diff --git a/back/methods/vn-user/addAlias.js b/back/methods/vn-user/addAlias.js deleted file mode 100644 index 9fe43e713..000000000 --- a/back/methods/vn-user/addAlias.js +++ /dev/null @@ -1,68 +0,0 @@ -const UserError = require('vn-loopback/util/user-error'); - -module.exports = Self => { - Self.remoteMethod('addAlias', { - description: 'Add an alias if the user has the grant', - accessType: 'WRITE', - accepts: [ - { - arg: 'ctx', - type: 'Object', - http: {source: 'context'} - }, - { - arg: 'id', - type: 'number', - required: true, - description: 'The user id', - http: {source: 'path'} - }, - { - arg: 'mailAlias', - type: 'number', - description: 'The new alias for user', - required: true - } - ], - http: { - path: `/:id/addAlias`, - verb: 'POST' - } - }); - - Self.addAlias = async function(ctx, id, mailAlias, options) { - const models = Self.app.models; - const userId = ctx.req.accessToken.userId; - - const myOptions = {}; - - if (typeof options == 'object') - Object.assign(myOptions, options); - - const user = await Self.findById(userId, {fields: ['hasGrant']}, myOptions); - - if (!user.hasGrant) - throw new UserError(`You don't have grant privilege`); - - const account = await models.Account.findById(userId, { - fields: ['id'], - include: { - relation: 'aliases', - scope: { - fields: ['mailAlias'] - } - } - }, myOptions); - - const aliases = account.aliases().map(alias => alias.mailAlias); - - const hasAlias = aliases.includes(mailAlias); - if (!hasAlias) - throw new UserError(`You cannot assign an alias that you are not assigned to`); - - return models.MailAliasAccount.create({ - mailAlias: mailAlias, - account: id - }, myOptions); - }; -}; diff --git a/back/methods/vn-user/removeAlias.js b/back/methods/vn-user/removeAlias.js deleted file mode 100644 index 0424c3e96..000000000 --- a/back/methods/vn-user/removeAlias.js +++ /dev/null @@ -1,55 +0,0 @@ -const UserError = require('vn-loopback/util/user-error'); - -module.exports = Self => { - Self.remoteMethod('removeAlias', { - description: 'Remove alias if the user has the grant', - accessType: 'WRITE', - accepts: [ - { - arg: 'ctx', - type: 'Object', - http: {source: 'context'} - }, - { - arg: 'id', - type: 'number', - required: true, - description: 'The user id', - http: {source: 'path'} - }, - { - arg: 'mailAlias', - type: 'number', - description: 'The alias to delete', - required: true - } - ], - http: { - path: `/:id/removeAlias`, - verb: 'POST' - } - }); - - Self.removeAlias = async function(ctx, id, mailAlias, options) { - const models = Self.app.models; - const userId = ctx.req.accessToken.userId; - - const myOptions = {}; - - if (typeof options == 'object') - Object.assign(myOptions, options); - - const canRemoveAlias = await models.ACL.checkAccessAcl(ctx, 'VnUser', 'canRemoveAlias', 'WRITE'); - - if (userId != id && !canRemoveAlias) throw new UserError(`You don't have grant privilege`); - - const mailAliasAccount = await models.MailAliasAccount.findOne({ - where: { - mailAlias: mailAlias, - account: id - } - }, myOptions); - - await mailAliasAccount.destroy(myOptions); - }; -}; diff --git a/back/models/vn-user.js b/back/models/vn-user.js index 11d4bf250..a7ce12073 100644 --- a/back/models/vn-user.js +++ b/back/models/vn-user.js @@ -12,8 +12,6 @@ module.exports = function(Self) { require('../methods/vn-user/privileges')(Self); require('../methods/vn-user/validate-auth')(Self); require('../methods/vn-user/renew-token')(Self); - require('../methods/vn-user/addAlias')(Self); - require('../methods/vn-user/removeAlias')(Self); Self.definition.settings.acls = Self.definition.settings.acls.filter(acl => acl.property !== 'create'); diff --git a/db/changes/232401/00-ACLgetVehiclesSorted.sql b/db/changes/232401/00-ACLgetVehiclesSorted.sql new file mode 100644 index 000000000..6625f0d5c --- /dev/null +++ b/db/changes/232401/00-ACLgetVehiclesSorted.sql @@ -0,0 +1,3 @@ +INSERT INTO `salix`.