From 7b862c5c30c659addf7b7136db49ddcf97ab60ba Mon Sep 17 00:00:00 2001 From: jorgep Date: Mon, 12 Feb 2024 16:10:58 +0100 Subject: [PATCH 01/32] fix: refs #6744 fix setPassword --- .../worker/back/methods/worker/setPassword.js | 47 +++++++++++-------- modules/worker/front/descriptor/index.html | 4 +- modules/worker/front/descriptor/index.js | 5 +- 3 files changed, 33 insertions(+), 23 deletions(-) diff --git a/modules/worker/back/methods/worker/setPassword.js b/modules/worker/back/methods/worker/setPassword.js index 43d3d946f..0f6905e80 100644 --- a/modules/worker/back/methods/worker/setPassword.js +++ b/modules/worker/back/methods/worker/setPassword.js @@ -2,42 +2,49 @@ const UserError = require('vn-loopback/util/user-error'); module.exports = Self => { Self.remoteMethodCtx('setPassword', { description: 'Set a new password', - accepts: [ - { - arg: 'workerFk', - type: 'number', - required: true, - description: 'The worker id', - }, - { - arg: 'newPass', - type: 'String', - required: true, - description: 'The new worker password' - } + accepts: [{ + arg: 'workerFk', + type: 'number', + required: true, + description: 'The worker id', + }, { + arg: 'newPass', + type: 'String', + required: true, + description: 'The new worker password' + }, { + arg: 'emailVerified', + type: 'Boolean', + required: true, + }, ], http: { path: `/:id/setPassword`, verb: 'PATCH' } }); - Self.setPassword = async(ctx, options) => { + Self.setPassword = async(ctx, workerFk, newPass, emailVerified, options) => { + const userId = ctx.req.accessToken.userId; const models = Self.app.models; const myOptions = {}; - const {args} = ctx; let tx; + if (typeof options == 'object') Object.assign(myOptions, options); if (!myOptions.transaction) { tx = await Self.beginTransaction({}); myOptions.transaction = tx; } - try { - const isSubordinate = await models.Worker.isSubordinate(ctx, args.workerFk, myOptions); - if (!isSubordinate) throw new UserError('You don\'t have enough privileges.'); - await models.VnUser.setPassword(args.workerFk, args.newPass, myOptions); - await models.VnUser.updateAll({id: args.workerFk}, {emailVerified: true}, myOptions); + try { + const ishimself = userId === workerFk; + const isSubordinate = await models.Worker.isSubordinate(ctx, workerFk, myOptions); + + if (ishimself || (isSubordinate && !emailVerified)) { + await models.VnUser.setPassword(workerFk, newPass, myOptions); + await models.VnUser.updateAll({id: workerFk}, {emailVerified: true}, myOptions); + } else + throw new UserError('You don\'t have enough privileges.'); if (tx) await tx.commit(); } catch (e) { diff --git a/modules/worker/front/descriptor/index.html b/modules/worker/front/descriptor/index.html index 8290e2a15..67776ce47 100644 --- a/modules/worker/front/descriptor/index.html +++ b/modules/worker/front/descriptor/index.html @@ -11,8 +11,8 @@ ? 'Click to allow the user to be disabled' : 'Click to exclude the user from getting disabled'}} - - Change password + + Change password diff --git a/modules/worker/front/descriptor/index.js b/modules/worker/front/descriptor/index.js index 13ffa6f2f..4ef98fe3b 100644 --- a/modules/worker/front/descriptor/index.js +++ b/modules/worker/front/descriptor/index.js @@ -15,6 +15,8 @@ class Controller extends Descriptor { this.entity = value; if (value) this.getIsExcluded(); + this.$http.get(`UserConfigs/getUserConfig`) + .then(res => this.userFk = res.data.userFk); if (this.entity && !this.entity.user.emailVerified) this.getPassRequirements(); @@ -69,6 +71,7 @@ class Controller extends Descriptor { } ] }; + return this.getData(`Workers/${this.id}`, {filter}) .then(res => this.entity = res.data); } @@ -87,7 +90,7 @@ class Controller extends Descriptor { throw new UserError(`Passwords don't match`); this.$http.patch( `Workers/${this.entity.id}/setPassword`, - {workerFk: this.entity.id, newPass: this.newPassword} + {workerFk: this.entity.id, newPass: this.newPassword, emailVerified: !!this.entity.user.emailVerified} ) .then(() => { this.vnApp.showSuccess(this.$translate.instant('Password changed!')); }); From 47bfb34507df24839642afa49694f699036a3f71 Mon Sep 17 00:00:00 2001 From: jorgep Date: Tue, 13 Feb 2024 10:10:48 +0100 Subject: [PATCH 02/32] fix: refs #6744 remove params --- .../worker/back/methods/worker/setPassword.js | 21 ++++++++----------- modules/worker/front/descriptor/index.js | 8 +++---- 2 files changed, 13 insertions(+), 16 deletions(-) diff --git a/modules/worker/back/methods/worker/setPassword.js b/modules/worker/back/methods/worker/setPassword.js index 0f6905e80..cf9cd4cf2 100644 --- a/modules/worker/back/methods/worker/setPassword.js +++ b/modules/worker/back/methods/worker/setPassword.js @@ -3,27 +3,23 @@ module.exports = Self => { Self.remoteMethodCtx('setPassword', { description: 'Set a new password', accepts: [{ - arg: 'workerFk', + arg: 'id', type: 'number', required: true, description: 'The worker id', + http: {source: 'path'} }, { arg: 'newPass', type: 'String', required: true, description: 'The new worker password' - }, { - arg: 'emailVerified', - type: 'Boolean', - required: true, - }, - ], + }], http: { path: `/:id/setPassword`, verb: 'PATCH' } }); - Self.setPassword = async(ctx, workerFk, newPass, emailVerified, options) => { + Self.setPassword = async(ctx, workerId, newPass, options) => { const userId = ctx.req.accessToken.userId; const models = Self.app.models; const myOptions = {}; @@ -37,12 +33,13 @@ module.exports = Self => { } try { - const ishimself = userId === workerFk; - const isSubordinate = await models.Worker.isSubordinate(ctx, workerFk, myOptions); + const ishimself = userId === workerId; + const isSubordinate = await Self.isSubordinate(ctx, workerId, myOptions); + const {emailVerified} = await models.VnUser.findById(workerId, {fields: ['emailVerified']}, myOptions); if (ishimself || (isSubordinate && !emailVerified)) { - await models.VnUser.setPassword(workerFk, newPass, myOptions); - await models.VnUser.updateAll({id: workerFk}, {emailVerified: true}, myOptions); + await models.VnUser.setPassword(workerId, newPass, myOptions); + await models.VnUser.updateAll({id: workerId}, {emailVerified: true}, myOptions); } else throw new UserError('You don\'t have enough privileges.'); diff --git a/modules/worker/front/descriptor/index.js b/modules/worker/front/descriptor/index.js index 4ef98fe3b..3cbeb2c55 100644 --- a/modules/worker/front/descriptor/index.js +++ b/modules/worker/front/descriptor/index.js @@ -5,6 +5,9 @@ class Controller extends Descriptor { constructor($element, $, $rootScope) { super($element, $); this.$rootScope = $rootScope; + + this.$http.get(`UserConfigs/getUserConfig`) + .then(res => this.userFk = res.data.userFk); } get worker() { @@ -15,8 +18,6 @@ class Controller extends Descriptor { this.entity = value; if (value) this.getIsExcluded(); - this.$http.get(`UserConfigs/getUserConfig`) - .then(res => this.userFk = res.data.userFk); if (this.entity && !this.entity.user.emailVerified) this.getPassRequirements(); @@ -89,8 +90,7 @@ class Controller extends Descriptor { if (this.newPassword != this.repeatPassword) throw new UserError(`Passwords don't match`); this.$http.patch( - `Workers/${this.entity.id}/setPassword`, - {workerFk: this.entity.id, newPass: this.newPassword, emailVerified: !!this.entity.user.emailVerified} + `Workers/${this.entity.id}/setPassword`, {newPass: this.newPassword} ) .then(() => { this.vnApp.showSuccess(this.$translate.instant('Password changed!')); }); From 9f2768c131b6cb04d8fea1ce4fc3d4376c20a6c7 Mon Sep 17 00:00:00 2001 From: jorgep Date: Fri, 16 Feb 2024 15:51:54 +0100 Subject: [PATCH 03/32] fix: refs #6776 tests --- .../worker/back/methods/worker/setPassword.js | 4 +- .../methods/worker/specs/setPassword.spec.js | 92 +++++++++++++------ modules/worker/front/descriptor/index.spec.js | 1 + 3 files changed, 66 insertions(+), 31 deletions(-) diff --git a/modules/worker/back/methods/worker/setPassword.js b/modules/worker/back/methods/worker/setPassword.js index cf9cd4cf2..5571ea1d2 100644 --- a/modules/worker/back/methods/worker/setPassword.js +++ b/modules/worker/back/methods/worker/setPassword.js @@ -33,11 +33,11 @@ module.exports = Self => { } try { - const ishimself = userId === workerId; + const isHimself = userId === workerId; const isSubordinate = await Self.isSubordinate(ctx, workerId, myOptions); const {emailVerified} = await models.VnUser.findById(workerId, {fields: ['emailVerified']}, myOptions); - if (ishimself || (isSubordinate && !emailVerified)) { + if (isHimself || (isSubordinate && !emailVerified)) { await models.VnUser.setPassword(workerId, newPass, myOptions); await models.VnUser.updateAll({id: workerId}, {emailVerified: true}, myOptions); } else diff --git a/modules/worker/back/methods/worker/specs/setPassword.spec.js b/modules/worker/back/methods/worker/specs/setPassword.spec.js index fbb403b24..0f0700561 100644 --- a/modules/worker/back/methods/worker/specs/setPassword.spec.js +++ b/modules/worker/back/methods/worker/specs/setPassword.spec.js @@ -1,31 +1,30 @@ -const UserError = require('vn-loopback/util/user-error'); - -const models = require('vn-loopback/server/server').models; +const {models} = require('vn-loopback/server/server'); describe('worker setPassword()', () => { let ctx; + const newPass = 'H3rn4d3z#'; + const employeeId = 1; + const managerId = 20; + const administrativeId = 5; + beforeAll(() => { ctx = { req: { - accessToken: {}, + accessToken: {userId: managerId}, headers: {origin: 'http://localhost'} }, - args: {workerFk: 9} }; }); - beforeEach(() => { - ctx.req.accessToken.userId = 20; - ctx.args.newPass = 'H3rn4d3z#'; - }); - - it('should change the password', async() => { + it('should change the password if it is a subordinate and the email is not verified', async() => { const tx = await models.Worker.beginTransaction({}); try { const options = {transaction: tx}; - await models.Worker.setPassword(ctx, options); + await models.Worker.setPassword(ctx, employeeId, newPass, options); + const isNewPass = await passHasBeenChanged(employeeId, newPass, options); + expect(isNewPass).toBeTrue(); await tx.rollback(); } catch (e) { await tx.rollback(); @@ -33,29 +32,64 @@ describe('worker setPassword()', () => { } }); - it('should throw an error: Password does not meet requirements', async() => { - const tx = await models.Collection.beginTransaction({}); - ctx.args.newPass = 'Hi'; + it('should not change the password if it is a subordinate and the email is verified', async() => { + const tx = await models.Worker.beginTransaction({}); + try { const options = {transaction: tx}; - await models.Worker.setPassword(ctx, options); + await models.VnUser.updateAll({id: employeeId}, {emailVerified: true}, options); + await models.Worker.setPassword(ctx, employeeId, newPass, options); + + await tx.rollback(); + } catch (e) { + expect(e.message).toEqual(`You don't have enough privileges.