Merge branch 'dev' of https://gitea.verdnatura.es/verdnatura/salix into 5739-dockerRefactor

This commit is contained in:
Alex Moreno 2023-11-14 09:52:45 +01:00
commit 719a8f5526
38 changed files with 964 additions and 150 deletions

View File

@ -10,5 +10,9 @@
"eslint.format.enable": true,
"[javascript]": {
"editor.defaultFormatter": "dbaeumer.vscode-eslint"
}
},
"cSpell.words": [
"salix",
"fdescribe"
]
}

View File

@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [2348.01] - 2023-11-30
### Added
### Changed
### Fixed
## [2346.01] - 2023-11-16
### Added

View File

@ -0,0 +1,54 @@
module.exports = Self => {
Self.remoteMethod('getList', {
description: 'Get list of the available and active notification subscriptions',
accessType: 'READ',
accepts: [
{
arg: 'id',
type: 'number',
description: 'User to modify',
http: {source: 'path'}
}
],
returns: {
type: 'object',
root: true
},
http: {
path: `/:id/getList`,
verb: 'GET'
}
});
Self.getList = async(id, options) => {
const activeNotificationsMap = new Map();
const myOptions = {};
if (typeof options == 'object')
Object.assign(myOptions, options);
const availableNotificationsMap = await Self.getAvailable(id, myOptions);
const activeNotifications = await Self.app.models.NotificationSubscription.find({
fields: ['id', 'notificationFk'],
include: {relation: 'notification'},
where: {userFk: id}
}, myOptions);
for (active of activeNotifications) {
activeNotificationsMap.set(active.notificationFk, {
id: active.id,
notificationFk: active.notificationFk,
name: active.notification().name,
description: active.notification().description,
active: true
});
availableNotificationsMap.delete(active.notificationFk);
}
return {
active: [...activeNotificationsMap.entries()],
available: [...availableNotificationsMap.entries()]
};
};
};

View File

@ -0,0 +1,13 @@
const models = require('vn-loopback/server/server').models;
describe('NotificationSubscription getList()', () => {
it('should return a list of available and active notifications of a user', async() => {
const userId = 9;
const {active, available} = await models.NotificationSubscription.getList(userId);
const notifications = await models.Notification.find({});
const totalAvailable = notifications.length - active.length;
expect(active.length).toEqual(2);
expect(available.length).toEqual(totalAvailable);
});
});

View File

@ -1,62 +1,74 @@
const UserError = require('vn-loopback/util/user-error');
module.exports = Self => {
require('../methods/notification/getList')(Self);
Self.observe('before save', async function(ctx) {
await checkModifyPermission(ctx);
});
Self.observe('before delete', async function(ctx) {
await checkModifyPermission(ctx);
});
async function checkModifyPermission(ctx) {
const models = Self.app.models;
const instance = ctx.instance;
const userId = ctx.options.accessToken.userId;
const user = await ctx.instance.userFk;
const modifiedUser = await getUserToModify(null, user, models);
if (userId != modifiedUser.id && userId != modifiedUser.bossFk)
throw new UserError('You dont have permission to modify this user');
});
let notificationFk;
let workerId;
Self.remoteMethod('deleteNotification', {
description: 'Deletes a notification subscription',
accepts: [
{
arg: 'ctx',
type: 'object',
http: {source: 'context'}
},
{
arg: 'notificationId',
type: 'number',
required: true
},
],
returns: {
type: 'object',
root: true
},
http: {
verb: 'POST',
path: '/deleteNotification'
if (instance) {
notificationFk = instance.notificationFk;
workerId = instance.userFk;
} else {
const notificationSubscription = await models.NotificationSubscription.findById(ctx.where.id);
notificationFk = notificationSubscription.notificationFk;
workerId = notificationSubscription.userFk;
}
});
Self.deleteNotification = async function(ctx, notificationId) {
const worker = await models.Worker.findById(workerId, {fields: ['id', 'bossFk']});
const available = await Self.getAvailable(workerId);
const hasAcl = available.has(notificationFk);
if (!hasAcl || (userId != worker.id && userId != worker.bossFk))
throw new UserError('The notification subscription of this worker cant be modified');
}
Self.getAvailable = async function(userId, options) {
const availableNotificationsMap = new Map();
const models = Self.app.models;
const user = ctx.req.accessToken.userId;
const modifiedUser = await getUserToModify(notificationId, null, models);
if (user != modifiedUser.id && user != modifiedUser.bossFk)
throw new UserError('You dont have permission to modify this user');
const myOptions = {};
await models.NotificationSubscription.destroyById(notificationId);
};
if (typeof options == 'object')
Object.assign(myOptions, options);
async function getUserToModify(notificationId, userFk, models) {
let userToModify = userFk;
if (notificationId) {
const subscription = await models.NotificationSubscription.findById(notificationId);
userToModify = subscription.userFk;
}
return await models.Worker.findOne({
fields: ['id', 'bossFk'],
const roles = await models.RoleMapping.find({
fields: ['roleId'],
where: {principalId: userId}
}, myOptions);
const availableNotifications = await models.NotificationAcl.find({
fields: ['notificationFk', 'roleFk'],
include: {relation: 'notification'},
where: {
id: userToModify
roleFk: {
inq: roles.map(role => role.roleId),
},
}
}, myOptions);
for (available of availableNotifications) {
availableNotificationsMap.set(available.notificationFk, {
id: null,
notificationFk: available.notificationFk,
name: available.notification().name,
description: available.notification().description,
active: false
});
}
return availableNotificationsMap;
};
};