`ACL` (`model`,`property`,`accessType`,`permission`,`principalId`) + VALUES + ('Vehicle','sorted','WRITE','ALLOW','employee'); \ No newline at end of file diff --git a/db/changes/232601/00-aclAddAlias.sql b/db/changes/232601/00-aclAddAlias.sql deleted file mode 100644 index cc96f5ad8..000000000 --- a/db/changes/232601/00-aclAddAlias.sql +++ /dev/null @@ -1,11 +0,0 @@ -INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) - VALUES - ('VnUser', 'addAlias', 'WRITE', 'ALLOW', 'ROLE', 'employee'); - -INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) - VALUES - ('VnUser', 'removeAlias', 'WRITE', 'ALLOW', 'ROLE', 'employee'); - -INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) - VALUES - ('VnUser', 'canRemoveAlias', 'WRITE', 'ALLOW', 'ROLE', 'itManagement'); diff --git a/db/changes/232602/01-aclAddAlias.sql b/db/changes/232602/01-aclAddAlias.sql new file mode 100644 index 000000000..d4df3cd44 --- /dev/null +++ b/db/changes/232602/01-aclAddAlias.sql @@ -0,0 +1,8 @@ +DELETE FROM `salix`.`ACL` WHERE model = 'MailAliasAccount'; + +INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) + VALUES + ('MailAliasAccount', '*', 'READ', 'ALLOW', 'ROLE', 'employee'), + ('MailAliasAccount', 'create', 'WRITE', 'ALLOW', 'ROLE', 'employee'), + ('MailAliasAccount', 'deleteById', 'WRITE', 'ALLOW', 'ROLE', 'employee'), + ('MailAliasAccount', 'canEditAlias', 'WRITE', 'ALLOW', 'ROLE', 'itManagement'); diff --git a/db/changes/232802/01-aclWorkerDisable.sql b/db/changes/232802/01-aclWorkerDisable.sql new file mode 100644 index 000000000..149dd6f15 --- /dev/null +++ b/db/changes/232802/01-aclWorkerDisable.sql @@ -0,0 +1,4 @@ +INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId) + VALUES + ('WorkerDisableExcluded', '*', 'READ', 'ALLOW', 'ROLE', 'itManagement'), + ('WorkerDisableExcluded', '*', 'WRITE', 'ALLOW', 'ROLE', 'itManagement'); diff --git a/db/changes/233001/00-fixACLVehicle.sql b/db/changes/233001/00-fixACLVehicle.sql new file mode 100644 index 000000000..6625f0d5c --- /dev/null +++ b/db/changes/233001/00-fixACLVehicle.sql @@ -0,0 +1,3 @@ +INSERT INTO `salix`.`ACL` (`model`,`property`,`accessType`,`permission`,`principalId`) + VALUES + ('Vehicle','sorted','WRITE','ALLOW','employee'); \ No newline at end of file diff --git a/db/changes/233001/00-itemShelving_inventory.sql b/db/changes/233001/00-itemShelving_inventory.sql new file mode 100644 index 000000000..b0b080ef3 --- /dev/null +++ b/db/changes/233001/00-itemShelving_inventory.sql @@ -0,0 +1,64 @@ + +DELIMITER $$ +CREATE OR REPLACE DEFINER=`root`@`localhost` PROCEDURE `vn`.`itemShelving_inventory`(vParkingFromFk VARCHAR(8), vParkingToFk VARCHAR(8)) +BEGIN +/** + * Devuelve un listado de ubicaciones a revisar + * + * @param vParkingFromFk Parking de partida, identificador de parking + * @param vParkingToFk Parking de llegada, identificador de parking +*/ + + DECLARE vSectorFk INT; + DECLARE vPickingOrderFrom INT; + DECLARE vPickingOrderTo INT; + + SELECT p.sectorFk, p.pickingOrder INTO vSectorFk, vPickingOrderFrom + FROM parking p + WHERE p.code = vParkingFromFk COLLATE 'utf8mb3_general_ci'; + + SELECT p.pickingOrder INTO vPickingOrderTo + FROM parking p + WHERE p.code = vParkingToFk COLLATE 'utf8mb3_general_ci'; + + CALL visible_getMisfit(vSectorFk); + + SELECT ish.id, + p.pickingOrder, + p.code parking, + ish.shelvingFk, + ish.itemFk, + i.longName, + ish.visible, + p.sectorFk, + it.workerFk buyer, + CONCAT('http:',ic.url, '/catalog/1600x900/',i.image) urlImage, + ish.isChecked, + CASE + WHEN s.notPrepared > sm.parked THEN 0 + WHEN sm.visible > sm.parked THEN 1 + ELSE 2 + END priority + FROM itemShelving ish + JOIN item i ON i.id = ish.itemFk + JOIN itemType it ON it.id = i.typeFk + JOIN tmp.stockMisfit sm ON sm.itemFk = ish.itemFk + JOIN shelving sh ON sh.code = ish.shelvingFk + JOIN parking p ON p.id = sh.parkingFk + JOIN (SELECT s.itemFk, sum(s.quantity) notPrepared + FROM sale s + JOIN ticket t ON t.id = s.ticketFk + JOIN warehouse w ON w.id = t.warehouseFk + JOIN config c ON c.mainWarehouseFk = w.id + WHERE t.shipped BETWEEN util.VN_CURDATE() + AND util.dayEnd(util.VN_CURDATE()) + AND s.isPicked = FALSE + GROUP BY s.itemFk) s ON s.itemFk = i.id + JOIN hedera.imageConfig ic + WHERE p.pickingOrder BETWEEN vPickingOrderFrom AND vPickingOrderTo + AND p.sectorFk = vSectorFk + ORDER BY p.pickingOrder; + +END$$ +DELIMITER ; + diff --git a/db/dump/fixtures.sql b/db/dump/fixtures.sql index fe11d5b64..eaa00a3de 100644 --- a/db/dump/fixtures.sql +++ b/db/dump/fixtures.sql @@ -37,7 +37,7 @@ ALTER TABLE `vn`.`ticket` AUTO_INCREMENT = 1; INSERT INTO `salix`.`AccessToken` (`id`, `ttl`, `created`, `userId`) VALUES - ('DEFAULT_TOKEN', '1209600', util.VN_CURDATE(), 66); + ('DEFAULT_TOKEN', '1209600', CURDATE(), 66); INSERT INTO `salix`.`printConfig` (`id`, `itRecipient`, `incidencesEmail`) VALUES @@ -2953,3 +2953,8 @@ INSERT INTO `vn`.`invoiceInSerial` (`code`, `description`, `cplusTerIdNifFk`, `t ('E', 'Midgard', 1, 'CEE'), ('R', 'Jotunheim', 1, 'NATIONAL'), ('W', 'Vanaheim', 1, 'WORLD'); + + +INSERT INTO `hedera`.`imageConfig` (`id`, `maxSize`, `useXsendfile`, `url`) + VALUES + (1, 0, 0, 'marvel.com'); diff --git a/loopback/locale/es.json b/loopback/locale/es.json index 784ff5e6e..08f5bf765 100644 --- a/loopback/locale/es.json +++ b/loopback/locale/es.json @@ -305,5 +305,6 @@ "The renew period has not been exceeded": "El periodo de renovación no ha sido superado", "Valid priorities": "Prioridades válidas: %d", "Negative basis of tickets": "Base negativa para los tickets: {{ticketsIds}}", - "You cannot assign an alias that you are not assigned to": "No puede asignar un alias que no tenga asignado" + "You cannot assign/remove an alias that you are not assigned to": "No puede asignar/eliminar un alias que no tenga asignado", + "This invoice has a linked vehicle.": "Esta factura tiene un vehiculo vinculado" } diff --git a/modules/account/back/models/mail-alias-account.js b/modules/account/back/models/mail-alias-account.js new file mode 100644 index 000000000..6f5213f24 --- /dev/null +++ b/modules/account/back/models/mail-alias-account.js @@ -0,0 +1,55 @@ + +const UserError = require('vn-loopback/util/user-error'); + +module.exports = Self => { + Self.observe('before save', async ctx => { + const changes = ctx.currentInstance || ctx.instance; + + await Self.hasGrant(ctx, changes.mailAlias); + }); + + Self.observe('before delete', async ctx => { + const mailAliasAccount = await Self.findById(ctx.where.id); + + await Self.hasGrant(ctx, mailAliasAccount.mailAlias); + }); + + /** + * Checks if current user has + * grant to add/remove alias + * + * @param {Object} ctx - Request context + * @param {Interger} mailAlias - mailAlias id + * @return {Boolean} True for user with grant + */ + Self.hasGrant = async function(ctx, mailAlias) { + const models = Self.app.models; + const accessToken = {req: {accessToken: ctx.options.accessToken}}; + const userId = accessToken.req.accessToken.userId; + + const canEditAlias = await models.ACL.checkAccessAcl(accessToken, 'MailAliasAccount', 'canEditAlias', 'WRITE'); + if (canEditAlias) return true; + + const user = await models.VnUser.findById(userId, {fields: ['hasGrant']}); + if (!user.hasGrant) + throw new UserError(`You don't have grant privilege`); + + const account = await models.Account.findById(userId, { + fields: ['id'], + include: { + relation: 'aliases', + scope: { + fields: ['mailAlias'] + } + } + }); + + const aliases = account.aliases().map(alias => alias.mailAlias); + + const hasAlias = aliases.includes(mailAlias); + if (!hasAlias) + throw new UserError(`You cannot assign/remove an alias that you are not assigned to`); + + return true; + }; +}; diff --git a/modules/account/front/aliases/index.js b/modules/account/front/aliases/index.js index e0c738ee4..0fc806a71 100644 --- a/modules/account/front/aliases/index.js +++ b/modules/account/front/aliases/index.js @@ -21,11 +21,12 @@ export default class Controller extends Section { } onAddClick() { + this.addData = {account: this.