`); + await tx.rollback(); + } + }); + + it('should change the password if it is himself', async() => { + const tx = await models.Worker.beginTransaction({}); + + try { + const options = {transaction: tx}; + await models.VnUser.updateAll({id: managerId}, {emailVerified: true}, options); + await models.Worker.setPassword(ctx, managerId, newPass, options); + const isNewPass = await passHasBeenChanged(managerId, newPass, options); + + expect(isNewPass).toBeTrue(); + await tx.rollback(); + } catch (e) { + await tx.rollback(); + } + }); + + it('should not change the password if it is not a subordinate', async() => { + const tx = await models.Worker.beginTransaction({}); + try { + const options = {transaction: tx}; + await models.Worker.setPassword(ctx, administrativeId, newPass, options); + await tx.rollback(); + } catch (e) { + expect(e.message).toEqual(`You don't have enough privileges.`); + await tx.rollback(); + } + }); + + it('should throw an error: Password does not meet requirements', async() => { + const tx = await models.Worker.beginTransaction({}); + const newPass = 'Hi'; + try { + const options = {transaction: tx}; + await models.Worker.setPassword(ctx, employeeId, newPass, options); await tx.rollback(); } catch (e) { expect(e.sqlMessage).toEqual('Password does not meet requirements'); await tx.rollback(); } }); - - it('should throw an error: You don\'t have enough privileges.', async() => { - ctx.req.accessToken.userId = 5; - const tx = await models.Collection.beginTransaction({}); - try { - const options = {transaction: tx}; - await models.Worker.setPassword(ctx, options); - await tx.rollback(); - } catch (e) { - expect(e).toEqual(new UserError(`You don't have enough privileges.`)); - await tx.rollback(); - } - }); }); + +const passHasBeenChanged = async(userId, pass, options) => { + const user = await models.VnUser.findById(userId, null, options); + return user.hasPassword(pass); +}; diff --git a/modules/worker/front/descriptor/index.spec.js b/modules/worker/front/descriptor/index.spec.js index d158a9e8e..4f7fa6a05 100644 --- a/modules/worker/front/descriptor/index.spec.js +++ b/modules/worker/front/descriptor/index.spec.js @@ -16,6 +16,7 @@ describe('vnWorkerDescriptor', () => { const id = 1; const response = 'foo'; + $httpBackend.whenGET('UserConfigs/getUserConfig').respond({}); $httpBackend.expectRoute('GET', `Workers/${id}`).respond(response); controller.id = id; $httpBackend.flush(); From 9e3b4e84515e832a454b161f7a12f8e63138012c Mon Sep 17 00:00:00 2001 From: carlossa Date: Mon, 19 Feb 2024 13:30:03 +0100 Subject: [PATCH 04/32] refs #6842 sql mod sage --- .../vn/triggers/invoiceOut_beforeInsert.sql | 12 +++---- db/versions/10893-limeFern/00-sage.sql | 35 +++++++++++++++++++ 2 files changed, 41 insertions(+), 6 deletions(-) create mode 100644 db/versions/10893-limeFern/00-sage.sql diff --git a/db/routines/vn/triggers/invoiceOut_beforeInsert.sql b/db/routines/vn/triggers/invoiceOut_beforeInsert.sql index 0081c8803..f3a292edd 100644 --- a/db/routines/vn/triggers/invoiceOut_beforeInsert.sql +++ b/db/routines/vn/triggers/invoiceOut_beforeInsert.sql @@ -17,16 +17,16 @@ BEGIN DECLARE vRefLen INT; DECLARE vRefPrefix VARCHAR(255); DECLARE vLastRef VARCHAR(255); - DECLARE vCompanyCode INT; + DECLARE vSage200Company INT; DECLARE vYearLen INT DEFAULT 2; DECLARE vPrefixLen INT; - SELECT companyCode INTO vCompanyCode + SELECT sage200Company INTO vSage200Company FROM company WHERE id = NEW.companyFk; - IF vCompanyCode IS NULL THEN - CALL util.throw('companyCodeNotDefined'); + IF vSage200Company IS NULL THEN + CALL util.throw('vSage200CompanyNotDefined'); END IF; SELECT MAX(i.ref) INTO vLastRef @@ -36,7 +36,7 @@ BEGIN AND i.companyFk = NEW.companyFk; IF vLastRef IS NOT NULL THEN - SET vPrefixLen = LENGTH(NEW.serial) + LENGTH(vCompanyCode) + vYearLen; + SET vPrefixLen = LENGTH(NEW.serial) + LENGTH(vSage200Company) + vYearLen; SET vRefLen = LENGTH(vLastRef) - vPrefixLen; SET vRefPrefix = LEFT(vLastRef, vPrefixLen); SET vRef = RIGHT(vLastRef, vRefLen); @@ -44,7 +44,7 @@ BEGIN SELECT refLen INTO vRefLen FROM invoiceOutConfig; SET vRefPrefix = CONCAT( NEW.serial, - vCompanyCode, + vSage200Company, RIGHT(YEAR(NEW.issued), vYearLen) ); END IF; diff --git a/db/versions/10893-limeFern/00-sage.sql b/db/versions/10893-limeFern/00-sage.sql new file mode 100644 index 000000000..049bb2993 --- /dev/null +++ b/db/versions/10893-limeFern/00-sage.sql @@ -0,0 +1,35 @@ +-- Auto-generated SQL script #202402151810 +UPDATE vn.company + SET companyGroupFk=NULL + WHERE id=69; +UPDATE vn.company + SET companyGroupFk=NULL + WHERE id=567; +UPDATE vn.company + SET companyGroupFk=NULL + WHERE id=791; +UPDATE vn.company + SET companyGroupFk=NULL + WHERE id=792; +UPDATE vn.company + SET companyGroupFk=NULL + WHERE id=965; +UPDATE vn.company + SET companyGroupFk=NULL + WHERE id=1381; +UPDATE vn.company + SET companyGroupFk=NULL + WHERE id=1463; +UPDATE vn.company + SET companyGroupFk=NULL + WHERE id=2142; +UPDATE vn.company + SET companyGroupFk=NULL + WHERE id=2292; +UPDATE vn.company + SET companyGroupFk=NULL + WHERE id=2393; +UPDATE vn.company + SET companyGroupFk=NULL + WHERE id=3869; +ALTER TABLE vn.company MODIFY COLUMN sage200Company int(2) DEFAULT NULL NULL COMMENT 'Campo para la serie InvoiceOut'; From 744dd61561af56ad76771a59612ee8ba86bc6bbc Mon Sep 17 00:00:00 2001 From: jorgep Date: Thu, 22 Feb 2024 15:42:54 +0100 Subject: [PATCH 05/32] fix: refs #6744 create setUnverifiedPassword --- loopback/locale/en.json | 3 ++- loopback/locale/es.json | 3 ++- modules/account/back/models/account.js | 11 +++++++++++ .../worker/back/methods/worker/setPassword.js | 15 ++++----------- .../methods/worker/specs/setPassword.spec.js | 18 +----------------- modules/worker/front/descriptor/index.html | 2 +- modules/worker/front/descriptor/index.js | 7 ++----- 7 files changed, 23 insertions(+), 36 deletions(-) diff --git a/loopback/locale/en.json b/loopback/locale/en.json index 2187371cd..39596467c 100644 --- a/loopback/locale/en.json +++ b/loopback/locale/en.json @@ -209,5 +209,6 @@ "You cannot update these fields": "You cannot update these fields", "CountryFK cannot be empty": "Country cannot be empty", "You are not allowed to modify the alias": "You are not allowed to modify the alias", - "You already have the mailAlias": "You already have the mailAlias" + "You already have the mailAlias": "You already have the mailAlias", + "The email has been already verified": "The email has been already verified" } diff --git a/loopback/locale/es.json b/loopback/locale/es.json index aea0c311c..d36348472 100644 --- a/loopback/locale/es.json +++ b/loopback/locale/es.json @@ -344,5 +344,6 @@ "CountryFK cannot be empty": "El país no puede estar vacío", "Cmr file does not exist": "El archivo del cmr no existe", "You are not allowed to modify the alias": "No estás autorizado a modificar el alias", - "No tickets to invoice": "No hay tickets para facturar" + "No tickets to invoice": "No hay tickets para facturar", + "The email has been already verified": "El correo ya ha sido verificado" } diff --git a/modules/account/back/models/account.js b/modules/account/back/models/account.js index 5021a5d94..7c97711d0 100644 --- a/modules/account/back/models/account.js +++ b/modules/account/back/models/account.js @@ -1,4 +1,7 @@ +const ForbiddenError = require('vn-loopback/util/forbiddenError'); +const {models} = require('vn-loopback/server/server'); + module.exports = Self => { require('../methods/account/sync')(Self); require('../methods/account/sync-by-id')(Self); @@ -7,4 +10,12 @@ module.exports = Self => { require('../methods/account/logout')(Self); require('../methods/account/change-password')(Self); require('../methods/account/set-password')(Self); + + Self.setUnverifiedPassword = async(id, pass, options) => { + const user = await models.VnUser.findById(id, null, options); + if (user.emailVerified) throw new ForbiddenError('The email has been already verified'); + + await models.VnUser.setPassword(id, pass, options); + await user.updateAttribute('emailVerified', true, options); + }; }; diff --git a/modules/worker/back/methods/worker/setPassword.js b/modules/worker/back/methods/worker/setPassword.js index 5571ea1d2..e6bdfb364 100644 --- a/modules/worker/back/methods/worker/setPassword.js +++ b/modules/worker/back/methods/worker/setPassword.js @@ -19,8 +19,7 @@ module.exports = Self => { verb: 'PATCH' } }); - Self.setPassword = async(ctx, workerId, newPass, options) => { - const userId = ctx.req.accessToken.userId; + Self.setPassword = async(ctx, id, newPass, options) => { const models = Self.app.models; const myOptions = {}; let tx; @@ -31,17 +30,11 @@ module.exports = Self => { tx = await Self.beginTransaction({}); myOptions.transaction = tx; } - try { - const isHimself = userId === workerId; - const isSubordinate = await Self.isSubordinate(ctx, workerId, myOptions); - const {emailVerified} = await models.VnUser.findById(workerId, {fields: ['emailVerified']}, myOptions); + const isSubordinate = await Self.isSubordinate(ctx, id, myOptions); + if (!isSubordinate) throw new UserError('You don\'t have enough privileges.'); - if (isHimself || (isSubordinate && !emailVerified)) { - await models.VnUser.setPassword(workerId, newPass, myOptions); - await models.VnUser.updateAll({id: workerId}, {emailVerified: true}, myOptions); - } else - throw new UserError('You don\'t have enough privileges.'); + await models.Account.setUnverifiedPassword(id, newPass, myOptions); if (tx) await tx.commit(); } catch (e) { diff --git a/modules/worker/back/methods/worker/specs/setPassword.spec.js b/modules/worker/back/methods/worker/specs/setPassword.spec.js index 0f0700561..d2daec103 100644 --- a/modules/worker/back/methods/worker/specs/setPassword.spec.js +++ b/modules/worker/back/methods/worker/specs/setPassword.spec.js @@ -42,23 +42,7 @@ describe('worker setPassword()', () => { await tx.rollback(); } catch (e) { - expect(e.message).toEqual(`You don't have enough privileges.