableOrThrow.js

const ForbiddenError = require('vn-loopback/util/forbiddenError');

module.exports = Self => {
    Self.isEditableOrThrow = async(ctx, id, options) => {
        const models = Self.app.models;
        const myOptions = {};

        if (typeof options == 'object')
            Object.assign(myOptions, options);

        const state = await models.TicketState.findOne({where: {ticketFk: id}}, myOptions);
        const isRoleAdvanced = await models.ACL.checkAccessAcl(ctx, 'Ticket', 'isRoleAdvanced', '*');
        const isProductionReviewer = await models.ACL.checkAccessAcl(ctx, 'Sale', 'isInPreparing', '*');
        const canEditWeeklyTicket = await models.ACL.checkAccessAcl(ctx, 'Ticket', 'canEditWeekly', 'WRITE');
        const alertLevel = state ? state.alertLevel : null;
        const ticket = await models.Ticket.findById(id, {
            fields: ['clientFk'], include: {relation: 'client'}
        }, myOptions);

        const isLocked = await models.Ticket.isLocked(id, myOptions);
        const isWeekly = await models.TicketWeekly.findOne({where: {ticketFk: id}}, myOptions);

        const alertLevelGreaterThanZero = (alertLevel && alertLevel > 0);
        const isNormalClient = ticket && ticket.client().typeFk == 'normal';
        const isEditable = !(alertLevelGreaterThanZero && isNormalClient);

        const ticketCollection = await models.TicketCollection.findOne({
            include: {relation: 'collection'}, where: {ticketFk: id}
        }, myOptions);
        let isOwner = ticketCollection?.collection()?.workerFk === ctx.req.accessToken.userId;

        if (!isOwner) {
            const saleGroup = await models.SaleGroup.findOne({fields: ['id'], where: {ticketFk: id}}, myOptions);
            const sectorCollectionSaleGroup = saleGroup && await models.SectorCollectionSaleGroup.findOne({
                include: {relation: 'sectorCollection'}, where: {saleGroupFk: saleGroup.id}
            }, myOptions);

            isOwner = sectorCollectionSaleGroup?.sectorCollection()?.userFk === ctx.req.accessToken.userId;
        }

        if (!ticket)
            throw new ForbiddenError(`The ticket doesn't exist.`);

        if (!isEditable && !isRoleAdvanced && !isProductionReviewer && !isOwner)
            throw new ForbiddenError(`This ticket is not editable.`);

        if (isLocked && !isWeekly)
            throw new ForbiddenError(`This ticket is locked`);

        if (isWeekly && !canEditWeeklyTicket)
            throw new ForbiddenError(`You don't have enough privileges.`);
    };
};