View File

@ -1,74 +1,126 @@
const models = require('vn-loopback/server/server').models;
describe('loopback model NotificationSubscription', () => {
it('Should fail to delete a notification if the user is not editing itself or a subordinate', async() => {
it('should fail to add a notification subscription if the worker doesnt have ACLs', async() => {
const tx = await models.NotificationSubscription.beginTransaction({});
try {
const options = {transaction: tx};
const user = 9;
const notificationSubscriptionId = 2;
const ctx = {req: {accessToken: {userId: user}}};
const notification = await models.NotificationSubscription.findById(notificationSubscriptionId);
let error;
try {
await models.NotificationSubscription.deleteNotification(ctx, notification.id, options);
const options = {transaction: tx, accessToken: {userId: 9}};
await models.NotificationSubscription.create({notificationFk: 1, userFk: 62}, options);
await tx.rollback();
} catch (e) {
await tx.rollback();
error = e;
}
expect(error.message).toContain('You dont have permission to modify this user');
expect(error.message).toEqual('The notification subscription of this worker cant be modified');
});
it('should fail to add a notification subscription if the user isnt editing itself or subordinate', async() => {
const tx = await models.NotificationSubscription.beginTransaction({});
let error;
try {
const options = {transaction: tx, accessToken: {userId: 1}};
await models.NotificationSubscription.create({notificationFk: 1, userFk: 9}, options);
await tx.rollback();
} catch (e) {
await tx.rollback();
throw e;
error = e;
}
expect(error.message).toEqual('The notification subscription of this worker cant be modified');
});
it('Should delete a notification if the user is editing itself', async() => {
it('should fail to delete a notification subscription if the user isnt editing itself or subordinate', async() => {
const tx = await models.NotificationSubscription.beginTransaction({});
let error;
try {
const options = {transaction: tx};
const user = 9;
const options = {transaction: tx, accessToken: {userId: 9}};
const notificationSubscriptionId = 2;
await models.NotificationSubscription.destroyAll({id: notificationSubscriptionId}, options);
await tx.rollback();
} catch (e) {
await tx.rollback();
error = e;
}
expect(error.message).toEqual('The notification subscription of this worker cant be modified');
});
it('should add a notification subscription if the user is editing itself', async() => {
const tx = await models.NotificationSubscription.beginTransaction({});
let error;
try {
const options = {transaction: tx, accessToken: {userId: 9}};
await models.NotificationSubscription.create({notificationFk: 2, userFk: 9}, options);
await tx.rollback();
} catch (e) {
await tx.rollback();
error = e;
}
expect(error).toBeUndefined();
});
it('should delete a notification subscription if the user is editing itself', async() => {
const tx = await models.NotificationSubscription.beginTransaction({});
let error;
try {
const options = {transaction: tx, accessToken: {userId: 9}};
const notificationSubscriptionId = 6;
await models.NotificationSubscription.destroyAll({id: notificationSubscriptionId}, options);
await tx.rollback();
} catch (e) {
await tx.rollback();
error = e;
}
expect(error).toBeUndefined();
});
it('should add a notification subscription if the user is editing a subordinate', async() => {
const tx = await models.NotificationSubscription.beginTransaction({});
let error;
try {
const options = {transaction: tx, accessToken: {userId: 9}};
await models.NotificationSubscription.create({notificationFk: 1, userFk: 5}, options);
await tx.rollback();
} catch (e) {
await tx.rollback();
error = e;
}
expect(error).toBeUndefined();
});
it('should delete a notification subscription if the user is editing a subordinate', async() => {
const tx = await models.NotificationSubscription.beginTransaction({});
let error;
try {
const options = {transaction: tx, accessToken: {userId: 19}};
const notificationSubscriptionId = 4;
const ctx = {req: {accessToken: {userId: user}}};
const notification = await models.NotificationSubscription.findById(notificationSubscriptionId);
await models.NotificationSubscription.destroyAll({id: notificationSubscriptionId}, options);
await models.NotificationSubscription.deleteNotification(ctx, notification.id, options);
const deletedNotification = await models.NotificationSubscription.findById(notificationSubscriptionId);
expect(deletedNotification).toBeNull();
await tx.rollback();
} catch (e) {
await tx.rollback();
throw e;
error = e;
}
});
it('Should delete a notification if the user is editing a subordinate', async() => {
const tx = await models.NotificationSubscription.beginTransaction({});
try {
const options = {transaction: tx};
const user = 9;
const notificationSubscriptionId = 5;
const ctx = {req: {accessToken: {userId: user}}};
const notification = await models.NotificationSubscription.findById(notificationSubscriptionId);
await models.NotificationSubscription.deleteNotification(ctx, notification.id, options);
const deletedNotification = await models.NotificationSubscription.findById(notificationSubscriptionId);
expect(deletedNotification).toBeNull();
await tx.rollback();
} catch (e) {
await tx.rollback();
throw e;
}
expect(error).toBeUndefined();
});
});