`); - await tx.rollback(); - } - }); - - it('should change the password if it is himself', async() => { - const tx = await models.Worker.beginTransaction({}); - - try { - const options = {transaction: tx}; - await models.VnUser.updateAll({id: managerId}, {emailVerified: true}, options); - await models.Worker.setPassword(ctx, managerId, newPass, options); - const isNewPass = await passHasBeenChanged(managerId, newPass, options); - - expect(isNewPass).toBeTrue(); - await tx.rollback(); - } catch (e) { + expect(e.message).toEqual(`The email has been already verified`); await tx.rollback(); } }); diff --git a/modules/worker/front/descriptor/index.html b/modules/worker/front/descriptor/index.html index 67776ce47..73332efac 100644 --- a/modules/worker/front/descriptor/index.html +++ b/modules/worker/front/descriptor/index.html @@ -11,7 +11,7 @@ ? 'Click to allow the user to be disabled' : 'Click to exclude the user from getting disabled'}} - + Change password diff --git a/modules/worker/front/descriptor/index.js b/modules/worker/front/descriptor/index.js index 3cbeb2c55..d7962369c 100644 --- a/modules/worker/front/descriptor/index.js +++ b/modules/worker/front/descriptor/index.js @@ -5,9 +5,6 @@ class Controller extends Descriptor { constructor($element, $, $rootScope) { super($element, $); this.$rootScope = $rootScope; - - this.$http.get(`UserConfigs/getUserConfig`) - .then(res => this.userFk = res.data.userFk); } get worker() { @@ -93,11 +90,11 @@ class Controller extends Descriptor { `Workers/${this.entity.id}/setPassword`, {newPass: this.newPassword} ) .then(() => { this.vnApp.showSuccess(this.$translate.instant('Password changed!')); - }); + }).then(() => this.loadData()); } } -Controller.$inject = ['$element', '$scope', '$rootScope']; +Controller.$inject = ['$element', '$scope', '$rootScope', 'vnConfig']; ngModule.vnComponent('vnWorkerDescriptor', { template: require('./index.html'), From 3bf25e5759ce1169c83d03a1c9c46c71aebcdd38 Mon Sep 17 00:00:00 2001 From: jorgep Date: Fri, 23 Feb 2024 09:31:01 +0100 Subject: [PATCH 06/32] fix: refs #6744 locale --- loopback/locale/en.json | 2 +- loopback/locale/es.json | 2 +- modules/account/back/models/account.js | 2 +- modules/worker/back/methods/worker/specs/setPassword.spec.js | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/loopback/locale/en.json b/loopback/locale/en.json index 39596467c..efcf0ef31 100644 --- a/loopback/locale/en.json +++ b/loopback/locale/en.json @@ -210,5 +210,5 @@ "CountryFK cannot be empty": "Country cannot be empty", "You are not allowed to modify the alias": "You are not allowed to modify the alias", "You already have the mailAlias": "You already have the mailAlias", - "The email has been already verified": "The email has been already verified" + "This password can only be changed by the user themselves": "This password can only be changed by the user themselves" } diff --git a/loopback/locale/es.json b/loopback/locale/es.json index d36348472..64832553b 100644 --- a/loopback/locale/es.json +++ b/loopback/locale/es.json @@ -345,5 +345,5 @@ "Cmr file does not exist": "El archivo del cmr no existe", "You are not allowed to modify the alias": "No estás autorizado a modificar el alias", "No tickets to invoice": "No hay tickets para facturar", - "The email has been already verified": "El correo ya ha sido verificado" + "This password can only be changed by the user themselves": "Esta contraseña solo puede ser modificada por el propio usuario" } diff --git a/modules/account/back/models/account.js b/modules/account/back/models/account.js index 7c97711d0..dd04182f6 100644 --- a/modules/account/back/models/account.js +++ b/modules/account/back/models/account.js @@ -13,7 +13,7 @@ module.exports = Self => { Self.setUnverifiedPassword = async(id, pass, options) => { const user = await models.VnUser.findById(id, null, options); - if (user.emailVerified) throw new ForbiddenError('The email has been already verified'); + if (user.emailVerified) throw new ForbiddenError('This password can only be changed by the user themselves'); await models.VnUser.setPassword(id, pass, options); await user.updateAttribute('emailVerified', true, options); diff --git a/modules/worker/back/methods/worker/specs/setPassword.spec.js b/modules/worker/back/methods/worker/specs/setPassword.spec.js index d2daec103..03cbee03b 100644 --- a/modules/worker/back/methods/worker/specs/setPassword.spec.js +++ b/modules/worker/back/methods/worker/specs/setPassword.spec.js @@ -42,7 +42,7 @@ describe('worker setPassword()', () => { await tx.rollback(); } catch (e) { - expect(e.message).toEqual(`The email has been already verified`); + expect(e.message).toEqual(`This password can only be changed by the user themselves`); await tx.rollback(); } }); From a078de95210a4e99aba1cffea2050761312d0445 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Mon, 26 Feb 2024 06:51:19 +0100 Subject: [PATCH 07/32] refs #6930 feat: return multimediaToken when login --- back/models/vn-user.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/back/models/vn-user.js b/back/models/vn-user.js index 3a416d7e3..e1bce7c06 100644 --- a/back/models/vn-user.js +++ b/back/models/vn-user.js @@ -167,7 +167,11 @@ module.exports = function(Self) { console.warn(err); } - return {token: token.id, ttl: token.ttl}; + const multimediaToken = await token.user().accessTokens.create({ + scopes: ['read:multimedia'] + }); + + return {token: token.id, ttl: token.ttl, multimediaToken}; }; Self.userUses = function(user) { From ae0ce8e49a7dec0e6cc7cdef044852f107a5fd3b Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Mon, 26 Feb 2024 06:53:30 +0100 Subject: [PATCH 08/32] refs #6930 feat: use tokenMultimedia intead tokenUser --- front/core/services/auth.js | 2 +- front/core/services/token.js | 15 ++++++++++----- front/salix/components/layout/index.js | 3 +-- front/salix/components/log/index.html | 4 ++-- front/salix/module.js | 2 +- modules/client/front/balance/index/index.html | 2 +- .../invoiceOut/front/descriptor-menu/index.html | 2 +- modules/invoiceOut/front/index/index.js | 2 +- modules/route/front/index/index.js | 2 +- 9 files changed, 19 insertions(+), 15 deletions(-) diff --git a/front/core/services/auth.js b/front/core/services/auth.js index 844a5145d..0253eb3c3 100644 --- a/front/core/services/auth.js +++ b/front/core/services/auth.js @@ -83,7 +83,7 @@ export default class Auth { } onLoginOk(json, now, remember) { - this.vnToken.set(json.data.token, now, json.data.ttl, remember); + this.vnToken.set(json.data.token, json.data.multimediaToken.id, now, json.data.ttl, remember); return this.loadAcls().then(() => { let continueHash = this.$state.params.continue; diff --git a/front/core/services/token.js b/front/core/services/token.js index c8cb4f6bb..125de6b9a 100644 --- a/front/core/services/token.js +++ b/front/core/services/token.js @@ -24,21 +24,22 @@ export default class Token { } catch (e) {} } - set(token, created, ttl, remember) { + set(token, tokenMultimedia, created, ttl, remember) { this.unset(); Object.assign(this, { token, + tokenMultimedia, created, ttl, remember }); - this.vnInterceptor.setToken(token); + this.vnInterceptor.setToken(token, tokenMultimedia); try { if (remember) - this.setStorage(localStorage, token, created, ttl); + this.setStorage(localStorage, token, tokenMultimedia, created, ttl); else - this.setStorage(sessionStorage, token, created, ttl); + this.setStorage(sessionStorage, token, tokenMultimedia, created, ttl); } catch (err) { console.error(err); } @@ -46,6 +47,7 @@ export default class Token { unset() { this.token = null; + this.tokenMultimedia = null; this.created = null; this.ttl = null; this.remember = null; @@ -57,13 +59,15 @@ export default class Token { getStorage(storage) { this.token = storage.getItem('vnToken'); + this.tokenMultimedia = storage.getItem('vnTokenMultimedia'); if (!this.token) return; const created = storage.getItem('vnTokenCreated'); this.created = created && new Date(created); this.ttl = storage.getItem('vnTokenTtl'); } - setStorage(storage, token, created, ttl) { + setStorage(storage, token, tokenMultimedia, created, ttl) { + storage.setItem('vnTokenMultimedia', tokenMultimedia); storage.setItem('vnToken', token); storage.setItem('vnTokenCreated', created.toJSON()); storage.setItem('vnTokenTtl', ttl); @@ -71,6 +75,7 @@ export default class Token { removeStorage(storage) { storage.removeItem('vnToken'); + storage.removeItem('vnTokenMultimedia'); storage.removeItem('vnTokenCreated'); storage.removeItem('vnTokenTtl'); } diff --git a/front/salix/components/layout/index.js b/front/salix/components/layout/index.js index 89912d4e3..e935c6d99 100644 --- a/front/salix/components/layout/index.js +++ b/front/salix/components/layout/index.js @@ -23,8 +23,7 @@ export class Layout extends Component { if (!this.$.$root.user) return; const userId = this.$.$root.user.id; - const token = this.vnToken.token; - return `/api/Images/user/160x160/${userId}/download?access_token=${token}`; + return `/api/Images/user/160x160/${userId}/download?access_token=${this.vnToken.tokenMultimedia}`; } refresh() { diff --git a/front/salix/components/log/index.html b/front/salix/components/log/index.html index c75030100..a3aaf0011 100644 --- a/front/salix/components/log/index.html +++ b/front/salix/components/log/index.html @@ -31,7 +31,7 @@ ng-click="$ctrl.showDescriptor($event, userLog)"> + ng-src="/api/Images/user/160x160/{{::userLog.userFk}}/download?access_token={{::$ctrl.vnToken.tokenMultimedia}}"> @@ -181,7 +181,7 @@ val="{{::nickname}}"> + ng-src="/api/Images/user/160x160/{{::id}}/download?access_token={{::$ctrl.vnToken.tokenMultimedia}}">
