diff --git a/db/changes/233601/00-createClaimReader.sql b/db/changes/233601/00-createClaimReader.sql
new file mode 100644
index 000000000..666bf232e
--- /dev/null
+++ b/db/changes/233601/00-createClaimReader.sql
@@ -0,0 +1,32 @@
+INSERT INTO `account`.`role` (`id`, `name`, `description`, `hasLogin`)
+ VALUES ('claimViewer','Trabajadores que consulta las reclamaciones ',1);
+
+INSERT INTO `account`.`roleInherit` (`role`,`inheritsFrom`)
+ SELECT `r`.`id`, `r2`.`id`
+ FROM `account`.`role` `r`
+ JOIN `account`.`role` `r2` ON `r2`.`name` = 'claimViewer'
+ WHERE `r`.`name` IN (
+ 'salesPerson',
+ 'buyer',
+ 'deliveryBoss',
+ 'handmadeBoss'
+ )
+
+DELETE FROM `salix`.`ACL`
+ WHERE `model`= 'claim'
+ AND `property` IN (
+ 'filter',
+ 'find',
+ 'findById',
+ 'getSummary'
+ );
+
+INSERT INTO `salix`.`ACL` (`model`,`property`,`accessType`,`permission`,`principalType`,`principalid`)
+ VALUES ('Claim','filter','READ','ALLOW','ROLE','claimViewer');
+INSERT INTO `salix`.`ACL` (`model`,`property`,`accessType`,`permission`,`principalType`,`principalid`)
+ VALUES ('Claim','find','READ','ALLOW','ROLE','claimViewer');
+INSERT INTO `salix`.`ACL` (`model`,`property`,`accessType`,`permission`,`principalType`,`principalid`)
+ VALUES ('Claim','findById','READ','ALLOW','ROLE','claimViewer');
+INSERT INTO `salix`.`ACL` (`model`,`property`,`accessType`,`permission`,`principalType`,`principalid`)
+ VALUES ('Claim','getSummary','READ','ALLOW','ROLE','claimViewer');
+
diff --git a/loopback/util/specs/validateIban.spec.js b/loopback/util/specs/validateIban.spec.js
index a5d08d4c4..dd096c1b5 100644
--- a/loopback/util/specs/validateIban.spec.js
+++ b/loopback/util/specs/validateIban.spec.js
@@ -1,21 +1,45 @@
const validateIban = require('../validateIban');
describe('IBAN validation', () => {
- it('should return false for non-IBAN input', () => {
- let isValid = validateIban('Pepinillos');
+ it('should return false for invalid Spanish IBAN format', () => {
+ let isValid = validateIban('ES00 9999 0000 9999 0000 9999', 'ES');
expect(isValid).toBeFalsy();
});
- it('should return false for invalid spanish IBAN input', () => {
- let isValid = validateIban('ES00 9999 0000 9999 0000 9999');
-
- expect(isValid).toBeFalsy();
- });
-
- it('should return true for valid spanish IBAN', () => {
- let isValid = validateIban('ES91 2100 0418 4502 0005 1332');
+ it('should return true for valid Spanish IBAN', () => {
+ let isValid = validateIban('ES91 2100 0418 4502 0005 1332', 'ES');
expect(isValid).toBeTruthy();
});
+
+ it('should return false for invalid Spanish IBAN with incorrect length', () => {
+ let isValid = validateIban('ES91210004184502000513', 'ES');
+
+ expect(isValid).toBeFalsy();
+ });
+
+ it('should return false for invalid Spanish IBAN with incorrect module97 result', () => {
+ let isValid = validateIban('ES9121000418450200051331', 'ES');
+
+ expect(isValid).toBeFalsy();
+ });
+
+ it('should return true for a non-Spanish countryCode', () => {
+ let isValid = validateIban('DE89370400440532013000', 'AT');
+
+ expect(isValid).toBeTruthy();
+ });
+
+ it('should return true for null IBAN', () => {
+ let isValid = validateIban(null, 'ES');
+
+ expect(isValid).toBeTruthy();
+ });
+
+ it('should return false for non-string IBAN', () => {
+ let isValid = validateIban(12345, 'ES');
+
+ expect(isValid).toBeFalsy();
+ });
});
diff --git a/loopback/util/validateIban.js b/loopback/util/validateIban.js
index 3ca09ef95..ed3e00426 100644
--- a/loopback/util/validateIban.js
+++ b/loopback/util/validateIban.js
@@ -1,6 +1,7 @@
-module.exports = function(iban) {
+module.exports = function(iban, countryCode) {
if (iban == null) return true;
if (typeof iban != 'string') return false;
+ if (countryCode?.toLowerCase() != 'es') return true;
iban = iban.toUpperCase();
iban = trim(iban);
diff --git a/modules/client/back/models/client.js b/modules/client/back/models/client.js
index 129924b78..8e720484f 100644
--- a/modules/client/back/models/client.js
+++ b/modules/client/back/models/client.js
@@ -90,16 +90,17 @@ module.exports = Self => {
});
async function ibanNeedsValidation(err, done) {
- const filter = {
- fields: ['code'],
- where: {id: this.countryFk}