View File

@ -1,3 +1,5 @@
CREATE SCHEMA IF NOT EXISTS `vn2008`;
CREATE OR REPLACE DEFINER=`root`@`localhost`
SQL SECURITY DEFINER
VIEW `vn`.`awbVolume`

View File

@ -2,11 +2,3 @@ UPDATE `salix`.`ACL`
SET `property` = 'state',
`model` = 'Ticket'
WHERE `property` = 'changeState';
REVOKE INSERT, UPDATE, DELETE ON `vn`.`ticketTracking` FROM 'productionboss'@;
REVOKE INSERT, UPDATE, DELETE ON `vn`.`ticketTracking` FROM 'productionAssi'@;
REVOKE INSERT, UPDATE, DELETE ON `vn`.`ticketTracking` FROM 'hr'@;
REVOKE INSERT, UPDATE, DELETE ON `vn`.`ticketTracking` FROM 'salesPerson'@;
REVOKE INSERT, UPDATE, DELETE ON `vn`.`ticketTracking` FROM 'deliveryPerson'@;
REVOKE INSERT, UPDATE, DELETE ON `vn`.`ticketTracking` FROM 'employee'@;
REVOKE EXECUTE ON `vn`.`ticket_setState` FROM 'employee'@;

View File

@ -0,0 +1,98 @@
-- Place your SQL code here
ALTER TABLE `vn`.`productionConfig` ADD shortageAddressFk int(11) COMMENT 'Consignatario por defecto para añadir un item de alta';
ALTER TABLE `vn`.`productionConfig` ADD CONSTRAINT productionConfig_FK FOREIGN KEY (shortageAddressFk) REFERENCES vn.address(id) ON DELETE RESTRICT ON UPDATE CASCADE;
ALTER TABLE `vn`.`sale` MODIFY COLUMN originalQuantity double(9,1) DEFAULT NULL NULL COMMENT 'Se utiliza para notificar a través de rocket los cambios de quantity';
INSERT INTO `salix`.`ACL` ( model, property, accessType, permission, principalType, principalId) VALUES( 'AddressShortage', '*', 'READ', 'ALLOW', 'ROLE', 'production');
-- vn.addressShortage definition
CREATE TABLE `vn`.`addressShortage` (
`addressFk` int(11) NOT NULL,
PRIMARY KEY (`addressFk`),
CONSTRAINT `addressShortage_FK` FOREIGN KEY (`addressFk`) REFERENCES `address` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_unicode_ci;
DELIMITER $$
CREATE OR REPLACE DEFINER=`root`@`localhost` PROCEDURE `vn`.`item_setVisibleDiscard`(
vItemFk INT,
vWarehouseFk INT,
vQuantity INT,
vAddressFk INT)
BEGIN
/**
* Procedimiento para dar dar de baja/alta un item, si vAddressFk es NULL se entiende que se da de alta y se toma el addressFk de la configuración
*
* @param vItemFk Identificador del ítem
* @param vWarehouseFk id del warehouse
* @param vQuantity a dar de alta/baja
* @param vAddressFk id address
*/
DECLARE vTicketFk INT;
DECLARE vClientFk INT;
DECLARE vDefaultCompanyFk INT;
DECLARE vCalc INT;
DECLARE vAddressShortage INT;
SELECT barcodeToItem(vItemFk) INTO vItemFk;
SELECT DEFAULT(companyFk) INTO vDefaultCompanyFk
FROM vn.ticket LIMIT 1;
IF vAddressFk IS NULL THEN
SELECT pc.shortageAddressFk INTO vAddressShortage
FROM productionConfig pc ;
ELSE
SET vAddressShortage = vAddressFk;
END IF;
SELECT a.clientFk INTO vClientFk
FROM address a
WHERE a.id = vAddressFk;
SELECT t.id INTO vTicketFk
FROM ticket t
JOIN address a ON a.id = t.addressFk
JOIN ticketState ts ON ts.ticketFk = t.id
WHERE t.warehouseFk = vWarehouseFk
AND a.id = vAddressShortage
AND DATE(t.shipped) = util.VN_CURDATE()
AND ts.code = 'DELIVERED'
LIMIT 1;
CALL cache.visible_refresh(vCalc, TRUE, vWarehouseFk);
IF vTicketFk IS NULL THEN
CALL ticket_add(
vClientFk,
util.VN_CURDATE(),
vWarehouseFk,
vDefaultCompanyFk,
vAddressFk,
NULL,
NULL,
util.VN_CURDATE(),
account.myUser_getId(),
FALSE,
vTicketFk);
END IF;
INSERT INTO sale(ticketFk, itemFk, concept, quantity)
SELECT vTicketFk,
vItemFk,
CONCAT(longName,' ', worker_getCode(), ' ', LEFT(CAST(util.VN_NOW() AS TIME),5)),
vQuantity
FROM item
WHERE id = vItemFk;
UPDATE cache.visible
SET visible = visible - vQuantity
WHERE calc_id = vCalc
AND item_id = vItemFk;
END$$
DELIMITER ;