diff --git a/front/salix/module.js b/front/salix/module.js index 0ce855308..53b718427 100644 --- a/front/salix/module.js +++ b/front/salix/module.js @@ -13,7 +13,7 @@ export function run($window, $rootScope, vnAuth, vnApp, vnToken, $state) { if (!collection || !size || !id) return; const basePath = `/api/Images/${collection}/${size}/${id}`; - return `${basePath}/download?access_token=${vnToken.token}`; + return `${basePath}/download?access_token=${vnToken.tokenMultimedia}`; }; $window.validations = {}; diff --git a/modules/client/front/balance/index/index.html b/modules/client/front/balance/index/index.html index faf772c2d..34524d2f3 100644 --- a/modules/client/front/balance/index/index.html +++ b/modules/client/front/balance/index/index.html @@ -114,7 +114,7 @@ + href="api/InvoiceOuts/{{::balance.id}}/download?access_token={{::$ctrl.vnToken.tokenMultimedia}}"> diff --git a/modules/invoiceOut/front/descriptor-menu/index.html b/modules/invoiceOut/front/descriptor-menu/index.html index 435db3612..e26650e10 100644 --- a/modules/invoiceOut/front/descriptor-menu/index.html +++ b/modules/invoiceOut/front/descriptor-menu/index.html @@ -37,7 +37,7 @@ diff --git a/modules/invoiceOut/front/index/index.js b/modules/invoiceOut/front/index/index.js index 2cde3c940..403c51d58 100644 --- a/modules/invoiceOut/front/index/index.js +++ b/modules/invoiceOut/front/index/index.js @@ -25,7 +25,7 @@ export default class Controller extends Section { openPdf() { if (this.checked.length <= 1) { const [invoiceOutId] = this.checked; - const url = `api/InvoiceOuts/${invoiceOutId}/download?access_token=${this.vnToken.token}`; + const url = `api/InvoiceOuts/${invoiceOutId}/download?access_token=${this.vnToken.tokenMultimedia}`; window.open(url, '_blank'); } else { const invoiceOutIds = this.checked; diff --git a/modules/route/front/index/index.js b/modules/route/front/index/index.js index 7c19a26cd..0c5dfe7f3 100644 --- a/modules/route/front/index/index.js +++ b/modules/route/front/index/index.js @@ -40,7 +40,7 @@ export default class Controller extends Section { const stringRoutesIds = routesIds.join(','); if (this.checked.length <= 1) { - const url = `api/Routes/${stringRoutesIds}/driver-route-pdf?access_token=${this.vnToken.token}`; + const url = `api/Routes/${stringRoutesIds}/driver-route-pdf?access_token=${this.vnToken.tokenMultimedia}`; window.open(url, '_blank'); } else { const serializedParams = this.$httpParamSerializer({ From 04086e37eeffe433d0ed26a85d7c78ab8eb80330 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Mon, 26 Feb 2024 06:57:17 +0100 Subject: [PATCH 09/32] refs #6930 feat: add accessScopes: ['read:multimedia'] forEarch method --- back/methods/dms/downloadFile.js | 3 ++- back/methods/docuware/download.js | 3 ++- back/methods/image/download.js | 3 ++- modules/claim/back/methods/claim/downloadFile.js | 3 ++- modules/invoiceOut/back/methods/invoiceOut/download.js | 3 ++- modules/invoiceOut/back/methods/invoiceOut/downloadZip.js | 3 ++- modules/item/back/methods/item-image-queue/download.js | 1 + modules/route/back/methods/route/downloadCmrsZip.js | 3 ++- modules/route/back/methods/route/downloadZip.js | 3 ++- modules/route/back/methods/route/driverRoutePdf.js | 4 +++- modules/worker/back/methods/worker-dms/downloadFile.js | 3 ++- 11 files changed, 22 insertions(+), 10 deletions(-) diff --git a/back/methods/dms/downloadFile.js b/back/methods/dms/downloadFile.js index 1b9150053..d64b15b70 100644 --- a/back/methods/dms/downloadFile.js +++ b/back/methods/dms/downloadFile.js @@ -29,7 +29,8 @@ module.exports = Self => { http: { path: `/:id/downloadFile`, verb: 'GET' - } + }, + accessScopes: ['read:multimedia'] }); Self.downloadFile = async function(ctx, id) { diff --git a/back/methods/docuware/download.js b/back/methods/docuware/download.js index a0d72ce01..a1776cde5 100644 --- a/back/methods/docuware/download.js +++ b/back/methods/docuware/download.js @@ -42,7 +42,8 @@ module.exports = Self => { http: { path: `/:id/download`, verb: 'GET' - } + }, + accessScopes: ['read:multimedia'] }); Self.download = async function(id, fileCabinet, filter) { diff --git a/back/methods/image/download.js b/back/methods/image/download.js index 2b1a4b546..201e16164 100644 --- a/back/methods/image/download.js +++ b/back/methods/image/download.js @@ -47,7 +47,8 @@ module.exports = Self => { http: { path: `/:collection/:size/:id/download`, verb: 'GET' - } + }, + accessScopes: ['read:multimedia'] }); Self.download = async function(ctx, collection, size, id) { diff --git a/modules/claim/back/methods/claim/downloadFile.js b/modules/claim/back/methods/claim/downloadFile.js index 750356b0b..61784f39e 100644 --- a/modules/claim/back/methods/claim/downloadFile.js +++ b/modules/claim/back/methods/claim/downloadFile.js @@ -32,7 +32,8 @@ module.exports = Self => { http: { path: `/:id/downloadFile`, verb: 'GET' - } + }, + accessScopes: ['read:multimedia'] }); Self.downloadFile = async function(ctx, id) { diff --git a/modules/invoiceOut/back/methods/invoiceOut/download.js b/modules/invoiceOut/back/methods/invoiceOut/download.js index 4c76f7c07..cb71121d5 100644 --- a/modules/invoiceOut/back/methods/invoiceOut/download.js +++ b/modules/invoiceOut/back/methods/invoiceOut/download.js @@ -31,7 +31,8 @@ module.exports = Self => { http: { path: '/:id/download', verb: 'GET' - } + }, + accessScopes: ['read:multimedia'] }); Self.download = async function(ctx, id, options) { diff --git a/modules/invoiceOut/back/methods/invoiceOut/downloadZip.js b/modules/invoiceOut/back/methods/invoiceOut/downloadZip.js index fe005f1ab..4f2a8aab3 100644 --- a/modules/invoiceOut/back/methods/invoiceOut/downloadZip.js +++ b/modules/invoiceOut/back/methods/invoiceOut/downloadZip.js @@ -31,7 +31,8 @@ module.exports = Self => { http: { path: '/downloadZip', verb: 'GET' - } + }, + accessScopes: ['read:multimedia'] }); Self.downloadZip = async function(ctx, ids, options) { diff --git a/modules/item/back/methods/item-image-queue/download.js b/modules/item/back/methods/item-image-queue/download.js index eb952daa4..e1bc248ae 100644 --- a/modules/item/back/methods/item-image-queue/download.js +++ b/modules/item/back/methods/item-image-queue/download.js @@ -11,6 +11,7 @@ module.exports = Self => { path: `/download`, verb: 'POST', }, + accessScopes: ['read:multimedia'] }); Self.download = async() => { diff --git a/modules/route/back/methods/route/downloadCmrsZip.js b/modules/route/back/methods/route/downloadCmrsZip.js index 58445f6f1..43f6e9648 100644 --- a/modules/route/back/methods/route/downloadCmrsZip.js +++ b/modules/route/back/methods/route/downloadCmrsZip.js @@ -29,7 +29,8 @@ module.exports = Self => { http: { path: '/downloadCmrsZip', verb: 'GET' - } + }, + accessScopes: ['read:multimedia'] }); Self.downloadCmrsZip = async function(ctx, ids, options) { diff --git a/modules/route/back/methods/route/downloadZip.js b/modules/route/back/methods/route/downloadZip.js index 597f1d1f6..d7fc30aa3 100644 --- a/modules/route/back/methods/route/downloadZip.js +++ b/modules/route/back/methods/route/downloadZip.js @@ -29,7 +29,8 @@ module.exports = Self => { http: { path: '/downloadZip', verb: 'GET' - } + }, + accessScopes: ['read:multimedia'] }); Self.downloadZip = async function(ctx, id, options) { diff --git a/modules/route/back/methods/route/driverRoutePdf.js b/modules/route/back/methods/route/driverRoutePdf.js index f0cd75f0e..e7b4dee17 100644 --- a/modules/route/back/methods/route/driverRoutePdf.js +++ b/modules/route/back/methods/route/driverRoutePdf.js @@ -34,7 +34,9 @@ module.exports = Self => { http: { path: '/:id/driver-route-pdf', verb: 'GET' - } + }, + accessScopes: ['read:multimedia'] + }); Self.driverRoutePdf = (ctx, id) => Self.printReport(ctx, id, 'driver-route'); diff --git a/modules/worker/back/methods/worker-dms/downloadFile.js b/modules/worker/back/methods/worker-dms/downloadFile.js index cc8653e0e..08fbcf924 100644 --- a/modules/worker/back/methods/worker-dms/downloadFile.js +++ b/modules/worker/back/methods/worker-dms/downloadFile.js @@ -29,7 +29,8 @@ module.exports = Self => { http: { path: `/:id/downloadFile`, verb: 'GET' - } + }, + accessScopes: ['read:multimedia'] }); Self.downloadFile = async function(ctx, id) { From f2ad06918692e3a1474f10660d8ea31e720d224d Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Tue, 27 Feb 2024 14:26:54 +0100 Subject: [PATCH 10/32] refs 6930 feat: get multimediaToken from new method --- back/methods/vn-user/share-token.js | 27 ++ .../methods/vn-user/specs/share-token.spec.js | 27 ++ back/models/vn-user.js | 7 +- back/models/vn-user.json | 247 +++++++++--------- front/core/services/auth.js | 21 +- 5 files changed, 197 insertions(+), 132 deletions(-) create mode 100644 back/methods/vn-user/share-token.js create mode 100644 back/methods/vn-user/specs/share-token.spec.js diff --git a/back/methods/vn-user/share-token.js b/back/methods/vn-user/share-token.js new file mode 100644 index 000000000..8efa22db4 --- /dev/null +++ b/back/methods/vn-user/share-token.js @@ -0,0 +1,27 @@ + +module.exports = Self => { + Self.remoteMethodCtx('shareToken', { + description: 'Returns token to view files or images and share it', + accessType: 'WRITE', + accepts: [], + returns: { + type: 'Object', + root: true + }, + http: { + path: `/shareToken`, + verb: 'GET' + } + }); + + Self.shareToken = async function(ctx) { + const {accessToken: token} = ctx.req; + + const user = await Self.findById(token.userId); + const multimediaToken = await user.accessTokens.create({ + scopes: ['read:multimedia'] + }); + + return {multimediaToken}; + }; +}; diff --git a/back/methods/vn-user/specs/share-token.spec.js b/back/methods/vn-user/specs/share-token.spec.js new file mode 100644 index 000000000..4d113f10a --- /dev/null +++ b/back/methods/vn-user/specs/share-token.spec.js @@ -0,0 +1,27 @@ +const {models} = require('vn-loopback/server/server'); +fdescribe('Share Token', () => { + let ctx = null; + beforeAll(async() => { + const unAuthCtx = { + req: { + headers: {}, + connection: { + remoteAddress: '127.0.0.1' + }, + getLocale: () => 'en' + }, + args: {} + }; + let login = await models.VnUser.signIn(unAuthCtx, 'salesAssistant', 'nightmare'); + let accessToken = await models.AccessToken.findById(login.token); + ctx = {req: {accessToken: accessToken}}; + }); + + it('should renew token', async() => { + const multimediaToken = await models.VnUser.shareToken(ctx); + + expect(Object.keys(multimediaToken).length).toEqual(1); + expect(multimediaToken.multimediaToken.userId).toEqual(ctx.req.accessToken.userId); + expect(multimediaToken.multimediaToken.scopes[0]).toEqual('read:multimedia'); + }); +}); diff --git a/back/models/vn-user.js b/back/models/vn-user.js index e1bce7c06..b59f13ffa 100644 --- a/back/models/vn-user.js +++ b/back/models/vn-user.js @@ -13,6 +13,7 @@ module.exports = function(Self) { require('../methods/vn-user/privileges')(Self); require('../methods/vn-user/validate-auth')(Self); require('../methods/vn-user/renew-token')(Self); + require('../methods/vn-user/share-token')(Self); require('../methods/vn-user/update-user')(Self); Self.definition.settings.acls = Self.definition.settings.acls.filter(acl => acl.property !