This commit is contained in:
parent
08c9d43b17
commit
9193c784d0
|
|
@ -112,7 +112,7 @@ module.exports = Self => {
|
|||
|
||||
if (typeof options == 'object')
|
||||
Object.assign(myOptions, options);
|
||||
|
||||
const isSupplier = await Self.app.models.Supplier.isSupplier(ctx, options);
|
||||
const conn = Self.dataSource.connector;
|
||||
const where = buildFilter(ctx.args, (param, value) => {
|
||||
switch (param) {
|
||||
|
|
@ -146,7 +146,11 @@ module.exports = Self => {
|
|||
}
|
||||
});
|
||||
filter = mergeFilters(ctx.args.filter, {where});
|
||||
|
||||
delete filter.order;
|
||||
if (isSupplier) {
|
||||
if (!filter.where) filter.where = {};
|
||||
filter.where.supplierFk = ctx.req.accessToken.userId;
|
||||
}
|
||||
const stmts = [];
|
||||
let stmt;
|
||||
stmt = new ParameterizedSQL(
|
||||
|
|
|
|||
|
|
@ -1,7 +1,10 @@
|
|||
const ForbiddenError = require('vn-loopback/util/forbiddenError');
|
||||
const UserError = require('vn-loopback/util/user-error');
|
||||
|
||||
const mergeFilters = require('vn-loopback/util/filter').mergeFilters;
|
||||
|
||||
module.exports = Self => {
|
||||
Self.remoteMethod('getBuys', {
|
||||
Self.remoteMethodCtx('getBuys', {
|
||||
description: 'Returns buys for one entry',
|
||||
accessType: 'READ',
|
||||
accepts: [{
|
||||
|
|
@ -27,13 +30,18 @@ module.exports = Self => {
|
|||
}
|
||||
});
|
||||
|
||||
Self.getBuys = async(id, filter, options) => {
|
||||
Self.getBuys = async(ctx, id, filter, options) => {
|
||||
const models = Self.app.models;
|
||||
const myOptions = {};
|
||||
|
||||
if (typeof options == 'object')
|
||||
Object.assign(myOptions, options);
|
||||
const isSupplier = await Self.app.models.Supplier.isSupplier(ctx, options);
|
||||
if (isSupplier) {
|
||||
const isEntryOwner = (await Self.findById(id)).supplierFk === ctx.req.accessToken.userId;
|
||||
|
||||
if (! isEntryOwner) throw new UserError('Access Denied');
|
||||
}
|
||||
let defaultFilter = {
|
||||
where: {entryFk: id},
|
||||
fields: [
|
||||
|
|
@ -49,9 +57,23 @@ module.exports = Self => {
|
|||
'buyingValue',
|
||||
'price2',
|
||||
'price3',
|
||||
'printedStickers'
|
||||
'printedStickers',
|
||||
'entryFk'
|
||||
],
|
||||
include: {
|
||||
include: [{
|
||||
relation: 'entry',
|
||||
scope: {
|
||||
fields: [
|
||||
'id', 'supplierFk'
|
||||
],
|
||||
include: {
|
||||
relation: 'supplier', scope: {
|
||||
fields: ['id']
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
relation: 'item',
|
||||
scope: {
|
||||
fields: [
|
||||
|
|
@ -82,9 +104,9 @@ module.exports = Self => {
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}]
|
||||
};
|
||||
|
||||
delete filter.order;
|
||||
defaultFilter = mergeFilters(defaultFilter, filter);
|
||||
|
||||
return models.Buy.find(defaultFilter, myOptions);
|
||||
|
|
|
|||
|
|
@ -0,0 +1,28 @@
|
|||
const UserError = require('vn-loopback/util/user-error');
|
||||
|
||||
module.exports = Self => {
|
||||
Self.remoteMethodCtx('isSupplier', {
|
||||
description: 'Check is supplierFk exists as supplier',
|
||||
accessType: 'READ',
|
||||
returns: {
|
||||
type: 'boolean',
|
||||
root: true
|
||||
},
|
||||
http: {
|
||||
path: `/isSupplier`,
|
||||
verb: 'GET'
|
||||
}
|
||||
});
|
||||
|
||||
Self.isSupplier = async(ctx, options) => {
|
||||
const myOptions = {validate: false};
|
||||
|
||||
if (typeof options == 'object')
|
||||
Object.assign(myOptions, options);
|
||||
|
||||
const userId = ctx.req.accessToken.userId;
|
||||
const exists = await Self.findById(userId);
|
||||
|
||||
return !!exists;
|
||||
};
|
||||
};
|
||||
|
|
@ -12,6 +12,7 @@ module.exports = Self => {
|
|||
require('../methods/supplier/campaignMetricsEmail')(Self);
|
||||
require('../methods/supplier/newSupplier')(Self);
|
||||
require('../methods/supplier/getItemsPackaging')(Self);
|
||||
require('../methods/supplier/isSupplier')(Self);
|
||||
|
||||
Self.validatesPresenceOf('name', {
|
||||
message: 'The social name cannot be empty'
|
||||
|
|
|
|||
Loading…
Reference in New Issue