View File

@ -21,11 +21,11 @@ DELETE FROM `salix`.`ACL`
'getSummary'
);
INSERT INTO `salix`.`ACL` (`model`,`property`,`accessType`,`permission`,`principalType`,`principalid`)
INSERT INTO `salix`.`ACL` (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`)
VALUES ('Claim','filter','READ','ALLOW','ROLE','claimViewer');
INSERT INTO `salix`.`ACL` (`model`,`property`,`accessType`,`permission`,`principalType`,`principalid`)
INSERT INTO `salix`.`ACL` (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`)
VALUES ('Claim','find','READ','ALLOW','ROLE','claimViewer');
INSERT INTO `salix`.`ACL` (`model`,`property`,`accessType`,`permission`,`principalType`,`principalid`)
INSERT INTO `salix`.`ACL` (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`)
VALUES ('Claim','findById','READ','ALLOW','ROLE','claimViewer');
INSERT INTO `salix`.`ACL` (`model`,`property`,`accessType`,`permission`,`principalType`,`principalid`)
INSERT INTO `salix`.`ACL` (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`)
VALUES ('Claim','getSummary','READ','ALLOW','ROLE','claimViewer');

View File

@ -0,0 +1,95 @@
ALTER TABLE `vn`.`client` MODIFY COLUMN `credit` decimal(10,2) unsigned DEFAULT 0.00 NOT NULL;
DELETE FROM `salix`.`ACL` WHERE `model` = 'Client' AND `property` = 'create';
DELIMITER $$
CREATE OR REPLACE DEFINER=`root`@`localhost` TRIGGER `vn`.`client_beforeUpdate`
BEFORE UPDATE ON `client`
FOR EACH ROW
BEGIN
DECLARE vText VARCHAR(255) DEFAULT NULL;
DECLARE vPayMethodFk INT;
SET NEW.editorFk = account.myUser_getId();
IF NOT(NEW.credit <=> OLD.credit) THEN
INSERT INTO clientCredit
SET clientFk = NEW.id,
amount = NEW.credit,
workerFk = NEW.editorFk;
END IF;
-- Comprueba que el formato de los teléfonos es válido
IF !(NEW.phone <=> OLD.phone) AND (NEW.phone <> '') THEN
CALL pbx.phone_isValid(NEW.phone);
END IF;
IF !(NEW.mobile <=> OLD.mobile) AND (NEW.mobile <> '')THEN
CALL pbx.phone_isValid(NEW.mobile);
END IF;
SELECT id INTO vPayMethodFk
FROM vn.payMethod
WHERE code = 'bankDraft';
IF NEW.payMethodFk = vPayMethodFk AND NEW.dueDay = 0 THEN
SET NEW.dueDay = 5;
END IF;
-- Avisar al comercial si ha llegado la documentación sepa/core
IF NEW.hasSepaVnl AND !OLD.hasSepaVnl THEN
SET vText = 'Sepa de VNL';
END IF;
IF NEW.hasCoreVnl AND !OLD.hasCoreVnl THEN
SET vText = 'Core de VNL';
END IF;
IF vText IS NOT NULL
THEN
INSERT INTO mail(receiver, replyTo, `subject`, body)
SELECT
CONCAT(IF(ac.id,u.name, 'jgallego'), '@verdnatura.es'),
'administracion@verdnatura.es',
CONCAT('Cliente ', NEW.id),
CONCAT('Recibida la documentación: ', vText)
FROM worker w
LEFT JOIN account.user u ON w.id = u.id AND u.active
LEFT JOIN account.account ac ON ac.id = u.id
WHERE w.id = NEW.salesPersonFk;
END IF;
IF NEW.salespersonFk IS NULL AND OLD.salespersonFk IS NOT NULL THEN
IF (SELECT COUNT(clientFk)
FROM clientProtected
WHERE clientFk = NEW.id
) > 0 THEN
CALL util.throw("HAS_CLIENT_PROTECTED");
END IF;
END IF;
IF !(NEW.salesPersonFk <=> OLD.salesPersonFk) THEN
SET NEW.lastSalesPersonFk = IFNULL(NEW.salesPersonFk, OLD.salesPersonFk);
END IF;
IF !(NEW.businessTypeFk <=> OLD.businessTypeFk) AND (NEW.businessTypeFk = 'individual' OR OLD.businessTypeFk = 'individual') THEN
SET NEW.isTaxDataChecked = 0;
END IF;
END$$
DELIMITER ;
DELIMITER $$
CREATE OR REPLACE DEFINER=`root`@`localhost` TRIGGER `vn`.`client_AfterInsert`
AFTER INSERT ON `client`
FOR EACH ROW
BEGIN
IF NEW.credit IS NOT NULL AND NEW.credit THEN
INSERT INTO clientCredit
SET clientFk = NEW.id,
workerFk = NEW.editorFk,
amount = NEW.credit;
END IF;
END$$
DELIMITER ;