== 'create'); @@ -167,11 +168,7 @@ module.exports = function(Self) { console.warn(err); } - const multimediaToken = await token.user().accessTokens.create({ - scopes: ['read:multimedia'] - }); - - return {token: token.id, ttl: token.ttl, multimediaToken}; + return {token: token.id, ttl: token.ttl}; }; Self.userUses = function(user) { diff --git a/back/models/vn-user.json b/back/models/vn-user.json index 639603643..5f6ac3f47 100644 --- a/back/models/vn-user.json +++ b/back/models/vn-user.json @@ -1,129 +1,140 @@ { - "name": "VnUser", - "base": "User", - "validateUpsert": true, - "options": { - "mysql": { - "table": "account.user" - } - }, + "name": "VnUser", + "base": "User", + "validateUpsert": true, + "options": { + "mysql": { + "table": "account.user" + } + }, "mixins": { "Loggable": true }, "resetPasswordTokenTTL": "604800", - "properties": { - "id": { - "type": "number", - "id": true - }, + "properties": { + "id": { + "type": "number", + "id": true + }, "name": { - "type": "string", - "required": true - }, - "username": { - "type": "string" - }, - "roleFk": { - "type": "number", - "mysql": { - "columnName": "role" - } - }, - "nickname": { - "type": "string" - }, - "lang": { - "type": "string" - }, - "active": { - "type": "boolean" - }, - "email": { - "type": "string" - }, - "emailVerified": { - "type": "boolean" - }, - "created": { - "type": "date" - }, - "updated": { - "type": "date" - }, - "image": { - "type": "string" - }, - "hasGrant": { - "type": "boolean" - }, + "type": "string", + "required": true + }, + "username": { + "type": "string" + }, + "roleFk": { + "type": "number", + "mysql": { + "columnName": "role" + } + }, + "nickname": { + "type": "string" + }, + "lang": { + "type": "string" + }, + "active": { + "type": "boolean" + }, + "email": { + "type": "string" + }, + "emailVerified": { + "type": "boolean" + }, + "created": { + "type": "date" + }, + "updated": { + "type": "date" + }, + "image": { + "type": "string" + }, + "hasGrant": { + "type": "boolean" + }, "passExpired": { "type": "date" }, - "twoFactor": { - "type": "string" - } - }, - "relations": { - "role": { - "type": "belongsTo", - "model": "VnRole", - "foreignKey": "roleFk" - }, - "roles": { - "type": "hasMany", - "model": "RoleRole", - "foreignKey": "role", - "primaryKey": "roleFk" - }, - "emailUser": { - "type": "hasOne", - "model": "EmailUser", - "foreignKey": "userFk" - }, - "worker": { - "type": "hasOne", - "model": "Worker", - "foreignKey": "id" - }, - "userConfig": { - "type": "hasOne", - "model": "UserConfig", - "foreignKey": "userFk" - } - }, - "acls": [ - { - "property": "signIn", - "accessType": "EXECUTE", - "principalType": "ROLE", - "principalId": "$everyone", - "permission": "ALLOW" - }, { - "property": "recoverPassword", - "accessType": "EXECUTE", - "principalType": "ROLE", - "principalId": "$everyone", - "permission": "ALLOW" - }, { - "property": "validateAuth", - "accessType": "EXECUTE", - "principalType": "ROLE", - "principalId": "$everyone", - "permission": "ALLOW" - }, { - "property": "privileges", - "accessType": "*", - "principalType": "ROLE", - "principalId": "$authenticated", - "permission": "ALLOW" - }, { - "property": "renewToken", - "accessType": "WRITE", - "principalType": "ROLE", - "principalId": "$authenticated", - "permission": "ALLOW" - } - ], + "twoFactor": { + "type": "string" + } + }, + "relations": { + "role": { + "type": "belongsTo", + "model": "VnRole", + "foreignKey": "roleFk" + }, + "roles": { + "type": "hasMany", + "model": "RoleRole", + "foreignKey": "role", + "primaryKey": "roleFk" + }, + "emailUser": { + "type": "hasOne", + "model": "EmailUser", + "foreignKey": "userFk" + }, + "worker": { + "type": "hasOne", + "model": "Worker", + "foreignKey": "id" + }, + "userConfig": { + "type": "hasOne", + "model": "UserConfig", + "foreignKey": "userFk" + } + }, + "acls": [ + { + "property": "signIn", + "accessType": "EXECUTE", + "principalType": "ROLE", + "principalId": "$everyone", + "permission": "ALLOW" + }, + { + "property": "recoverPassword", + "accessType": "EXECUTE", + "principalType": "ROLE", + "principalId": "$everyone", + "permission": "ALLOW" + }, + { + "property": "validateAuth", + "accessType": "EXECUTE", + "principalType": "ROLE", + "principalId": "$everyone", + "permission": "ALLOW" + }, + { + "property": "privileges", + "accessType": "*", + "principalType": "ROLE", + "principalId": "$authenticated", + "permission": "ALLOW" + }, + { + "property": "renewToken", + "accessType": "WRITE", + "principalType": "ROLE", + "principalId": "$authenticated", + "permission": "ALLOW" + }, + { + "property": "shareToken", + "accessType": "WRITE", + "principalType": "ROLE", + "principalId": "$authenticated", + "permission": "ALLOW" + } + ], "scopes": { "preview": { "fields": [ @@ -140,7 +151,7 @@ "hasGrant", "realm", "email", - "emailVerified" + "emailVerified" ] } } diff --git a/front/core/services/auth.js b/front/core/services/auth.js index 0253eb3c3..a734e076e 100644 --- a/front/core/services/auth.js +++ b/front/core/services/auth.js @@ -83,15 +83,18 @@ export default class Auth { } onLoginOk(json, now, remember) { - this.vnToken.set(json.data.token, json.data.multimediaToken.id, now, json.data.ttl, remember); - - return this.loadAcls().then(() => { - let continueHash = this.$state.params.continue; - if (continueHash) - this.$window.location = continueHash; - else - this.$state.go('home'); - }); + return this.$http.get('VnUsers/ShareToken', { + headers: {Authorization: json.data.token} + }).then(({data}) => { + this.vnToken.set(json.data.token, data.multimediaToken.id, now, json.data.ttl, remember); + this.loadAcls().then(() => { + let continueHash = this.$state.params.continue; + if (continueHash) + this.$window.location = continueHash; + else + this.$state.go('home'); + }); + }).catch(() => {}); } logout() { From fdc5ea244f93b9cfb62d98b964fc45e33d11ef04 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Wed, 28 Feb 2024 10:43:07 +0100 Subject: [PATCH 11/32] refs 6930 feat: implements logout in front side --- front/core/services/auth.js | 23 +++++++++++++---------- front/core/services/interceptor.js | 2 +- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/front/core/services/auth.js b/front/core/services/auth.js index a734e076e..e51a2ff12 100644 --- a/front/core/services/auth.js +++ b/front/core/services/auth.js @@ -98,17 +98,20 @@ export default class Auth { } logout() { - let promise = this.$http.post('VnUsers/logout', null, { - headers: {Authorization: this.vnToken.token} - }).catch(() => {}); + this.$http.post('VnUsers/logoutMultimedia', null, {headers: {'Authorization': this.vnToken.tokenMultimedia}, + }).then(({data}) => { + if (data) { + this.$http.post('VnUsers/logout', null, { + headers: {Authorization: this.vnToken.token} + }).catch(() => {}); - this.vnToken.unset(); - this.loggedIn = false; - this.vnModules.reset(); - this.aclService.reset(); - this.$state.go('login'); - - return promise; + this.vnToken.unset(); + this.loggedIn = false; + this.vnModules.reset(); + this.aclService.reset(); + this.$state.go('login'); + } + }); } loadAcls() { diff --git a/front/core/services/interceptor.js b/front/core/services/interceptor.js index 0c3253c69..90d813ed4 100644 --- a/front/core/services/interceptor.js +++ b/front/core/services/interceptor.js @@ -19,7 +19,7 @@ function interceptor($q, vnApp, $translate) { if (config.url.charAt(0) !== '/' && apiPath) config.url = `${apiPath}${config.url}`; - if (token) + if (token && !config.headers.Authorization) config.headers.Authorization = token; if ($translate.use()) config.headers['Accept-Language'] = $translate.use(); From 23b3fb81f9989480f9146fe8b937726950db3697 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Wed, 28 Feb 2024 10:43:19 +0100 Subject: [PATCH 12/32] refs 6930 feat: implements logout remoteMethod --- back/models/vn-user.js | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/back/models/vn-user.js b/back/models/vn-user.js index b59f13ffa..473e619db 100644 --- a/back/models/vn-user.js +++ b/back/models/vn-user.js @@ -31,6 +31,32 @@ module.exports = function(Self) { message: `A client with that Web User name already exists` }); + Self.remoteMethod('logoutMultimedia', { + description: 'Logout current MultimediaToken', + accepts: [{ + arg: 'ctx', + type: 'Object', + http: {source: 'context'} + }], + returns: { + type: 'Boolean', + root: true + }, + http: { + verb: 'POST', + path: '/logoutMultimedia' + }, + accessScopes: ['read:multimedia'] + }); + Self.logoutMultimedia = async function(ctx) { + let {accessToken} = ctx.req; + try { + Self.logout(accessToken.id); + return true; + } catch (error) { + return error; + } + }; Self.remoteMethod('getCurrentUserData', { description: 'Gets the current user data', accepts: [ From a06a59341250eb18ce7aae81ee1459e10cab8998 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Wed, 28 Feb 2024 10:55:36 +0100 Subject: [PATCH 13/32] refs 6930 feat: ACL --- db/versions/10919-brownMoss/00-firstScript.sql | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 db/versions/10919-brownMoss/00-firstScript.sql diff --git a/db/versions/10919-brownMoss/00-firstScript.sql b/db/versions/10919-brownMoss/00-firstScript.sql new file mode 100644 index 000000000..da10027e0 --- /dev/null +++ b/db/versions/10919-brownMoss/00-firstScript.sql @@ -0,0 +1,4 @@ +-- Place your SQL code here + +INSERT IGNORE INTO `salix`.`ACL`(`model`,`property`,`accessType`,`permission`, `principalType`, `principalId`) +VALUES(VnUser,logoutMultimedia,*,ALLOW,ROLE,employee) From 1d1d950e4b543d02604bca6db5afbaeb2cce0f34 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Wed, 28 Feb 2024 11:57:00 +0100 Subject: [PATCH 14/32] refs 6930 feat: ACL --- db/versions/10919-brownMoss/00-firstScript.sql | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/db/versions/10919-brownMoss/00-firstScript.sql b/db/versions/10919-brownMoss/00-firstScript.sql index da10027e0..a6abdbe79 100644 --- a/db/versions/10919-brownMoss/00-firstScript.sql +++ b/db/versions/10919-brownMoss/00-firstScript.sql @@ -1,4 +1,5 @@ -- Place your SQL code here INSERT IGNORE INTO `salix`.`ACL`(`model`,`property`,`accessType`,`permission`, `principalType`, `principalId`) -VALUES(VnUser,logoutMultimedia,*,ALLOW,ROLE,employee) +VALUES +('VnUser','logoutMultimedia','*','ALLOW','ROLE','employee') From 5ee9c2b01ef4d5f2d2b43ae23b7bd66524dbe286 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Thu, 29 Feb 2024 07:40:20 +0100 Subject: [PATCH 15/32] refs #6930 fix: revert fdescribe --- back/methods/vn-user/specs/share-token.spec.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/back/methods/vn-user/specs/share-token.spec.js b/back/methods/vn-user/specs/share-token.spec.js index 4d113f10a..aaa83817c 100644 --- a/back/methods/vn-user/specs/share-token.spec.js +++ b/back/methods/vn-user/specs/share-token.spec.js @@ -1,5 +1,5 @@ const {models} = require('vn-loopback/server/server'); -fdescribe('Share Token', () => { +describe('Share Token', () => { let ctx = null; beforeAll(async() => { const unAuthCtx = { From c79bdeb3f4bfc3379222552c605b7d2f5ccdc302 Mon Sep 17 00:00:00 2001 From: jorgep Date: Thu, 29 Feb 2024 13:41:27 +0100 Subject: [PATCH 16/32] fix: refs #6744 drop to set emailVerified --- modules/account/back/models/account.