verdnatura/salix
verdnatura
/
salix
3
4
Fork 0
Code Issues Pull Requests 57 Releases Wiki Activity

Merge pull request 'WARMFIX #7648 entryFilter and getBuys by fi' (!2691) from 7648_warmFix_filterByFI into dev
gitea/salix/pipeline/head There was a failure building this commit Details 

Reviewed-on: #2691
Reviewed-by: Alex Moreno <alexm@verdnatura.es>
This commit is contained in:
Javier Segarra 2024-07-05 13:02:06 +00:00
parent f07964be20 5192bfd8ea
commit 0e0d07c4fe
4 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
modules/entry/back/methods/entry/filter.js
View File

@ -146,10 +146,11 @@ module.exports = Self => {
});
filter = mergeFilters(ctx.args.filter, {where});
const userId = ctx.req.accessToken.userId;
const isSupplier = await Self.app.models.Supplier.findById(userId, myOptions);
if (isSupplier) {
const client = await Self.app.models.Client.findById(userId, myOptions);
const supplier = await Self.app.models.Supplier.findOne({where: {nif: client.fi}}, myOptions);
if (supplier) {
if (!filter.where) filter.where = {};
filter.where[`e.supplierFk`] = ctx.req.accessToken.userId;
filter.where[`e.supplierFk`] = supplier.id;
}
const stmts = [];
let stmt;

7
modules/entry/back/methods/entry/getBuys.js
View File

@ -36,9 +36,10 @@ module.exports = Self => {
if (typeof options == 'object')
Object.assign(myOptions, options);
const isSupplier = await Self.app.models.Supplier.findById(userId, myOptions);
if (isSupplier) {
const isEntryOwner = (await Self.findById(id)).supplierFk === userId;
const client = await Self.app.models.Client.findById(userId, myOptions);
const supplier = await Self.app.models.Supplier.findOne({where: {nif: client.fi}}, myOptions);
if (supplier) {
const isEntryOwner = (await Self.findById(id)).supplierFk === supplier.id;
if (!isEntryOwner) throw new UserError('Access Denied');
}

4
modules/entry/back/methods/entry/specs/filter.spec.js
View File

@ -56,7 +56,7 @@ describe('Entry filter()', () => {
try {
const ctx = {
args: {},
req: {accessToken: {userId: 2}}
req: {accessToken: {userId: 1102}}
};
const result = await models.Entry.filter(ctx, options);
@ -79,7 +79,7 @@ describe('Entry filter()', () => {
args: {
supplierFk: 1
},
req: {accessToken: {userId: 2}}
req: {accessToken: {userId: 1102}}
};
const result = await models.Entry.filter(ctx, options);

2
modules/entry/back/methods/entry/specs/getBuys.spec.js
View File

@ -40,7 +40,7 @@ describe('entry getBuys()', () => {
args: {
search: 1
},
req: {accessToken: {userId: 2}}
req: {accessToken: {userId: 1102}}
};
const result = await models.Entry.getBuys(ctx, entryId, options);