View File

View File

@ -0,0 +1,4 @@
INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
VALUES
('Application', 'executeProc', '*', 'ALLOW', 'ROLE', 'employee'),
('Application', 'executeFunc', '*', 'ALLOW', 'ROLE', 'employee');

View File

@ -0,0 +1,3 @@
INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`)
VALUES
('NotificationSubscription', 'getList', 'READ', 'ALLOW', 'ROLE', 'employee');

View File

@ -470,22 +470,22 @@ CREATE TEMPORARY TABLE tmp.address
WHERE `defaultAddressFk` IS NULL;
DROP TEMPORARY TABLE tmp.address;
INSERT INTO `vn`.`clientCredit`(`id`, `clientFk`, `workerFk`, `amount`, `created`)
INSERT INTO `vn`.`clientCredit`(`clientFk`, `workerFk`, `amount`, `created`)
VALUES
(1 , 1101, 5, 300, DATE_ADD(util.VN_CURDATE(), INTERVAL -11 MONTH)),
(2 , 1101, 5, 900, DATE_ADD(util.VN_CURDATE(), INTERVAL -10 MONTH)),
(3 , 1101, 5, 800, DATE_ADD(util.VN_CURDATE(), INTERVAL -9 MONTH)),
(4 , 1101, 5, 700, DATE_ADD(util.VN_CURDATE(), INTERVAL -8 MONTH)),
(5 , 1101, 5, 600, DATE_ADD(util.VN_CURDATE(), INTERVAL -7 MONTH)),
(6 , 1101, 5, 500, DATE_ADD(util.VN_CURDATE(), INTERVAL -6 MONTH)),
(7 , 1101, 5, 400, DATE_ADD(util.VN_CURDATE(), INTERVAL -5 MONTH)),
(8 , 1101, 9, 300, DATE_ADD(util.VN_CURDATE(), INTERVAL -4 MONTH)),
(9 , 1101, 9, 200, DATE_ADD(util.VN_CURDATE(), INTERVAL -3 MONTH)),
(10, 1101, 9, 100, DATE_ADD(util.VN_CURDATE(), INTERVAL -2 MONTH)),
(11, 1101, 9, 50 , DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH)),
(12, 1102, 9, 800, util.VN_CURDATE()),
(14, 1104, 9, 90 , util.VN_CURDATE()),
(15, 1105, 9, 90 , util.VN_CURDATE());
(1101, 5, 300, DATE_ADD(util.VN_CURDATE(), INTERVAL -11 MONTH)),
(1101, 5, 900, DATE_ADD(util.VN_CURDATE(), INTERVAL -10 MONTH)),
(1101, 5, 800, DATE_ADD(util.VN_CURDATE(), INTERVAL -9 MONTH)),
(1101, 5, 700, DATE_ADD(util.VN_CURDATE(), INTERVAL -8 MONTH)),
(1101, 5, 600, DATE_ADD(util.VN_CURDATE(), INTERVAL -7 MONTH)),
(1101, 5, 500, DATE_ADD(util.VN_CURDATE(), INTERVAL -6 MONTH)),
(1101, 5, 400, DATE_ADD(util.VN_CURDATE(), INTERVAL -5 MONTH)),
(1101, 9, 300, DATE_ADD(util.VN_CURDATE(), INTERVAL -4 MONTH)),
(1101, 9, 200, DATE_ADD(util.VN_CURDATE(), INTERVAL -3 MONTH)),
(1101, 9, 100, DATE_ADD(util.VN_CURDATE(), INTERVAL -2 MONTH)),
(1101, 9, 50 , DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH)),
(1102, 9, 800, util.VN_CURDATE()),
(1104, 9, 90 , util.VN_CURDATE()),
(1105, 9, 90 , util.VN_CURDATE());
INSERT INTO `vn`.`clientCreditLimit`(`id`, `maxAmount`, `roleFk`)
VALUES
@ -2788,6 +2788,11 @@ INSERT INTO `util`.`notification` (`id`, `name`, `description`)
INSERT INTO `util`.`notificationAcl` (`notificationFk`, `roleFk`)
VALUES
(1, 9),
(1, 1),
(2, 1),
(3, 9),
(4, 1),
(5, 9),
(6, 9);
INSERT INTO `util`.`notificationQueue` (`id`, `notificationFk`, `params`, `authorFk`, `status`, `created`)
@ -2800,6 +2805,8 @@ INSERT INTO `util`.`notificationSubscription` (`notificationFk`, `userFk`)
VALUES
(1, 1109),
(1, 1110),
(2, 1110),
(4, 1110),
(2, 1109),
(1, 9),
(1, 3),

