From 0561f193136a88996b1ee07c1f8de875b39817b2 Mon Sep 17 00:00:00 2001 From: jgallego Date: Tue, 24 Mar 2020 17:34:23 +0100 Subject: [PATCH] version 1 --- back/methods/dms/checkRole.js | 12 ++++++++ back/methods/dms/downloadFile.js | 30 ++++--------------- back/methods/dms/getFile.js | 29 ++++++++++++++++++ back/methods/dms/specs/downloadFile.spec.js | 2 +- .../10161-postValentineDay/00-borrame.sql | 4 +++ .../worker/back/methods/worker-dms/filter.js | 0 modules/worker/back/models/worker-dms.js | 1 + modules/worker/back/models/worker-dms.json | 3 ++ modules/worker/front/dms/index/index.html | 2 +- modules/worker/front/routes.json | 2 +- modules/worker/front/search-panel/index.html | 2 +- 11 files changed, 58 insertions(+), 29 deletions(-) create mode 100644 back/methods/dms/checkRole.js create mode 100644 back/methods/dms/getFile.js create mode 100644 db/changes/10161-postValentineDay/00-borrame.sql create mode 100644 modules/worker/back/methods/worker-dms/filter.js diff --git a/back/methods/dms/checkRole.js b/back/methods/dms/checkRole.js new file mode 100644 index 0000000000..b8beed3cb7 --- /dev/null +++ b/back/methods/dms/checkRole.js @@ -0,0 +1,12 @@ +const UserError = require('vn-loopback/util/user-error'); + +checkRole = async function(ctx, id) { + const models = Self.app.models; + const dms = await Self.findById(id); + + const hasReadRole = await models.DmsType.hasReadRole(ctx, dms.dmsTypeFk); + if (!hasReadRole) + throw new UserError(`You don't have enough privileges`); + + return true; +}; diff --git a/back/methods/dms/downloadFile.js b/back/methods/dms/downloadFile.js index f3096aabb4..6f0d379aa1 100644 --- a/back/methods/dms/downloadFile.js +++ b/back/methods/dms/downloadFile.js @@ -1,4 +1,6 @@ -const UserError = require('vn-loopback/util/user-error'); + +const checkRole = require('./checkRole'); +const getfile = require('./getfile'); module.exports = Self => { Self.remoteMethodCtx('downloadFile', { @@ -34,29 +36,7 @@ module.exports = Self => { }); Self.downloadFile = async function(ctx, id) { - const storageConnector = Self.app.dataSources.storage.connector; - const models = Self.app.models; - const dms = await Self.findById(id); - - const hasReadRole = await models.DmsType.hasReadRole(ctx, dms.dmsTypeFk); - if (!hasReadRole) - throw new UserError(`You don't have enough privileges`); - - const pathHash = storageConnector.getPathHash(dms.id); - try { - await models.Container.getFile(pathHash, dms.file); - } catch (e) { - if (e.code != 'ENOENT') - throw e; - - const error = new UserError(`File doesn't exists`); - error.statusCode = 404; - - throw error; - } - - const stream = models.Container.downloadStream(pathHash, dms.file); - - return [stream, dms.contentType, `filename="${dms.file}"`]; + await checkRole(ctx, id); + return await getfile(ctx, id); }; }; diff --git a/back/methods/dms/getFile.js b/back/methods/dms/getFile.js new file mode 100644 index 0000000000..5c1000b69d --- /dev/null +++ b/back/methods/dms/getFile.js @@ -0,0 +1,29 @@ +const UserError = require('vn-loopback/util/user-error'); + +getFile = async function(ctx, id) { + const storageConnector = Self.app.dataSources.storage.connector; + const models = Self.app.models; + const dms = await Self.findById(id); + + const hasReadRole = await models.DmsType.hasReadRole(ctx, dms.dmsTypeFk); + if (!hasReadRole) + + throw new UserError(`You don't have enough privileges`); + + const pathHash = storageConnector.getPathHash(dms.id); + try { + await models.Container.getFile(pathHash, dms.file); + } catch (e) { + if (e.code != 'ENOENT') + throw e; + + const error = new UserError(`File doesn't exists`); + error.statusCode = 404; + + throw error; + } + + const stream = models.Container.downloadStream(pathHash, dms.file); + + return [stream, dms.contentType, `filename="${dms.file}"`]; +}; diff --git a/back/methods/dms/specs/downloadFile.spec.js b/back/methods/dms/specs/downloadFile.spec.js index 99820ed389..43969fc1f0 100644 --- a/back/methods/dms/specs/downloadFile.spec.js +++ b/back/methods/dms/specs/downloadFile.spec.js @@ -1,6 +1,6 @@ const app = require('vn-loopback/server/server'); -describe('dms downloadFile()', () => { +fdescribe('dms downloadFile()', () => { let dmsId = 1; it('should return a response for an employee with text content-type', async() => { diff --git a/db/changes/10161-postValentineDay/00-borrame.sql b/db/changes/10161-postValentineDay/00-borrame.sql new file mode 100644 index 0000000000..22d1f5dec2 --- /dev/null +++ b/db/changes/10161-postValentineDay/00-borrame.sql @@ -0,0 +1,4 @@ +ALTER TABLE `vn`.`workerDocument` +ADD COLUMN `isReadableByWorker` TINYINT(1) NOT NULL DEFAULT 0 AFTER `document`; + +UPDATE `vn`.`workerDocument` SET `isReadableByWorker` = '1' WHERE (`id` = '1'); diff --git a/modules/worker/back/methods/worker-dms/filter.js b/modules/worker/back/methods/worker-dms/filter.js new file mode 100644 index 0000000000..e69de29bb2 diff --git a/modules/worker/back/models/worker-dms.js b/modules/worker/back/models/worker-dms.js index 4504b4ed42..c81ec1560e 100644 --- a/modules/worker/back/models/worker-dms.js +++ b/modules/worker/back/models/worker-dms.js @@ -1,4 +1,5 @@ module.exports = Self => { require('../methods/worker-dms/removeFile')(Self); require('../methods/worker-dms/allowedContentTypes')(Self); + // require('../methods/worker-dms/filter')(Self); }; diff --git a/modules/worker/back/models/worker-dms.json b/modules/worker/back/models/worker-dms.json index 56cad65a64..80634cfcc2 100644 --- a/modules/worker/back/models/worker-dms.json +++ b/modules/worker/back/models/worker-dms.json @@ -29,6 +29,9 @@ "mysql": { "columnName": "worker" } + }, + "isReadableByWorker": { + "type": "Boolean" } }, "relations": { diff --git a/modules/worker/front/dms/index/index.html b/modules/worker/front/dms/index/index.html index 697d3d5aa1..e90d5640e5 100644 --- a/modules/worker/front/dms/index/index.html +++ b/modules/worker/front/dms/index/index.html @@ -1,6 +1,6 @@