36 lines
1.1 KiB
JavaScript
36 lines
1.1 KiB
JavaScript
module.exports = Self => {
|
|
Self.remoteMethodCtx('deleteTimeEntry', {
|
|
description: 'Deletes a manual time entry for a worker if the user role is above the worker',
|
|
accessType: 'READ',
|
|
accepts: [{
|
|
arg: 'id',
|
|
type: 'number',
|
|
required: true,
|
|
description: 'The time entry id',
|
|
http: {source: 'path'}
|
|
}],
|
|
returns: {
|
|
type: 'boolean',
|
|
root: true
|
|
},
|
|
http: {
|
|
path: `/:id/deleteTimeEntry`,
|
|
verb: 'POST'
|
|
}
|
|
});
|
|
|
|
Self.deleteTimeEntry = async(ctx, id) => {
|
|
const workerModel = Self.app.models.Worker;
|
|
|
|
const targetTimeEntry = await Self.findById(id);
|
|
|
|
const hasRightsToDelete = await workerModel.isSubordinate(ctx, targetTimeEntry.userFk);
|
|
|
|
if (!hasRightsToDelete)
|
|
throw new UserError(`You don't have enough privileges`);
|
|
|
|
return Self.rawSql('CALL vn.workerTimeControl_remove(?, ?)', [
|
|
targetTimeEntry.userFk, targetTimeEntry.timed]);
|
|
};
|
|
};
|