View File

@ -2352,6 +2352,90 @@ BEGIN
END IF;
END ;;
DELIMITER ;
DELIMITER ;;
CREATE DEFINER=`root`@`localhost` FUNCTION `account`.`user_hasRoutinePriv`(vType ENUM('PROCEDURE', 'FUNCTION'),
vChain VARCHAR(100),
vUserFk INT
) RETURNS tinyint(1)
READS SQL DATA
BEGIN
/**
* Search if the user has privileges on routines.
*
* @param vType procedure or function
* @param vChain string passed with this syntax dbName.tableName
* @param vUserFk user to ckeck
* @return vHasPrivilege
*/
DECLARE vHasPrivilege BOOL DEFAULT FALSE;
DECLARE vDb VARCHAR(50);
DECLARE vObject VARCHAR(50);
DECLARE vChainExists BOOL;
DECLARE vExecutePriv INT DEFAULT 262144;
-- 262144 = CONV(1000000000000000000, 2, 10)
-- 1000000000000000000 execution permission expressed in binary base
SET vDb = SUBSTRING_INDEX(vChain, '.', 1);
SET vChain = SUBSTRING(vChain, LENGTH(vDb) + 2);
SET vObject = SUBSTRING_INDEX(vChain, '.', 1);
SELECT COUNT(*) INTO vChainExists
FROM mysql.proc
WHERE db = vDb
AND `name` = vObject
AND `type` = vType
LIMIT 1;
IF NOT vChainExists THEN
RETURN FALSE;
END IF;
DROP TEMPORARY TABLE IF EXISTS tRole;
CREATE TEMPORARY TABLE tRole
(INDEX (`name`))
ENGINE = MEMORY
SELECT r.`name`
FROM user u
JOIN roleRole rr ON rr.role = u.role
JOIN `role` r ON r.id = rr.inheritsFrom
WHERE u.id = vUserFk;
SELECT TRUE INTO vHasPrivilege
FROM mysql.global_priv gp
JOIN tRole tr ON tr.name = gp.`User`
OR CONCAT('$', tr.name) = gp.`User`
WHERE JSON_VALUE(gp.Priv, '$.access') >= vExecutePriv
AND gp.Host = ''
LIMIT 1;
IF NOT vHasPrivilege THEN
SELECT TRUE INTO vHasPrivilege
FROM mysql.db db
JOIN tRole tr ON tr.name = db.`User`
WHERE db.Db = vDb
AND db.Execute_priv = 'Y';
END IF;
IF NOT vHasPrivilege THEN
SELECT TRUE INTO vHasPrivilege
FROM mysql.procs_priv pp
JOIN tRole tr ON tr.name = pp.`User`
WHERE pp.Db = vDb
AND pp.Routine_name = vObject
AND pp.Routine_type = vType
AND pp.Proc_priv = 'Execute'
LIMIT 1;
END IF;
DROP TEMPORARY TABLE tRole;
RETURN vHasPrivilege;
END ;;
DELIMITER ;
/*!50003 SET sql_mode = @saved_sql_mode */ ;
/*!50003 SET character_set_client = @saved_cs_client */ ;
/*!50003 SET character_set_results = @saved_cs_results */ ;

View File

@ -0,0 +1,27 @@
const UserError = require('vn-loopback/util/user-error');
module.exports = Self => {
Self.execute = async(ctx, type, query, params, options) => {
const userId = ctx.req.accessToken.userId;
const models = Self.app.models;
params = params ?? [];
const myOptions = {userId: ctx.req.accessToken.userId};
if (typeof options == 'object')
Object.assign(myOptions, options);
const chain = query.split(' ')[1];
const [canExecute] = await models.ProcsPriv.rawSql(
'SELECT account.user_hasRoutinePriv(?,?,?)',
[type, chain, userId],
myOptions);
if (!Object.values(canExecute)[0]) throw new UserError(`You don't have enough privileges`, 'ACCESS_DENIED');
const argString = params.map(() => '?').join(',');
const [response] = await models.ProcsPriv.rawSql(query + `(${argString})`, params, myOptions);
return response;
};
};

View File

@ -0,0 +1,41 @@
module.exports = Self => {
Self.remoteMethodCtx('executeFunc', {
description: 'Return result of function',
accessType: '*',
accepts: [
{
arg: 'routine',
type: 'string',
description: 'The routine name',
required: true,
http: {source: 'path'}
},
{
arg: 'schema',
type: 'string',
description: 'The routine schema',
required: true,
},
{
arg: 'params',
type: ['any'],
description: 'The params array',
},
],
returns: {
type: 'any',
root: true
},
http: {
path: `/:routine/execute-func`,
verb: 'POST'
}
});
Self.executeFunc = async(ctx, routine, schema, params, options) => {
const query = `SELECT ${schema}.${routine}`;
const response = await Self.execute(ctx, 'FUNCTION', query, params, options);
return Object.values(response)[0];
};
};

View File

@ -0,0 +1,39 @@
module.exports = Self => {
Self.remoteMethodCtx('executeProc', {
description: 'Return result of procedure',
accessType: '*',
accepts: [
{
arg: 'routine',
type: 'string',
description: 'The routine name',
required: true,
http: {source: 'path'}
},
{
arg: 'schema',
type: 'string',
description: 'The routine schema',
required: true,
},
{
arg: 'params',
type: ['any'],
description: 'The params array',
},
],
returns: {
type: 'any',
root: true
},
http: {
path: `/:routine/execute-proc`,
verb: 'POST'
}
});
Self.executeProc = async(ctx, routine, schema, params, options) => {
const query = `CALL ${schema}.${routine}`;
return Self.execute(ctx, 'PROCEDURE', query, params, options);
};
};

