From 9113f2e3e568b2d4b5e9751535c659ace503d81b Mon Sep 17 00:00:00 2001 From: Jon Date: Wed, 13 Nov 2024 08:30:09 +0100 Subject: [PATCH 1/2] feat: refs #7127 modify days when adding lines to a claim --- db/dump/fixtures.before.sql | 4 ++-- .../11334-grayRoebelini/00-firstScript.sql | 2 ++ .../specs/claim-beginning.spec.js | 2 +- .../claim/specs/createFromSales.spec.js | 24 ++++++++----------- modules/claim/back/models/claim-beginning.js | 24 +++++++++++++++++++ .../methods/sale/getClaimableFromTicket.js | 8 +++---- 6 files changed, 42 insertions(+), 22 deletions(-) create mode 100644 db/versions/11334-grayRoebelini/00-firstScript.sql diff --git a/db/dump/fixtures.before.sql b/db/dump/fixtures.before.sql index 8544686e8b..4c13b37cc7 100644 --- a/db/dump/fixtures.before.sql +++ b/db/dump/fixtures.before.sql @@ -1931,9 +1931,9 @@ INSERT INTO `vn`.`claimEnd`(`id`, `saleFk`, `claimFk`, `workerFk`, `claimDestina (1, 31, 4, 21, 2), (2, 32, 3, 21, 3); -INSERT INTO `vn`.`claimConfig`(`id`, `maxResponsibility`, `monthsToRefund`, `minShipped`) +INSERT INTO `vn`.`claimConfig`(`id`, `maxResponsibility`, `monthsToRefund`, `minShipped`,`daysToClaim`) VALUES - (1, 5, 4, '2016-10-01'); + (1, 5, 4, '2016-10-01', 7); INSERT INTO `vn`.`claimRatio`(`clientFk`, `yearSale`, `claimAmount`, `claimingRate`, `priceIncreasing`, `packingRate`) VALUES diff --git a/db/versions/11334-grayRoebelini/00-firstScript.sql b/db/versions/11334-grayRoebelini/00-firstScript.sql new file mode 100644 index 0000000000..5eb1076947 --- /dev/null +++ b/db/versions/11334-grayRoebelini/00-firstScript.sql @@ -0,0 +1,2 @@ +-- Place your SQL code here +ALTER TABLE vn.claimConfig ADD IF NOT EXISTS daysToClaim int(11) NOT NULL DEFAULT 7 COMMENT 'Dias para reclamar'; diff --git a/modules/claim/back/methods/claim-beginning/specs/claim-beginning.spec.js b/modules/claim/back/methods/claim-beginning/specs/claim-beginning.spec.js index b7974ad237..8b56f3a1c3 100644 --- a/modules/claim/back/methods/claim-beginning/specs/claim-beginning.spec.js +++ b/modules/claim/back/methods/claim-beginning/specs/claim-beginning.spec.js @@ -4,7 +4,7 @@ const LoopBackContext = require('loopback-context'); describe('ClaimBeginning model()', () => { const claimFk = 1; const activeCtx = { - accessToken: {userId: 18}, + accessToken: {userId: 72}, headers: {origin: 'localhost:5000'}, __: () => {} }; diff --git a/modules/claim/back/methods/claim/specs/createFromSales.spec.js b/modules/claim/back/methods/claim/specs/createFromSales.spec.js index 25414d1db7..75caf278ef 100644 --- a/modules/claim/back/methods/claim/specs/createFromSales.spec.js +++ b/modules/claim/back/methods/claim/specs/createFromSales.spec.js @@ -3,22 +3,18 @@ const LoopBackContext = require('loopback-context'); describe('Claim createFromSales()', () => { const ticketId = 23; - const newSale = [{ - id: 31, - instance: 0, - quantity: 10 - }]; - const activeCtx = { - accessToken: {userId: 1}, - headers: {origin: 'localhost:5000'}, - __: () => {} - }; - - const ctx = { - req: activeCtx - }; + const newSale = [{id: 31, instance: 0, quantity: 10}]; + let activeCtx; + let ctx; beforeEach(() => { + activeCtx = { + accessToken: {userId: 72}, + headers: {origin: 'localhost:5000'}, + __: () => {} + }; + ctx = {req: activeCtx}; + spyOn(LoopBackContext, 'getCurrentContext').and.returnValue({ active: activeCtx }); diff --git a/modules/claim/back/models/claim-beginning.js b/modules/claim/back/models/claim-beginning.js index 3dc9261c3d..40d66c33ea 100644 --- a/modules/claim/back/models/claim-beginning.js +++ b/modules/claim/back/models/claim-beginning.js @@ -1,6 +1,7 @@ const UserError = require('vn-loopback/util/user-error'); const LoopBackContext = require('loopback-context'); +const moment = require('moment'); module.exports = Self => { require('../methods/claim-beginning/importToNewRefundTicket')(Self); @@ -13,8 +14,31 @@ module.exports = Self => { const options = ctx.options; const models = Self.app.models; const saleFk = ctx?.currentInstance?.saleFk || ctx?.instance?.saleFk; + const loopBackContext = LoopBackContext.getCurrentContext(); + const accessToken = loopBackContext.active.accessToken; + const user = await models.VnUser.findById(accessToken.userId); + const role = await models.VnRole.findById(user.roleFk); const sale = await models.Sale.findById(saleFk, {fields: ['ticketFk', 'quantity']}, options); + if (role.name !== 'salesPerson' && role.name !