From 19d1ea47a0a5cf6a39e38d27c2b602f6d2259c9b Mon Sep 17 00:00:00 2001
From: alexm <alexm@verdnatura.es>
Date: Fri, 21 Jan 2022 11:40:48 +0100
Subject: [PATCH] feat(ticket_sale): role restriction to create payBack

---
 .../05-ticket/01-sale/02_edit_sale.spec.js    |  4 +++
 loopback/locale/es.json                       |  5 ++--
 modules/ticket/back/methods/sale/payBack.js   | 11 +++++++
 .../{payment.spec.js => payBack.spec.js}      | 30 ++++++++++++++++++-
 modules/ticket/front/sale/index.html          |  4 ++-
 5 files changed, 50 insertions(+), 4 deletions(-)
 rename modules/ticket/back/methods/sale/specs/{payment.spec.js => payBack.spec.js} (53%)

diff --git a/e2e/paths/05-ticket/01-sale/02_edit_sale.spec.js b/e2e/paths/05-ticket/01-sale/02_edit_sale.spec.js
index 1f3aedadf..f5f290c50 100644
--- a/e2e/paths/05-ticket/01-sale/02_edit_sale.spec.js
+++ b/e2e/paths/05-ticket/01-sale/02_edit_sale.spec.js
@@ -207,6 +207,10 @@ describe('Ticket Edit sale path', () => {
     });
 
     it('should select the third sale and create a pay back', async() => {
+        await page.loginAndModule('salesAssistant', 'ticket');
+        await page.accessToSearchResult('16');
+        await page.accessToSection('ticket.card.sale');
+
         await page.waitToClick(selectors.ticketSales.firstSaleCheckbox);
         await page.waitToClick(selectors.ticketSales.moreMenu);
         await page.waitToClick(selectors.ticketSales.moreMenuPayBack);
diff --git a/loopback/locale/es.json b/loopback/locale/es.json
index 9ffae7997..4be9085db 100644
--- a/loopback/locale/es.json
+++ b/loopback/locale/es.json
@@ -216,5 +216,6 @@
 	"The worker has hours recorded that day": "El trabajador tiene horas fichadas ese día",
 	"The worker has a marked absence that day": "El trabajador tiene marcada una ausencia ese día",
 	"You can not modify is pay method checked": "No se puede modificar el campo método de pago validado",
-	"Can't transfer claimed sales": "No puedes transferir lineas reclamadas"
-	}
\ No newline at end of file
+	"Can't transfer claimed sales": "No puedes transferir lineas reclamadas",
+	"You don't have privileges to create pay back": "No tienes permisos para crear un abono"
+}
\ No newline at end of file
diff --git a/modules/ticket/back/methods/sale/payBack.js b/modules/ticket/back/methods/sale/payBack.js
index 41150a1e0..a7f04b1be 100644
--- a/modules/ticket/back/methods/sale/payBack.js
+++ b/modules/ticket/back/methods/sale/payBack.js
@@ -1,3 +1,5 @@
+const UserError = require('vn-loopback/util/user-error');
+
 module.exports = Self => {
     Self.remoteMethodCtx('payBack', {
         description: 'Create ticket with the selected lines changing the sign to the quantites',
@@ -39,6 +41,15 @@ module.exports = Self => {
         try {
             const salesIds = [];
             const params = [];
+            const userId = ctx.req.accessToken.userId;
+
+            const isClaimManager = await Self.app.models.Account.hasRole(userId, 'claimManager');
+            const isSalesAssistant = await Self.app.models.Account.hasRole(userId, 'salesAssistant');
+            const checkRoles = isClaimManager || isSalesAssistant;
+
+            if (!checkRoles)
+                throw new UserError(`You don't have privileges to create pay back`);
+
             sales.forEach(sale => {
                 salesIds.push(sale.id);
                 params.push('?');
diff --git a/modules/ticket/back/methods/sale/specs/payment.spec.js b/modules/ticket/back/methods/sale/specs/payBack.spec.js
similarity index 53%
rename from modules/ticket/back/methods/sale/specs/payment.spec.js
rename to modules/ticket/back/methods/sale/specs/payBack.spec.js
index 9f0bcc98a..91ac8aceb 100644
--- a/modules/ticket/back/methods/sale/specs/payment.spec.js
+++ b/modules/ticket/back/methods/sale/specs/payBack.spec.js
@@ -3,15 +3,17 @@ const models = require('vn-loopback/server/server').models;
 describe('sale payBack()', () => {
     it('should create ticket with the selected lines changing the sign to the quantites', async() => {
         const tx = await models.Sale.beginTransaction({});
+        const ctx = {req: {accessToken: {userId: 9}}};
+
         const ticketId = 11;
         const sales = [
             {id: 7, ticketFk: 11},
             {id: 8, ticketFk: 11}
         ];
+
         try {
             const options = {transaction: tx};
 
-            const ctx = {req: {accessToken: {userId: 9}}};
             const response = await models.Sale.payBack(ctx, sales, ticketId, options);
             const [newTicketId] = await models.Sale.rawSql('SELECT MAX(t.id) id FROM vn.ticket t;', null, options);
 
@@ -23,4 +25,30 @@ describe('sale payBack()', () => {
             throw e;
         }
     });
+
+    it('should throw error for not have privileges', async() => {
+        const tx = await models.Sale.beginTransaction({});
+        const ctx = {req: {accessToken: {userId: 1}}};
+
+        const ticketId = 11;
+        const sales = [
+            {id: 7, ticketFk: 11}
+        ];
+
+        let error;
+
+        try {
+            const options = {transaction: tx};
+
+            await models.Sale.payBack(ctx, sales, ticketId, options);
+
+            await tx.rollback();
+        } catch (e) {
+            await tx.rollback();
+            error = e;
+        }
+
+        expect(error).toBeDefined();
+        expect(error.message).toEqual(`You don't have privileges to create pay back`);
+    });
 });
diff --git a/modules/ticket/front/sale/index.html b/modules/ticket/front/sale/index.html
index fe1f5684d..5dc3c9428 100644
--- a/modules/ticket/front/sale/index.html
+++ b/modules/ticket/front/sale/index.html
@@ -492,7 +492,9 @@
     </vn-item>
     <vn-item translate
         name="payBack"
-        ng-click="$ctrl.createPayBack()">
+        ng-click="$ctrl.createPayBack()"
+        vn-acl="claimManager, salesAssistant"
+        vn-acl-action="remove">
         Pay Back
     </vn-item>
 </vn-menu>
\ No newline at end of file