fix(salix): refs #7648 #7648 entryFilter and getBuys by fi
gitea/salix/pipeline/pr-dev This commit looks good
Details
gitea/salix/pipeline/pr-dev This commit looks good
Details
This commit is contained in:
parent
f07964be20
commit
5192bfd8ea
|
@ -146,10 +146,11 @@ module.exports = Self => {
|
|||
});
|
||||
filter = mergeFilters(ctx.args.filter, {where});
|
||||
const userId = ctx.req.accessToken.userId;
|
||||
const isSupplier = await Self.app.models.Supplier.findById(userId, myOptions);
|
||||
if (isSupplier) {
|
||||
const client = await Self.app.models.Client.findById(userId, myOptions);
|
||||
const supplier = await Self.app.models.Supplier.findOne({where: {nif: client.fi}}, myOptions);
|
||||
if (supplier) {
|
||||
if (!filter.where) filter.where = {};
|
||||
filter.where[`e.supplierFk`] = ctx.req.accessToken.userId;
|
||||
filter.where[`e.supplierFk`] = supplier.id;
|
||||
}
|
||||
const stmts = [];
|
||||
let stmt;
|
||||
|
|
|
@ -36,9 +36,10 @@ module.exports = Self => {
|
|||
|
||||
if (typeof options == 'object')
|
||||
Object.assign(myOptions, options);
|
||||
const isSupplier = await Self.app.models.Supplier.findById(userId, myOptions);
|
||||
if (isSupplier) {
|
||||
const isEntryOwner = (await Self.findById(id)).supplierFk === userId;
|
||||
const client = await Self.app.models.Client.findById(userId, myOptions);
|
||||
const supplier = await Self.app.models.Supplier.findOne({where: {nif: client.fi}}, myOptions);
|
||||
if (supplier) {
|
||||
const isEntryOwner = (await Self.findById(id)).supplierFk === supplier.id;
|
||||
|
||||
if (!isEntryOwner) throw new UserError('Access Denied');
|
||||
}
|
||||
|
|
|
@ -56,7 +56,7 @@ describe('Entry filter()', () => {
|
|||
try {
|
||||
const ctx = {
|
||||
args: {},
|
||||
req: {accessToken: {userId: 2}}
|
||||
req: {accessToken: {userId: 1102}}
|
||||
};
|
||||
|
||||
const result = await models.Entry.filter(ctx, options);
|
||||
|
@ -79,7 +79,7 @@ describe('Entry filter()', () => {
|
|||
args: {
|
||||
supplierFk: 1
|
||||
},
|
||||
req: {accessToken: {userId: 2}}
|
||||
req: {accessToken: {userId: 1102}}
|
||||
};
|
||||
|
||||
const result = await models.Entry.filter(ctx, options);
|
||||
|
|
|
@ -40,7 +40,7 @@ describe('entry getBuys()', () => {
|
|||
args: {
|
||||
search: 1
|
||||
},
|
||||
req: {accessToken: {userId: 2}}
|
||||
req: {accessToken: {userId: 1102}}
|
||||
};
|
||||
|
||||
const result = await models.Entry.getBuys(ctx, entryId, options);
|
||||
|
|
Loading…
Reference in New Issue