== 'claimManager') + throw new UserError(`You don't have permission to modify this claim`); + + if (role.name === 'salesPerson') { + const query = ` + SELECT daysToClaim + FROM vn.claimConfig`; + const res = await Self.rawSql(query); + const daysToClaim = res[0]?.daysToClaim; + + const claim = await models.Claim.findById(ctx?.currentInstance?.claimFk, {fields: ['created']}, options); + const claimDate = moment.utc(claim.created); + const currentDate = moment.utc(); + const daysSinceSale = currentDate.diff(claimDate, 'days'); + + if (daysSinceSale > daysToClaim) + throw new UserError(`You can't modify this claim because the deadline has already passed`); + } + if (ctx.isNewInstance) { const claim = await models.Claim.findById(ctx.instance.claimFk, {fields: ['ticketFk']}, options); if (sale.ticketFk != claim.ticketFk) diff --git a/modules/ticket/back/methods/sale/getClaimableFromTicket.js b/modules/ticket/back/methods/sale/getClaimableFromTicket.js index c51781f595..cb10bdb0e0 100644 --- a/modules/ticket/back/methods/sale/getClaimableFromTicket.js +++ b/modules/ticket/back/methods/sale/getClaimableFromTicket.js @@ -30,7 +30,6 @@ module.exports = Self => { SELECT s.id AS saleFk, t.id AS ticketFk, - t.landed, s.concept, s.itemFk, s.quantity, @@ -41,11 +40,10 @@ module.exports = Self => { INNER JOIN vn.sale s ON s.ticketFk = t.id LEFT JOIN vn.claimBeginning cb ON cb.saleFk = s.id - WHERE (t.landed) >= TIMESTAMPADD(DAY, -7, ?) - AND t.id = ? AND cb.id IS NULL - ORDER BY t.landed DESC, t.id DESC`; + WHERE t.id = ? + AND cb.id IS NULL`; - const claimableSales = await Self.rawSql(query, [date, ticketFk], myOptions); + const claimableSales = await Self.rawSql(query, [ticketFk], myOptions); return claimableSales; }; From 5258e5ba2ab08a38086d33b94ba6f973f9292e57 Mon Sep 17 00:00:00 2001 From: Jon Date: Tue, 4 Feb 2025 13:55:01 +0100 Subject: [PATCH 2/2] refactor: refs #7127 modified checkAccessAcl instead of using VnRole --- modules/claim/back/models/claim-beginning.js | 38 ++++++++++++++------ 1 file changed, 28 insertions(+), 10 deletions(-) diff --git a/modules/claim/back/models/claim-beginning.js b/modules/claim/back/models/claim-beginning.js index 40d66c33ea..41c064c751 100644 --- a/modules/claim/back/models/claim-beginning.js +++ b/modules/claim/back/models/claim-beginning.js @@ -14,33 +14,51 @@ module.exports = Self => { const options = ctx.options; const models = Self.app.models; const saleFk = ctx?.currentInstance?.saleFk || ctx?.instance?.saleFk; - const loopBackContext = LoopBackContext.getCurrentContext(); - const accessToken = loopBackContext.active.accessToken; - const user = await models.VnUser.findById(accessToken.userId); - const role = await models.VnRole.findById(user.roleFk); + const claimFk = ctx?.instance?.claimFk || ctx?.currentInstance?.claimFk; + const myOptions = {}; + const accessToken = ctx?.options?.accessToken || LoopBackContext.getCurrentContext().active.accessToken; + const ctxToken = {req: {accessToken}}; + + if (typeof options == 'object') + Object.assign(myOptions, options); + const sale = await models.Sale.findById(saleFk, {fields: ['ticketFk', 'quantity']}, options); - if (role.name !== 'salesPerson' && role.name !== 'claimManager') + const canCreateClaimAfterDeadline = models.ACL.checkAccessAcl( + ctxToken, + 'Claim', + 'createAfterDeadline', + myOptions + ); + + const canUpdateClaim = models.ACL.checkAccessAcl( + ctxToken, + 'Claim', + 'updateClaim', + myOptions + ); + + if (!canUpdateClaim && !canCreateClaimAfterDeadline) throw new UserError(`You don't have permission to modify this claim`); - if (role.name === 'salesPerson') { + if (canUpdateClaim) { const query = ` SELECT daysToClaim FROM vn.claimConfig`; const res = await Self.rawSql(query); const daysToClaim = res[0]?.daysToClaim; - const claim = await models.Claim.findById(ctx?.currentInstance?.claimFk, {fields: ['created']}, options); + const claim = await models.Claim.findById(claimFk, {fields: ['created']}, options); const claimDate = moment.utc(claim.created); const currentDate = moment.utc(); const daysSinceSale = currentDate.diff(claimDate, 'days'); - if (daysSinceSale > daysToClaim) + if (daysSinceSale > daysToClaim && !canCreateClaimAfterDeadline) throw new UserError(`You can't modify this claim because the deadline has already passed`); } if (ctx.isNewInstance) { - const claim = await models.Claim.findById(ctx.instance.claimFk, {fields: ['ticketFk']}, options); + const claim = await models.Claim.findById(claimFk, {fields: ['ticketFk']}, options); if (sale.ticketFk != claim.ticketFk) throw new UserError(`Cannot create a new claimBeginning from a different ticket`); } @@ -65,7 +83,7 @@ module.exports = Self => { if (ctx.options && ctx.options.transaction) myOptions.transaction = ctx.options.transaction; - const claimBeginning = ctx.instance ?? await Self.findById(ctx.where.id); + const claimBeginning = ctx.instance ?? await Self.findById(ctx?.where?.id); const filter = { where: {id: claimBeginning.claimFk},