$params.id}; this.$.dialog.show(); } onAddSave() { - return this.$http.post(`VnUsers/${this.$params.id}/addAlias`, this.addData) + return this.$http.post(`MailAliasAccounts`, this.addData) .then(() => this.refresh()) .then(() => this.vnApp.showSuccess( this.$t('Subscribed to alias!')) @@ -33,12 +34,11 @@ export default class Controller extends Section { } onRemove(row) { - const params = { - mailAlias: row.mailAlias - }; - return this.$http.post(`VnUsers/${this.$params.id}/removeAlias`, params) - .then(() => this.refresh()) - .then(() => this.vnApp.showSuccess(this.$t('Data saved!'))); + return this.$http.delete(`MailAliasAccounts/${row.id}`) + .then(() => { + this.$.data.splice(this.$.data.indexOf(row), 1); + this.vnApp.showSuccess(this.$t('Unsubscribed from alias!')); + }); } } diff --git a/modules/account/front/aliases/index.spec.js b/modules/account/front/aliases/index.spec.js index 61f71949c..466f1e1e9 100644 --- a/modules/account/front/aliases/index.spec.js +++ b/modules/account/front/aliases/index.spec.js @@ -25,9 +25,8 @@ describe('component vnUserAliases', () => { describe('onAddSave()', () => { it('should add the new row', () => { controller.addData = {account: 1}; - controller.$params = {id: 1}; - $httpBackend.expectPOST('VnUsers/1/addAlias').respond(); + $httpBackend.expectPOST('MailAliasAccounts').respond(); $httpBackend.expectGET('MailAliasAccounts').respond('foo'); controller.onAddSave(); $httpBackend.flush(); @@ -42,14 +41,12 @@ describe('component vnUserAliases', () => { {id: 1, alias: 'foo'}, {id: 2, alias: 'bar'} ]; - controller.$params = {id: 1}; - $httpBackend.expectPOST('VnUsers/1/removeAlias').respond(); - $httpBackend.expectGET('MailAliasAccounts').respond(controller.$.data[1]); + $httpBackend.expectDELETE('MailAliasAccounts/1').respond(); controller.onRemove(controller.$.data[0]); $httpBackend.flush(); - expect(controller.$.data).toEqual({id: 2, alias: 'bar'}); + expect(controller.$.data).toEqual([{id: 2, alias: 'bar'}]); expect(controller.vnApp.showSuccess).toHaveBeenCalled(); }); }); diff --git a/modules/client/back/methods/defaulter/filter.js b/modules/client/back/methods/defaulter/filter.js index 56afb64db..220cb957b 100644 --- a/modules/client/back/methods/defaulter/filter.js +++ b/modules/client/back/methods/defaulter/filter.js @@ -70,11 +70,12 @@ module.exports = Self => { c.creditInsurance, d.defaulterSinced, cn.country, + c.countryFk, pm.name payMethod FROM vn.defaulter d JOIN vn.client c ON c.id = d.clientFk JOIN vn.country cn ON cn.id = c.countryFk - JOIN vn.payMethod pm ON pm.id = c.payMethodFk + JOIN vn.payMethod pm ON pm.id = c.payMethodFk LEFT JOIN vn.clientObservation co ON co.clientFk = c.id LEFT JOIN account.user u ON u.id = c.salesPersonFk LEFT JOIN account.user uw ON uw.id = co.workerFk diff --git a/modules/client/back/models/defaulter.json b/modules/client/back/models/defaulter.json index 03d68ea71..ef22c2429 100644 --- a/modules/client/back/models/defaulter.json +++ b/modules/client/back/models/defaulter.json @@ -33,7 +33,7 @@ "country": { "type": "belongsTo", "model": "Country", - "foreignKey": "country" + "foreignKey": "countryFk" }, "payMethod": { "type": "belongsTo", @@ -41,4 +41,4 @@ "foreignKey": "payMethod" } } -} \ No newline at end of file +} diff --git a/modules/client/front/defaulter/index.html b/modules/client/front/defaulter/index.html index 3ea88088b..33bb751f1 100644 --- a/modules/client/front/defaulter/index.html +++ b/modules/client/front/defaulter/index.html @@ -60,7 +60,7 @@