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/account/back/models/account.js b/modules/account/back/models/account.js index dd04182f6..ceb26053c 100644 --- a/modules/account/back/models/account.js +++ b/modules/account/back/models/account.js @@ -12,10 +12,9 @@ module.exports = Self => { require('../methods/account/set-password')(Self); Self.setUnverifiedPassword = async(id, pass, options) => { - const user = await models.VnUser.findById(id, null, options); - if (user.emailVerified) throw new ForbiddenError('This password can only be changed by the user themselves'); + const {emailVerified} = await models.VnUser.findById(id, {fields: ['emailVerified']}, options); + if (emailVerified) throw new ForbiddenError('This password can only be changed by the user themselves'); await models.VnUser.setPassword(id, pass, options); - await user.updateAttribute('emailVerified', true, options); }; }; From b9e774cea04f2d0d8e311b29e54119697d13320f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Andr=C3=A9s?= Date: Fri, 1 Mar 2024 14:26:36 +0100 Subject: [PATCH 17/32] feat: restricciones AWB para travel y entry refs #6960 --- db/dump/fixtures.before.sql | 4 +-- .../vn/functions/travel_hasUniqueAwb.sql | 28 +++++++++++++++++++ .../vn/triggers/entry_beforeInsert.sql | 4 ++- .../vn/triggers/entry_beforeUpdate.sql | 6 ++++ .../vn/triggers/travel_afterUpdate.sql | 6 +++- .../vn/triggers/travel_beforeInsert.sql | 4 +++ 6 files changed, 48 insertions(+), 4 deletions(-) create mode 100644 db/routines/vn/functions/travel_hasUniqueAwb.sql diff --git a/db/dump/fixtures.before.sql b/db/dump/fixtures.before.sql index 094b956af..4d8c0bfc2 100644 --- a/db/dump/fixtures.before.sql +++ b/db/dump/fixtures.before.sql @@ -1489,8 +1489,8 @@ INSERT INTO `bs`.`waste`(`buyer`, `year`, `week`, `family`, `itemFk`, `itemTypeF INSERT INTO `vn`.`buy`(`id`,`entryFk`,`itemFk`,`buyingValue`,`quantity`,`packagingFk`,`stickers`,`freightValue`,`packageValue`,`comissionValue`,`packing`,`grouping`,`groupingMode`,`location`,`price1`,`price2`,`price3`, `printedStickers`,`isChecked`,`isIgnored`,`weight`, `created`) VALUES - (1, 1, 1, 50, 5000, 4, 1, 1.500, 1.500, 0.000, 1, 1, 1, NULL, 0.00, 99.6, 99.4, 0, 1, 0, 1, DATE_ADD(util.VN_CURDATE(), INTERVAL -2 MONTH)), - (2, 2, 1, 50, 100, 4, 1, 1.500, 1.500, 0.000, 1, 1, 1, NULL, 0.00, 99.6, 99.4, 0, 1, 0, 1, DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH)), + (1, 1, 1, 50, 5000, 4, 1, 1.500, 1.500, 0.000, 1, 1, 1, NULL, 0.00, 99.6, 99.4, 0, 1, 0, 1, util.VN_CURDATE() - INTERVAL 2 MONTH), + (2, 2, 1, 50, 100, 4, 1, 1.500, 1.500, 0.000, 1, 1, 1, NULL, 0.00, 99.6, 99.4, 0, 1, 0, 1, util.VN_CURDATE() - INTERVAL 1 MONTH), (3, 3, 1, 50, 100, 4, 1, 1.500, 1.500, 0.000, 1, 1, 0, NULL, 0.00, 99.6, 99.4, 0, 1, 0, 1, util.VN_CURDATE()), (4, 2, 2, 5, 450, 3, 1, 1.000, 1.000, 0.000, 10, 10, 0, NULL, 0.00, 7.30, 7.00, 0, 1, 0, 2.5, util.VN_CURDATE()), (5, 3, 3, 55, 500, 5, 1, 1.000, 1.000, 0.000, 1, 1, 0, NULL, 0.00, 78.3, 75.6, 0, 1, 0, 2.5, util.VN_CURDATE()), diff --git a/db/routines/vn/functions/travel_hasUniqueAwb.sql b/db/routines/vn/functions/travel_hasUniqueAwb.sql new file mode 100644 index 000000000..e918f1a26 --- /dev/null +++ b/db/routines/vn/functions/travel_hasUniqueAwb.sql @@ -0,0 +1,28 @@ +DELIMITER $$ +CREATE OR REPLACE DEFINER=`root`@`localhost` FUNCTION `vn`.`travel_hasUniqueAwb`( + vSelf INT +) + RETURNS BOOL + READS SQL DATA +BEGIN +/** + * Comprueba que el travel pasado tiene un AWB lógico, + * no se pueden tener varios AWB asociados al mismo DUA + * + * @param vSelf Id del travel + */ + DECLARE vHasUniqueAwb BOOL DEFAULT TRUE; + + SELECT NOT COUNT(t2.awbFk) INTO vHasUniqueAwb + FROM entry e + JOIN travel t ON t.id = e.travelFk + JOIN duaEntry de ON de.entryFk = e.id + JOIN duaEntry de2 ON de2.duaFk = de.duaFk + JOIN entry e2 ON e2.id = de2.entryFk + JOIN travel t2 ON t2.id = e2.travelFk + WHERE t.id = vSelf + AND t2.awbFk <> t.awbFk; + + RETURN vHasUniqueAwb; +END$$ +DELIMITER ; diff --git a/db/routines/vn/triggers/entry_beforeInsert.sql b/db/routines/vn/triggers/entry_beforeInsert.sql index f475630db..a5fe1d126 100644 --- a/db/routines/vn/triggers/entry_beforeInsert.sql +++ b/db/routines/vn/triggers/entry_beforeInsert.sql @@ -7,6 +7,8 @@ BEGIN CALL supplier_checkIsActive(NEW.supplierFk); SET NEW.currencyFk = entry_getCurrency(NEW.currencyFk, NEW.supplierFk); SET NEW.commission = entry_getCommission(NEW.travelFk, NEW.currencyFk,NEW.supplierFk); - + IF NEW.travelFk IS NOT NULL AND NOT travel_hasUniqueAwb(NEW.travelFk) THEN + CALL util.throw('El travel no es correcto, en las entradas asociadas existe un AWB distinto'); + END IF; END$$ DELIMITER ; diff --git a/db/routines/vn/triggers/entry_beforeUpdate.sql b/db/routines/vn/triggers/entry_beforeUpdate.sql index 91d490b21..57fbb12f6 100644 --- a/db/routines/vn/triggers/entry_beforeUpdate.sql +++ b/db/routines/vn/triggers/entry_beforeUpdate.sql @@ -8,7 +8,13 @@ BEGIN DECLARE vHasDistinctWarehouses BOOL; SET NEW.editorFk = account.myUser_getId(); + + IF NOT(NEW.travelFk <=> OLD.travelFk) THEN + IF NEW.travelFk IS NOT NULL AND NOT travel_hasUniqueAwb(NEW.travelFk) THEN + CALL util.throw('El travel no es correcto, en las entradas asociadas existe un AWB distinto'); + END IF; + IF !(NEW.travelFk <=> OLD.travelFk) THEN SELECT COUNT(*) > 0 INTO vIsVirtual FROM entryVirtual WHERE entryFk = NEW.id; diff --git a/db/routines/vn/triggers/travel_afterUpdate.sql b/db/routines/vn/triggers/travel_afterUpdate.sql index b4e40ae41..aa1489300 100644 --- a/db/routines/vn/triggers/travel_afterUpdate.sql +++ b/db/routines/vn/triggers/travel_afterUpdate.sql @@ -5,7 +5,7 @@ CREATE OR REPLACE DEFINER=`root`@`localhost` TRIGGER `vn`.`travel_afterUpdate` BEGIN CALL stock.log_add('travel', NEW.id, OLD.id); - IF !(NEW.shipped <=> OLD.shipped) THEN + IF NOT(NEW.shipped <=> OLD.shipped) THEN UPDATE entry SET commission = entry_getCommission(travelFk, currencyFk,supplierFk) WHERE travelFk = NEW.id; @@ -23,5 +23,9 @@ BEGIN CALL buy_checkItem(); END IF; END IF; + + IF (NOT(NEW.awbFk <=> OLD.awbFk)) AND NEW.awbFk IS NOT NULL AND NOT travel_hasUniqueAwb(NEW.id) THEN + CALL util.throw('El AWB no es correcto, en las entradas asociadas existe un AWB distinto'); + END IF; END$$ DELIMITER ; diff --git a/db/routines/vn/triggers/travel_beforeInsert.sql b/db/routines/vn/triggers/travel_beforeInsert.sql index 4e1dae3ef..9505f4e16 100644 --- a/db/routines/vn/triggers/travel_beforeInsert.sql +++ b/db/routines/vn/triggers/travel_beforeInsert.sql @@ -8,5 +8,9 @@ BEGIN CALL travel_checkDates(NEW.shipped, NEW.landed); CALL travel_checkWarehouseIsFeedStock(NEW.warehouseInFk); + + IF NEW.awbFk IS NOT NULL AND NOT travel_hasUniqueAwb(NEW.id) THEN + CALL util.throw('El AWB no es correcto, en las entradas asociadas existe un AWB distinto'); + END IF; END$$ DELIMITER ; From 292b77d57eee43d78d09e1343201dd5e1f9bbff4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Andr=C3=A9s?= Date: Fri, 1 Mar 2024 14:36:49 +0100 Subject: [PATCH 18/32] feat: restricciones AWB para travel y entry refs #6960 --- db/routines/vn/triggers/entry_beforeUpdate.sql | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/db/routines/vn/triggers/entry_beforeUpdate.sql b/db/routines/vn/triggers/entry_beforeUpdate.sql index 57fbb12f6..328843442 100644 --- a/db/routines/vn/triggers/entry_beforeUpdate.sql +++ b/db/routines/vn/triggers/entry_beforeUpdate.sql @@ -9,18 +9,17 @@ BEGIN SET NEW.editorFk = account.myUser_getId(); - IF NOT(NEW.travelFk <=> OLD.travelFk) THEN + IF NOT (NEW.travelFk <=> OLD.travelFk) THEN IF NEW.travelFk IS NOT NULL AND NOT travel_hasUniqueAwb(NEW.travelFk) THEN CALL util.throw('El travel no es correcto, en las entradas asociadas existe un AWB distinto'); END IF; - IF !(NEW.travelFk <=> OLD.travelFk) THEN SELECT COUNT(*) > 0 INTO vIsVirtual FROM entryVirtual WHERE entryFk = NEW.id; - SELECT !(o.warehouseInFk <=> n.warehouseInFk) - OR !(o.warehouseOutFk <=> n.warehouseOutFk) + SELECT NOT (o.warehouseInFk <=> n.warehouseInFk) + OR NOT (o.warehouseOutFk <=> n.warehouseOutFk) INTO vHasDistinctWarehouses FROM travel o, travel n WHERE o.id = OLD.travelFk @@ -49,9 +48,8 @@ BEGIN SET NEW.currencyFk = entry_getCurrency(NEW.currencyFk, NEW.supplierFk); END IF; - IF NOT (NEW.travelFk <=> OLD.travelFk) - OR NOT (NEW.currencyFk <=> OLD.currencyFk) THEN - SET NEW.commission = entry_getCommission(NEW.travelFk, NEW.currencyFk,NEW.supplierFk); + IF NOT (NEW.travelFk <=> OLD.travelFk) OR NOT (NEW.currencyFk <=> OLD.currencyFk) THEN + SET NEW.commission = entry_getCommission(NEW.travelFk, NEW.currencyFk, NEW.supplierFk); END IF; END$$ DELIMITER ; From 66b7a3e8f55c8e033163e052acb96c50b0729115 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Andr=C3=A9s?= Date: Tue, 5 Mar 2024 17:30:29 +0100 Subject: [PATCH 19/32] feat: restricciones AWB para travel y entry refs #6960 --- db/routines/vn/triggers/entry_beforeInsert.sql | 2 +- db/routines/vn/triggers/entry_beforeUpdate.sql | 4 ++-- db/routines/vn/triggers/travel_afterUpdate.sql | 2 +- db/routines/vn/triggers/travel_beforeInsert.sql | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/db/routines/vn/triggers/entry_beforeInsert.sql b/db/routines/vn/triggers/entry_beforeInsert.sql index a5fe1d126..c0c0aa28c 100644 --- a/db/routines/vn/triggers/entry_beforeInsert.sql +++ b/db/routines/vn/triggers/entry_beforeInsert.sql @@ -8,7 +8,7 @@ BEGIN SET NEW.currencyFk = entry_getCurrency(NEW.currencyFk, NEW.supplierFk); SET NEW.commission = entry_getCommission(NEW.travelFk, NEW.currencyFk,NEW.supplierFk); IF NEW.travelFk IS NOT NULL AND NOT travel_hasUniqueAwb(NEW.travelFk) THEN - CALL util.throw('El travel no es correcto, en las entradas asociadas existe un AWB distinto'); + CALL util.throw('The travel is incorrect, there is a different AWB in the associated entries'); END IF; END$$ DELIMITER ; diff --git a/db/routines/vn/triggers/entry_beforeUpdate.sql b/db/routines/vn/triggers/entry_beforeUpdate.sql index 328843442..384feb458 100644 --- a/db/routines/vn/triggers/entry_beforeUpdate.sql +++ b/db/routines/vn/triggers/entry_beforeUpdate.sql @@ -12,8 +12,8 @@ BEGIN IF NOT (NEW.travelFk <=> OLD.travelFk) THEN IF NEW.travelFk IS NOT NULL AND NOT travel_hasUniqueAwb(NEW.travelFk) THEN - CALL util.throw('El travel no es correcto, en las entradas asociadas existe un AWB distinto'); - END IF; + CALL util.throw('The travel is incorrect, there is a different AWB in the associated entries'); + END IF; SELECT COUNT(*) > 0 INTO vIsVirtual FROM entryVirtual WHERE entryFk = NEW.id; diff --git a/db/routines/vn/triggers/travel_afterUpdate.sql b/db/routines/vn/triggers/travel_afterUpdate.sql index aa1489300..7752505e3 100644 --- a/db/routines/vn/triggers/travel_afterUpdate.sql +++ b/db/routines/vn/triggers/travel_afterUpdate.sql @@ -25,7 +25,7 @@ BEGIN END IF; IF (NOT(NEW.awbFk <=> OLD.awbFk)) AND NEW.awbFk IS NOT NULL AND NOT travel_hasUniqueAwb(NEW.id) THEN - CALL util.throw('El AWB no es correcto, en las entradas asociadas existe un AWB distinto'); + CALL util.throw('The AWB is incorrect, there is a different AWB in the associated entries'); END IF; END$$ DELIMITER ; diff --git a/db/routines/vn/triggers/travel_beforeInsert.sql b/db/routines/vn/triggers/travel_beforeInsert.sql index 9505f4e16..817bd69bb 100644 --- a/db/routines/vn/triggers/travel_beforeInsert.sql +++ b/db/routines/vn/triggers/travel_beforeInsert.sql @@ -10,7 +10,7 @@ BEGIN CALL travel_checkWarehouseIsFeedStock(NEW.warehouseInFk); IF NEW.awbFk IS NOT NULL AND NOT travel_hasUniqueAwb(NEW.id) THEN - CALL util.throw('El AWB no es correcto, en las entradas asociadas existe un AWB distinto'); + CALL util.throw('The AWB is incorrect, there is a different AWB in the associated entries'); END IF; END$$ DELIMITER ; From 59a0cb3f4aa9e461f7143e7d8666afa22cd11161 Mon Sep 17 00:00:00 2001 From: carlossa Date: Wed, 6 Mar 2024 13:08:20 +0100 Subject: [PATCH 20/32] refs #6842 deprecated and move --- .../vn/triggers/invoiceOut_beforeInsert.sql | 12 ++-- db/versions/10893-limeFern/00-sage.sql | 57 ++++++++++++------- 2 files changed, 44 insertions(+), 25 deletions(-) diff --git a/db/routines/vn/triggers/invoiceOut_beforeInsert.sql b/db/routines/vn/triggers/invoiceOut_beforeInsert.sql index f3a292edd..eb5c1150f 100644 --- a/db/routines/vn/triggers/invoiceOut_beforeInsert.sql +++ b/db/routines/vn/triggers/invoiceOut_beforeInsert.sql @@ -17,16 +17,16 @@ BEGIN DECLARE vRefLen INT; DECLARE vRefPrefix VARCHAR(255); DECLARE vLastRef VARCHAR(255); - DECLARE vSage200Company INT; + DECLARE vCompanyCode INT; DECLARE vYearLen INT DEFAULT 2; DECLARE vPrefixLen INT; - SELECT sage200Company INTO vSage200Company + SELECT companyCode INTO vCompanyCode FROM company WHERE id = NEW.companyFk; - IF vSage200Company IS NULL THEN - CALL util.throw('vSage200CompanyNotDefined'); + IF vCompanyCode IS NULL THEN + CALL util.throw('vCompanyCodeNotDefined'); END IF; SELECT MAX(i.ref) INTO vLastRef @@ -36,7 +36,7 @@ BEGIN AND i.companyFk = NEW.companyFk; IF vLastRef IS NOT NULL THEN - SET vPrefixLen = LENGTH(NEW.serial) + LENGTH(vSage200Company) + vYearLen; + SET vPrefixLen = LENGTH(NEW.serial) + LENGTH(vCompanyCode) + vYearLen; SET vRefLen = LENGTH(vLastRef) - vPrefixLen; SET vRefPrefix = LEFT(vLastRef, vPrefixLen); SET vRef = RIGHT(vLastRef, vRefLen); @@ -44,7 +44,7 @@ BEGIN SELECT refLen INTO vRefLen FROM invoiceOutConfig; SET vRefPrefix = CONCAT( NEW.serial, - vSage200Company, + vCompanyCode, RIGHT(YEAR(NEW.issued), vYearLen) ); END IF; diff --git a/db/versions/10893-limeFern/00-sage.sql b/db/versions/10893-limeFern/00-sage.sql index 049bb2993..9d076050e 100644 --- a/db/versions/10893-limeFern/00-sage.sql +++ b/db/versions/10893-limeFern/00-sage.sql @@ -1,35 +1,54 @@ --- Auto-generated SQL script #202402151810 +-- Auto-generated SQL script #202403061303 UPDATE vn.company - SET companyGroupFk=NULL + SET companyCode=0 WHERE id=69; UPDATE vn.company - SET companyGroupFk=NULL - WHERE id=567; -UPDATE vn.company - SET companyGroupFk=NULL + SET companyCode=0 WHERE id=791; UPDATE vn.company - SET companyGroupFk=NULL + SET companyCode=3 WHERE id=792; UPDATE vn.company - SET companyGroupFk=NULL + SET companyCode=5 WHERE id=965; UPDATE vn.company - SET companyGroupFk=NULL + SET companyCode=7 WHERE id=1381; UPDATE vn.company - SET companyGroupFk=NULL + SET companyCode=3 WHERE id=1463; UPDATE vn.company - SET companyGroupFk=NULL - WHERE id=2142; -UPDATE vn.company - SET companyGroupFk=NULL - WHERE id=2292; -UPDATE vn.company - SET companyGroupFk=NULL + SET companyCode=6 WHERE id=2393; UPDATE vn.company - SET companyGroupFk=NULL + SET companyCode=9 WHERE id=3869; -ALTER TABLE vn.company MODIFY COLUMN sage200Company int(2) DEFAULT NULL NULL COMMENT 'Campo para la serie InvoiceOut'; + +-- Auto-generated SQL script #202403061303 +UPDATE vn.company + SET companyCode=0 + WHERE id=69; +UPDATE vn.company + SET companyCode=0 + WHERE id=791; +UPDATE vn.company + SET companyCode=3 + WHERE id=792; +UPDATE vn.company + SET companyCode=5 + WHERE id=965; +UPDATE vn.company + SET companyCode=7 + WHERE id=1381; +UPDATE vn.company + SET companyCode=3 + WHERE id=1463; +UPDATE vn.company + SET companyCode=6 + WHERE id=2393; +UPDATE vn.company + SET companyCode=9 + WHERE id=3869; + +ALTER TABLE vn.company CHANGE sage200Company sage200Company__ int(2) DEFAULT NULL NULL COMMENT '@deprecated 06/03/2024'; +ALTER TABLE vn.company MODIFY COLUMN sage200Company__ int(2) DEFAULT NULL NULL COMMENT '@deprecated 06/03/2024'; From a24445439ab389ebf8054f766d81bbd1e2b1c3af Mon Sep 17 00:00:00 2001 From: carlossa Date: Wed, 6 Mar 2024 13:09:03 +0100 Subject: [PATCH 21/32] remove v --- db/routines/vn/triggers/invoiceOut_beforeInsert.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/db/routines/vn/triggers/invoiceOut_beforeInsert.sql b/db/routines/vn/triggers/invoiceOut_beforeInsert.sql index eb5c1150f..8eb25e710 100644 --- a/db/routines/vn/triggers/invoiceOut_beforeInsert.sql +++ b/db/routines/vn/triggers/invoiceOut_beforeInsert.sql @@ -26,7 +26,7 @@ BEGIN WHERE id = NEW.companyFk; IF vCompanyCode IS NULL THEN - CALL util.throw('vCompanyCodeNotDefined'); + CALL util.throw('CompanyCodeNotDefined'); END IF; SELECT MAX(i.ref) INTO vLastRef From 6a13a33f840b550c72b6dfd34fe4f6bd9ec12d0a Mon Sep 17 00:00:00 2001 From: carlossa Date: Wed, 6 Mar 2024 13:09:41 +0100 Subject: [PATCH 22/32] min c --- db/routines/vn/triggers/invoiceOut_beforeInsert.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/db/routines/vn/triggers/invoiceOut_beforeInsert.sql b/db/routines/vn/triggers/invoiceOut_beforeInsert.sql index 8eb25e710..0081c8803 100644 --- a/db/routines/vn/triggers/invoiceOut_beforeInsert.sql +++ b/db/routines/vn/triggers/invoiceOut_beforeInsert.sql @@ -26,7 +26,7 @@ BEGIN WHERE id = NEW.companyFk; IF vCompanyCode IS NULL THEN - CALL util.throw('CompanyCodeNotDefined'); + CALL util.throw('companyCodeNotDefined'); END IF; SELECT MAX(i.ref) INTO vLastRef From 58a239708d1dca4dbd23af0f260ad03e801d8790 Mon Sep 17 00:00:00 2001 From: carlossa Date: Wed, 6 Mar 2024 13:11:41 +0100 Subject: [PATCH 23/32] refs #6842 remove sage --- db/versions/10893-limeFern/00-sage.sql | 28 +++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/db/versions/10893-limeFern/00-sage.sql b/db/versions/10893-limeFern/00-sage.sql index 9d076050e..01508b932 100644 --- a/db/versions/10893-limeFern/00-sage.sql +++ b/db/versions/10893-limeFern/00-sage.sql @@ -24,31 +24,41 @@ UPDATE vn.company SET companyCode=9 WHERE id=3869; --- Auto-generated SQL script #202403061303 +-- Auto-generated SQL script #202403061311 UPDATE vn.company - SET companyCode=0 + SET sage200Company=NULL WHERE id=69; UPDATE vn.company - SET companyCode=0 + SET sage200Company=NULL + WHERE id=442; +UPDATE vn.company + SET sage200Company=NULL + WHERE id=567; +UPDATE vn.company + SET sage200Company=NULL WHERE id=791; UPDATE vn.company - SET companyCode=3 + SET sage200Company=NULL WHERE id=792; UPDATE vn.company - SET companyCode=5 + SET sage200Company=NULL WHERE id=965; UPDATE vn.company - SET companyCode=7 + SET sage200Company=NULL WHERE id=1381; UPDATE vn.company - SET companyCode=3 + SET sage200Company=NULL WHERE id=1463; UPDATE vn.company - SET companyCode=6 + SET sage200Company=NULL + WHERE id=2142; +UPDATE vn.company + SET sage200Company=NULL WHERE id=2393; UPDATE vn.company - SET companyCode=9 + SET sage200Company=NULL WHERE id=3869; + ALTER TABLE vn.company CHANGE sage200Company sage200Company__ int(2) DEFAULT NULL NULL COMMENT '@deprecated 06/03/2024'; ALTER TABLE vn.company MODIFY COLUMN sage200Company__ int(2) DEFAULT NULL NULL COMMENT '@deprecated 06/03/2024'; From a94fd1a61cdbacbd604b89a1a2712d4cdcae546b Mon Sep 17 00:00:00 2001 From: jorgep Date: Thu, 7 Mar 2024 09:29:51 +0100 Subject: [PATCH 24/32] fix: refs #6744 change error kind --- loopback/locale/en.json | 3 ++- loopback/locale/es.json | 3 ++- modules/worker/back/methods/worker/setPassword.js | 4 ++-- modules/worker/back/methods/worker/specs/setPassword.spec.js | 2 +- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/loopback/locale/en.json b/loopback/locale/en.json index 62c0afcf8..31b954a32 100644 --- a/loopback/locale/en.json +++ b/loopback/locale/en.json @@ -221,5 +221,6 @@ "printerNotExists": "The printer does not exist", "There are not picking tickets": "There are not picking tickets", "ticketCommercial": "The ticket {{ ticket }} for the salesperson {{ salesMan }} is in preparation. (automatically generated message)", - "This password can only be changed by the user themselves": "This password can only be changed by the user themselves" + "This password can only be changed by the user themselves": "This password can only be changed by the user themselves", + "They're not your subordinate": "They're not your subordinate" } diff --git a/loopback/locale/es.json b/loopback/locale/es.json index bf4717c97..945474726 100644 --- a/loopback/locale/es.json +++ b/loopback/locale/es.json @@ -348,5 +348,6 @@ "Cmr file does not exist": "El archivo del cmr no existe", "You are not allowed to modify the alias": "No estás autorizado a modificar el alias", "The address of the customer must have information about Incoterms and Customs Agent": "El consignatario del cliente debe tener informado Incoterms y Agente de aduanas", - "This password can only be changed by the user themselves": "Esta contraseña solo puede ser modificada por el propio usuario" + "This password can only be changed by the user themselves": "Esta contraseña solo puede ser modificada por el propio usuario", + "They're not your subordinate": "No es tu subordinado/a." } diff --git a/modules/worker/back/methods/worker/setPassword.js b/modules/worker/back/methods/worker/setPassword.js index e6bdfb364..9969530a4 100644 --- a/modules/worker/back/methods/worker/setPassword.js +++ b/modules/worker/back/methods/worker/setPassword.js @@ -1,4 +1,4 @@ -const UserError = require('vn-loopback/util/user-error'); +const ForbiddenError = require('vn-loopback/util/forbiddenError'); module.exports = Self => { Self.remoteMethodCtx('setPassword', { description: 'Set a new password', @@ -32,7 +32,7 @@ module.exports = Self => { } try { const isSubordinate = await Self.isSubordinate(ctx, id, myOptions); - if (!isSubordinate) throw new UserError('You don\'t have enough privileges.'); + if (!isSubordinate) throw new ForbiddenError('They\'re not your subordinate'); await models.Account.setUnverifiedPassword(id, newPass, myOptions); diff --git a/modules/worker/back/methods/worker/specs/setPassword.spec.js b/modules/worker/back/methods/worker/specs/setPassword.spec.js index 03cbee03b..8d152bdd1 100644 --- a/modules/worker/back/methods/worker/specs/setPassword.spec.js +++ b/modules/worker/back/methods/worker/specs/setPassword.spec.js @@ -54,7 +54,7 @@ describe('worker setPassword()', () => { await models.Worker.setPassword(ctx, administrativeId, newPass, options); await tx.rollback(); } catch (e) { - expect(e.message).toEqual(`You don't have enough privileges.