View File

@ -0,0 +1,161 @@
const models = require('vn-loopback/server/server').models;
describe('Application execute()/executeProc()/executeFunc()', () => {
const userWithoutPrivileges = 1;
const userWithPrivileges = 9;
const userWithInheritedPrivileges = 120;
let tx;
function getCtx(userId) {
return {
req: {
accessToken: {userId},
headers: {origin: 'http://localhost'}
}
};
}
beforeEach(async() => {
tx = await models.Application.beginTransaction({});
const options = {transaction: tx};
await models.Application.rawSql(`
CREATE OR REPLACE PROCEDURE vn.myProcedure(vMyParam INT)
BEGIN
SELECT vMyParam myParam, t.*
FROM ticket t
LIMIT 2;
END
`, null, options);
await models.Application.rawSql(`
CREATE OR REPLACE FUNCTION bs.myFunction(vMyParam INT) RETURNS int(11)
BEGIN
RETURN vMyParam;
END
`, null, options);
await models.Application.rawSql(`
GRANT EXECUTE ON PROCEDURE vn.myProcedure TO developer;
GRANT EXECUTE ON FUNCTION bs.myFunction TO developer;
`, null, options);
});
it('should throw error when execute procedure and not have privileges', async() => {
const ctx = getCtx(userWithoutPrivileges);
let error;
try {
const options = {transaction: tx};
await models.Application.execute(
ctx,
'PROCEDURE',
'CALL vn.myProcedure',
[1],
options
);
await tx.rollback();
} catch (e) {
await tx.rollback();
error = e;
}
expect(error.message).toEqual(`You don't have enough privileges`);
});
it('should execute procedure and get data', async() => {
const ctx = getCtx(userWithPrivileges);
try {
const options = {transaction: tx};
const response = await models.Application.execute(
ctx,
'PROCEDURE',
'CALL vn.myProcedure',
[1],
options
);
expect(response.length).toEqual(2);
expect(response[0].myParam).toEqual(1);
await tx.rollback();
} catch (e) {
await tx.rollback();
throw e;
}
});
describe('Application executeProc()', () => {
it('should execute procedure and get data (executeProc)', async() => {
const ctx = getCtx(userWithPrivileges);
try {
const options = {transaction: tx};
const response = await models.Application.executeProc(
ctx,
'myProcedure',
'vn',
[1],
options
);
expect(response.length).toEqual(2);
expect(response[0].myParam).toEqual(1);
await tx.rollback();
} catch (e) {
await tx.rollback();
throw e;
}
});
});
describe('Application executeFunc()', () => {
it('should execute function and get data', async() => {
const ctx = getCtx(userWithPrivileges);
try {
const options = {transaction: tx};
const response = await models.Application.executeFunc(
ctx,
'myFunction',
'bs',
[1],
options
);
expect(response).toEqual(1);
await tx.rollback();
} catch (e) {
await tx.rollback();
throw e;
}
});
it('should execute function and get data with user with inherited privileges', async() => {
const ctx = getCtx(userWithInheritedPrivileges);
try {
const options = {transaction: tx};
const response = await models.Application.executeFunc(
ctx,
'myFunction',
'bs',
[1],
options
);
expect(response).toEqual(1);
await tx.rollback();
} catch (e) {
await tx.rollback();
throw e;
}
});
});
});

View File

@ -2,4 +2,7 @@
module.exports = function(Self) {
require('../methods/application/status')(Self);
require('../methods/application/post')(Self);
require('../methods/application/execute')(Self);
require('../methods/application/executeProc')(Self);
require('../methods/application/executeFunc')(Self);
};

View File

@ -0,0 +1,44 @@
{
"name": "ProcsPriv",
"base": "VnModel",
"options": {
"mysql": {
"table": "mysql.procs_priv"
}
},
"properties": {
"name": {
"id": 1,
"type": "string",
"mysql": {
"columnName": "Routine_name"
}
},
"schema": {
"id": 3,
"type": "string",
"mysql": {
"columnName": "Db"
}
},
"role": {
"type": "string",
"mysql": {
"columnName": "user"
}
},
"type": {
"id": 2,
"type": "string",
"mysql": {
"columnName": "Routine_type"
}
},
"host": {
"type": "string",
"mysql": {
"columnName": "Host"
}
}
}
}

View File

@ -321,9 +321,9 @@
"Select a different client": "Seleccione un cliente distinto",
"Fill all the fields": "Rellene todos los campos",
"The response is not a PDF": "La respuesta no es un PDF",
"Ticket without Route": "Ticket sin ruta",
"Booking completed": "Reserva completada",
"The ticket is in preparation": "El ticket [{{ticketId}}]({{{ticketUrl}}}) del comercial {{salesPersonId}} está en preparación",
"The amount cannot be less than the minimum": "La cantidad no puede ser menor que la cantidad mímina",
"quantityLessThanMin": "La cantidad no puede ser menor que la cantidad mímina"
"quantityLessThanMin": "La cantidad no puede ser menor que la cantidad mímina",
"The notification subscription of this worker cant be modified": "La subscripción a la notificación de este trabajador no puede ser modificada"
}

