diff --git a/services/client/common/models/client.js b/services/client/common/models/client.js index e457b1fef7..106ccd2ef8 100644 --- a/services/client/common/models/client.js +++ b/services/client/common/models/client.js @@ -2,7 +2,7 @@ var app = require('../../server/server'); module.exports = function(Client) { var models = app.models; - + var loopBackContext = require('loopback-context'); // Methods require('../methods/client/activate.js')(Client); @@ -69,20 +69,22 @@ module.exports = function(Client) { done(); }); } -/* + Client.validateAsync('credit', validateCredit, { message: 'No tienes privilegios para modificar el crédito' }); function validateCredit(err, done) { - // FIXME: Id del usuario actual - let userId = 1; - + let ctx = loopBackContext.getCurrentContext(); + let accessToken = ctx && ctx.get('accessToken'); + let userId = accessToken.userId; + let self = this; + // Comprueba si el rol del usuario puede asignar esa cantidad - + // para ello mira que roles pueden asignar la cantidad que el usuario ha indicado let filter = { fields: ['roleFk'], where: { - maxAmount: {gt: this.credit} + maxAmount: {gt: self.credit} } }; models.ClientCreditLimit.find(filter, @@ -102,47 +104,47 @@ module.exports = function(Client) { (_, res) => roleCb(_, res)); } function roleCb(_, count) { + //si el usuario no tiene alguno de los roles no continua if (!(count > 0)) { err(); done(); } else - validate(); + validate(); //si tiene el rol hay que validar que el último movimiento no fuese crédito 0 insertado por gerencia } // Si se puso a 0 por gerencia, solo gerencia puede aumentarlo - function validate() { - let query = 'SELECT MAX(created) created FROM ClientCredit WHERE clientFk = ?'; - Client.dataSource.connector.execute (query, [this.id], + let query = 'SELECT * FROM ClientCredit WHERE clientFk = ? ORDER BY created DESC LIMIT 1'; + Client.dataSource.connector.execute (query, [self.id], (_, res) => maxCb(_, res)); } + function maxCb(_, instances) { - if (instances.length !== 1) { + //console.log('maxCb', instances); + if (instances && (instances.length !== 1 || instances[0].employeeFk == userId || instances[0].amount > 0)) { done(); return; } + + //el ultimo registro tiene valor 0, hay que comprobar que no fue editado por un gerente + let sql = `SELECT count(distinct r.id) as hasManagerRole + FROM ClientCredit cc + JOIN Employee em ON (em.id = cc.employeeFk) + JOIN Account ac ON (ac.id = em.userFk) + JOIN RoleMapping rm ON (rm.principalId = ac.id) + JOIN Role r on (r.id = rm.roleId) + WHERE rm.principalType = 'USER' + AND cc.employeeFk = ${instances[0].employeeFk} + AND r.\`name\` = 'manager'`; - let filter = { - fields: ['amount', 'employeeFk', 'employee'], - where: { - clientFk: this.id, - created: instances[0].created - }, - include: { - relation: 'employee', - scope: { - fields: ['userFk'] - } - } - }; - models.ClientCredit.findOne(filter, - (_, res) => clientCreditCb(_, res)); + Client.dataSource.connector.execute(sql, [], (_, res) => clientCreditCb(_, res)); } - function clientCreditCb(_, instance) { - if (instance.amount == 0 && instance.employee.userFk != userId) + + function clientCreditCb(_, instance) { + if (instance.length && instance[0].hasManagerRole > 0 ) err(); done(); } } -*/ + }; \ No newline at end of file