`); + expect(e.message).toEqual(`They're not your subordinate`); await tx.rollback(); } }); From b051b0512fcb8abf63c2207cee732d641ce746c7 Mon Sep 17 00:00:00 2001 From: carlossa Date: Mon, 11 Mar 2024 09:48:29 +0100 Subject: [PATCH 25/32] refs #6842 fix fixtures --- db/dump/fixtures.before.sql | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/db/dump/fixtures.before.sql b/db/dump/fixtures.before.sql index 094b956af..05e183bfd 100644 --- a/db/dump/fixtures.before.sql +++ b/db/dump/fixtures.before.sql @@ -592,13 +592,13 @@ INSERT INTO `vn`.`supplierAccount`(`id`, `supplierFk`, `iban`, `bankEntityFk`) VALUES (241, 442, 'ES111122333344111122221111', 128); -INSERT INTO `vn`.`company`(`id`, `code`, `supplierAccountFk`, `workerManagerFk`, `companyCode`, `sage200Company`, `expired`, `companyGroupFk`, `phytosanitary` , `clientFk`) +INSERT INTO `vn`.`company`(`id`, `code`, `supplierAccountFk`, `workerManagerFk`, `companyCode`, `expired`, `companyGroupFk`, `phytosanitary` , `clientFk`) VALUES - (69 , 'CCs', NULL, 30, NULL, 0, NULL, 1, NULL , NULL), - (442 , 'VNL', 241, 30, 2 , 1, NULL, 2, 'VNL Company - Plant passport' , 1101), - (567 , 'VNH', NULL, 30, NULL, 4, NULL, 1, 'VNH Company - Plant passport' , NULL), - (791 , 'FTH', NULL, 30, NULL, 3, '2015-11-30', 1, NULL , NULL), - (1381, 'ORN', NULL, 30, NULL, 7, NULL, 1, 'ORN Company - Plant passport' , NULL); + (69 , 'CCs', NULL, 30, 0, NULL, 1, NULL , NULL), + (442 , 'VNL', 241, 30, 1, NULL, 2, 'VNL Company - Plant passport' , 1101), + (567 , 'VNH', NULL, 30, 4, NULL, 1, 'VNH Company - Plant passport' , NULL), + (791 , 'FTH', NULL, 30, 3, '2015-11-30', 1, NULL , NULL), + (1381, 'ORN', NULL, 30, 7, NULL, 1, 'ORN Company - Plant passport' , NULL); INSERT INTO `vn`.`taxArea` (`code`, `claveOperacionFactura`, `CodigoTransaccion`) VALUES @@ -728,7 +728,7 @@ INSERT INTO `vn`.`route`(`id`, `time`, `workerFk`, `created`, `vehicleFk`, `agen INSERT INTO `vn`.`ticket`(`id`, `priority`, `agencyModeFk`,`warehouseFk`,`routeFk`, `shipped`, `landed`, `clientFk`,`nickname`, `addressFk`, `refFk`, `isDeleted`, `zoneFk`, `zonePrice`, `zoneBonus`, `created`, `weight`, `cmrFk`) VALUES (1 , 3, 1, 1, 1, DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH), DATE_ADD(DATE_ADD(util.VN_CURDATE(),INTERVAL -1 MONTH), INTERVAL +1 DAY), 1101, 'Bat cave', 121, NULL, 0, 1, 5, 1, DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH), 1, 1), - (2 , 1, 1, 1, 1, DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH), DATE_ADD(DATE_ADD(util.VN_CURDATE(),INTERVAL -1 MONTH), INTERVAL +1 DAY), 1101, 'Bat cave', 1, NULL, 0, 1, 5, 1, DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH), 2, 2), + (2 , 1, 1, 1, 1, DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH), DATE_ADD(DATE_ADD(util.VN_CURDATE(),INTERVAL -1 MONTH), INTERVAL +1 DAY), 1101, 'Bat cave', 1, NULL, 0, 1, 5, 1, DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH), 2, 2), (3 , 1, 7, 1, 6, DATE_ADD(util.VN_CURDATE(), INTERVAL -2 MONTH), DATE_ADD(DATE_ADD(util.VN_CURDATE(),INTERVAL -2 MONTH), INTERVAL +1 DAY), 1104, 'Stark tower', 124, NULL, 0, 3, 5, 1, DATE_ADD(util.VN_CURDATE(), INTERVAL -2 MONTH), NULL, 3), (4 , 3, 2, 1, 2, DATE_ADD(util.VN_CURDATE(), INTERVAL -3 MONTH), DATE_ADD(DATE_ADD(util.VN_CURDATE(),INTERVAL -3 MONTH), INTERVAL +1 DAY), 1104, 'Stark tower', 124, NULL, 0, 9, 5, 1, DATE_ADD(util.VN_CURDATE(), INTERVAL -3 MONTH), NULL, NULL), (5 , 3, 3, 3, 3, DATE_ADD(util.VN_CURDATE(), INTERVAL -4 MONTH), DATE_ADD(DATE_ADD(util.VN_CURDATE(),INTERVAL -4 MONTH), INTERVAL +1 DAY), 1104, 'Stark tower', 124, NULL, 0, 10, 5, 1, DATE_ADD(util.VN_CURDATE(), INTERVAL -4 MONTH), NULL, NULL), From f2f6e7be0b5354d041fe3c746fcf572ea06c7c3e Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Tue, 12 Mar 2024 13:29:53 +0100 Subject: [PATCH 26/32] refs #6930 perf: parallel calls --- front/core/services/auth.js | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/front/core/services/auth.js b/front/core/services/auth.js index e51a2ff12..8727f92bc 100644 --- a/front/core/services/auth.js +++ b/front/core/services/auth.js @@ -98,20 +98,19 @@ export default class Auth { } logout() { - this.$http.post('VnUsers/logoutMultimedia', null, {headers: {'Authorization': this.vnToken.tokenMultimedia}, - }).then(({data}) => { - if (data) { - this.$http.post('VnUsers/logout', null, { - headers: {Authorization: this.vnToken.token} - }).catch(() => {}); - - this.vnToken.unset(); - this.loggedIn = false; - this.vnModules.reset(); - this.aclService.reset(); - this.$state.go('login'); - } + this.$http.post('Accounts/logout', null, {headers: {'Authorization': this.vnToken.tokenMultimedia}, }); + + let promise = this.$http.post('VnUsers/logout', null, { + headers: {Authorization: this.vnToken.token} + }).catch(() => {}); + this.vnToken.unset(); + this.loggedIn = false; + this.vnModules.reset(); + this.aclService.reset(); + this.$state.go('login'); + + return promise; } loadAcls() { From c84e86270c8c910903f26f2311883b9771d38a19 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Tue, 12 Mar 2024 13:30:32 +0100 Subject: [PATCH 27/32] refs #6930 perf: remove logoutMultimedia method --- back/models/vn-user.js | 26 -------------------------- 1 file changed, 26 deletions(-) diff --git a/back/models/vn-user.js b/back/models/vn-user.js index 473e619db..b59f13ffa 100644 --- a/back/models/vn-user.js +++ b/back/models/vn-user.js @@ -31,32 +31,6 @@ module.exports = function(Self) { message: `A client with that Web User name already exists` }); - Self.remoteMethod('logoutMultimedia', { - description: 'Logout current MultimediaToken', - accepts: [{ - arg: 'ctx', - type: 'Object', - http: {source: 'context'} - }], - returns: { - type: 'Boolean', - root: true - }, - http: { - verb: 'POST', - path: '/logoutMultimedia' - }, - accessScopes: ['read:multimedia'] - }); - Self.logoutMultimedia = async function(ctx) { - let {accessToken} = ctx.req; - try { - Self.logout(accessToken.id); - return true; - } catch (error) { - return error; - } - }; Self.remoteMethod('getCurrentUserData', { description: 'Gets the current user data', accepts: [ From ff6a1a91110905c2a25fc8531be2ee831620101d Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Tue, 12 Mar 2024 13:39:01 +0100 Subject: [PATCH 28/32] refs #6930 perf: remove logoutMultimedia acl --- db/versions/10919-brownMoss/00-firstScript.sql | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/db/versions/10919-brownMoss/00-firstScript.sql b/db/versions/10919-brownMoss/00-firstScript.sql index a6abdbe79..640d2180a 100644 --- a/db/versions/10919-brownMoss/00-firstScript.sql +++ b/db/versions/10919-brownMoss/00-firstScript.sql @@ -1,5 +1,3 @@ -- Place your SQL code here -INSERT IGNORE INTO `salix`.`ACL`(`model`,`property`,`accessType`,`permission`, `principalType`, `principalId`) -VALUES -('VnUser','logoutMultimedia','*','ALLOW','ROLE','employee') + From 99f01a1dbd165bc89eee52dc2bbd66a0dde54de3 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Tue, 12 Mar 2024 13:39:21 +0100 Subject: [PATCH 29/32] refs #6930 perf: add accessScopes to account.logout --- modules/account/back/methods/account/logout.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/account/back/methods/account/logout.js b/modules/account/back/methods/account/logout.js index 5db3efa33..7d2e8153e 100644 --- a/modules/account/back/methods/account/logout.js +++ b/modules/account/back/methods/account/logout.js @@ -15,7 +15,8 @@ module.exports = Self => { http: { path: `/logout`, verb: 'POST' - } + }, + accessScopes: ['DEFAULT', 'read:multimedia'] }); Self.logout = async ctx => Self.app.models.VnUser.logout(ctx.req.accessToken.id); From e24eed16c1b3240cd1bbb80010c7cbb08af0768f Mon Sep 17 00:00:00 2001 From: carlossa Date: Thu, 14 Mar 2024 08:26:50 +0100 Subject: [PATCH 30/32] refs #6842 fix companyCode --- db/versions/10893-limeFern/00-sage.sql | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/db/versions/10893-limeFern/00-sage.sql b/db/versions/10893-limeFern/00-sage.sql index 01508b932..d4c7e6221 100644 --- a/db/versions/10893-limeFern/00-sage.sql +++ b/db/versions/10893-limeFern/00-sage.sql @@ -3,7 +3,13 @@ UPDATE vn.company SET companyCode=0 WHERE id=69; UPDATE vn.company - SET companyCode=0 + SET companyCode=1 + WHERE id=442; +UPDATE vn.company + SET companyCode=4 + WHERE id=567; +UPDATE vn.company + SET companyCode=2 WHERE id=791; UPDATE vn.company SET companyCode=3 @@ -17,6 +23,9 @@ UPDATE vn.company UPDATE vn.company SET companyCode=3 WHERE id=1463; +UPDATE vn.company + SET companyCode=8 + WHERE id=2142; UPDATE vn.company SET companyCode=6 WHERE id=2393; From a7faf4e325544ad8f8605156dc92555038c925d4 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Thu, 14 Mar 2024 13:05:39 +0000 Subject: [PATCH 31/32] refs #6930 perf: logout update --- front/core/services/auth.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/front/core/services/auth.js b/front/core/services/auth.js index 8727f92bc..753bc3fba 100644 --- a/front/core/services/auth.js +++ b/front/core/services/auth.js @@ -99,7 +99,7 @@ export default class Auth { logout() { this.$http.post('Accounts/logout', null, {headers: {'Authorization': this.vnToken.tokenMultimedia}, - }); + }).catch(() => {}); let promise = this.$http.post('VnUsers/logout', null, { headers: {Authorization: this.vnToken.token} From aa27eb192231fc5bab816d12f9a22edbac2bc2c1 Mon Sep 17 00:00:00 2001 From: guillermo Date: Fri, 15 Mar 2024 10:55:39 +0100 Subject: [PATCH 32/32] refs #6948 Fix error --- db/routines/sage/procedures/pgc_add.sql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/db/routines/sage/procedures/pgc_add.sql b/db/routines/sage/procedures/pgc_add.sql index ebcb2d043..78d80a9fe 100644 --- a/db/routines/sage/procedures/pgc_add.sql +++ b/db/routines/sage/procedures/pgc_add.sql @@ -17,13 +17,13 @@ BEGIN e.id accountFk, UCASE(e.name), '' - FROM expense e + FROM vn.expense e UNION SELECT company_getCode(vCompanyFk), a.account, UCASE(a.bank), '' - FROM accounting a + FROM vn.accounting a WHERE a.isActive AND a.`account` UNION