View File

@ -49,5 +49,13 @@
},
"Container": {
"dataSource": "vn"
},
"ProcsPriv": {
"dataSource": "vn",
"options": {
"mysql": {
"table": "mysql.procs_priv"
}
}
}
}

View File

@ -5,6 +5,9 @@
"AddressObservation": {
"dataSource": "vn"
},
"AddressShortage": {
"dataSource": "vn"
},
"BankEntity": {
"dataSource": "vn"
},

View File

@ -0,0 +1,22 @@
{
"name": "AddressShortage",
"base": "VnModel",
"options": {
"mysql": {
"table": "addressShortage"
}
},
"properties": {
"addressFk": {
"type": "number",
"id": true
}
},
"relations": {
"address": {
"type": "belongsTo",
"model": "Address",
"foreignKey": "addressFk"
}
}
}

View File

@ -17,6 +17,9 @@
},
"maxCreditRows": {
"type": "number"
},
"defaultCredit": {
"type": "number"
}
}
}

View File

@ -483,12 +483,6 @@ module.exports = Self => {
if (userRequiredRoles <= 0)
throw new UserError(`You don't have enough privileges to set this credit amount`);
}
await models.ClientCredit.create({
amount: changes.credit,
clientFk: finalState.id,
workerFk: userId
}, ctx.options);
};
Self.changeCreditManagement = async function changeCreditManagement(ctx, finalState, changes) {

View File

@ -158,7 +158,7 @@
},
"user": {
"type": "belongsTo",
"model": "Account",
"model": "VnUser",
"foreignKey": "id"
},
"payMethod": {

View File

@ -62,13 +62,13 @@ describe('Client Model', () => {
const options = {transaction: tx};
const ctx = {options};
// Set credit to zero by a financialBoss
const financialBoss = await models.VnUser.findOne({
where: {name: 'financialBoss'}
}, options);
ctx.options.accessToken = {userId: financialBoss.id};
await models.Client.changeCredit(ctx, instance, {credit: 0});
const testClient = await models.Client.findById(instance.id, options);
await testClient.updateAttributes({credit: 0}, ctx.options);
const salesAssistant = await models.VnUser.findOne({
where: {name: 'salesAssistant'}

View File

@ -212,7 +212,7 @@
<vn-td number shrink>{{::sale.quantity}}</vn-td>
<vn-td vn-fetched-tags>
<div>
<vn-one title="{{::sale.item.name}}">{{::sale.item.name}}</vn-one>
<vn-one title="{{::sale.concept}}">{{::sale.concept}}</vn-one>
<vn-one ng-if="::sale.item.subName">
<h3 title="{{::sale.item.subName}}">{{::sale.item.subName}}</h3>
</vn-one>

View File

@ -33,6 +33,16 @@
"type": "belongsTo",
"model": "Sector",
"foreignKey": "sectorFk"
},
"train": {
"type": "belongsTo",
"model": "Train",
"foreignKey": "trainFk"
},
"printer": {
"type": "belongsTo",
"model": "Printer",
"foreignKey": "labelerFk"
}
}
}

View File

@ -20,4 +20,5 @@ import './dms/create';
import './dms/edit';
import './note/index';
import './note/create';
import './notifications';

View File

@ -0,0 +1,2 @@
<vn-card>
</vn-card>

View File

@ -0,0 +1,21 @@
import ngModule from '../module';
import Section from 'salix/components/section';
class Controller extends Section {
constructor($element, $) {
super($element, $);
}
async $onInit() {
const url = await this.vnApp.getUrl(`worker/${this.$params.id}/notifications`);
window.open(url).focus();
}
}
ngModule.vnComponent('vnWorkerNotifications', {
template: require('./index.html'),
controller: Controller,
bindings: {
ticket: '<'
}
});

View File

@ -15,6 +15,7 @@
{"state": "worker.card.timeControl", "icon": "access_time"},
{"state": "worker.card.calendar", "icon": "icon-calendar"},
{"state": "worker.card.pda", "icon": "phone_android"},
{"state": "worker.card.notifications", "icon": "notifications"},
{"state": "worker.card.pbx", "icon": "icon-pbx"},
{"state": "worker.card.dms.index", "icon": "cloud_upload"},
{
@ -112,6 +113,14 @@
"params": {
"worker": "$ctrl.worker"
}
}, {
"url": "/notifications",
"state": "worker.card.notifications",
"component": "vn-worker-notifications",
"description": "Notifications",
"params": {
"worker": "$ctrl.worker"
}
}, {
"url": "/time-control?timestamp",
"state": "worker.card.timeControl",

4
package-lock.json generated
View File

@ -1,12 +1,12 @@
{
"name": "salix-back",
"version": "23.46.01",
"version": "23.48.01",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "salix-back",
"version": "23.46.01",
"version": "23.48.01",
"license": "GPL-3.0",
"dependencies": {
"axios": "^1.2.2",

View File

@ -1,6 +1,6 @@
{
"name": "salix-back",
"version": "23.46.01",
"version": "23.48.01",
"author": "Verdnatura Levante SL",
"description": "Salix backend",
"license": "GPL-3.0",