- };
- const country = await Self.app.models.Country.findOne(filter);
- const code = country ? country.code.toLowerCase() : null;
- if (code != 'es')
+ if (!this.bankEntityFk)
return done();
- if (!validateIban(this.iban))
+ const bankEntity = await Self.app.models.BankEntity.findById(this.bankEntityFk);
+ const filter = {
+ fields: ['code'],
+ where: {id: bankEntity.countryFk}
+ };
+ const country = await Self.app.models.Country.findOne(filter);
+
+ if (!validateIban(this.iban, country?.code))
err();
done();
}
diff --git a/modules/supplier/back/models/supplier-account.js b/modules/supplier/back/models/supplier-account.js
index 51da113ec..691e72580 100644
--- a/modules/supplier/back/models/supplier-account.js
+++ b/modules/supplier/back/models/supplier-account.js
@@ -7,18 +7,18 @@ module.exports = Self => {
});
async function ibanValidation(err, done) {
- const supplier = await Self.app.models.Supplier.findById(this.supplierFk);
+ if (!this.bankEntityFk)
+ return done();
+
+ const bankEntity = await Self.app.models.BankEntity.findById(this.bankEntityFk);
const filter = {
fields: ['code'],
- where: {id: supplier.countryFk}
+ where: {id: bankEntity.countryFk}
};
const country = await Self.app.models.Country.findOne(filter);
- const code = country ? country.code.toLowerCase() : null;
- if (code != 'es')
- return done();
- if (!validateIban(this.iban))
+ if (!validateIban(this.iban, country?.code))
err();
done();
}
diff --git a/modules/worker/back/methods/worker-time-control/sendMail.js b/modules/worker/back/methods/worker-time-control/sendMail.js
index ab5e56a77..66fb7cc23 100644
--- a/modules/worker/back/methods/worker-time-control/sendMail.js
+++ b/modules/worker/back/methods/worker-time-control/sendMail.js
@@ -121,15 +121,18 @@ module.exports = Self => {
`, [started, ended]);
stmts.push(stmt);
- stmt = new ParameterizedSQL(`INSERT INTO mail (receiver, subject, body)
- SELECT CONCAT(u.name, '@verdnatura.es'),
- CONCAT('Error registro de horas semana ', ?, ' año ', ?) ,
- CONCAT('No se ha podido enviar el registro de horas al empleado/s: ', GROUP_CONCAT(DISTINCT CONCAT('
', w.id, ' ', w.firstName, ' ', w.lastName)))
- FROM tmp.timeControlError tce
- JOIN vn.workerTimeControl wtc ON wtc.id = tce.id
- JOIN worker w ON w.id = wtc.userFK
- JOIN account.user u ON u.id = w.bossFk
- GROUP BY w.bossFk`, [args.week, args.year]);
+ stmt = new ParameterizedSQL(`
+ INSERT INTO mail (receiver, subject, body)
+ SELECT CONCAT(u.name, '@verdnatura.es'),
+ CONCAT('Error registro de horas semana ', ?, ' año ', ?) ,
+ CONCAT('No se ha podido enviar el registro de horas al empleado/s: ',
+ GROUP_CONCAT(DISTINCT CONCAT('
', w.id, ' ', w.firstName, ' ', w.lastName)))
+ FROM tmp.timeControlError tce
+ JOIN vn.workerTimeControl wtc ON wtc.id = tce.id
+ JOIN worker w ON w.id = wtc.userFK
+ JOIN account.user u ON u.id = w.bossFk
+ GROUP BY w.bossFk
+ `, [args.week, args.year]);
stmts.push(stmt);
stmt = new ParameterizedSQL(`
@@ -177,10 +180,8 @@ module.exports = Self => {
const workerTimeControlConfig = await models.WorkerTimeControlConfig.findOne(null, myOptions);
for (let day of days[index]) {
- if (!myOptions.transaction) {
- tx = await Self.beginTransaction({});
- myOptions.transaction = tx;
- }
+ tx = await Self.beginTransaction({});
+ myOptions.transaction = tx;
try {
workerFk = day.workerFk;
if (day.timeWorkDecimal > 0 && day.timeWorkedDecimal == null
@@ -365,13 +366,31 @@ module.exports = Self => {
previousReceiver = day.receiver;
}
- if (tx) {
- await tx.commit();
- delete myOptions.transaction;
- }
+ if (tx) await tx.commit();
} catch (e) {
+ const stmts = [];
+ let stmt;
+ stmt = new ParameterizedSQL(`
+ INSERT INTO mail (receiver, subject, body)
+ SELECT CONCAT(u.name, '@verdnatura.es'),
+ CONCAT('Error registro de horas semana ', ?, ' año ', ?) ,
+ CONCAT('No se ha podido enviar el registro de horas al empleado: ',
+ w.id, ' ', w.firstName, ' ', w.lastName, ' por el motivo: ', ?)
+ FROM worker w
+ JOIN account.user u ON u.id = w.bossFk
+ WHERE w.id = ?
+ `, [args.week, args.year, e.message, day.workerFk]);
+ stmts.push(stmt);
+
+ const sql = ParameterizedSQL.join(stmts, ';');
+ await conn.executeStmt(sql);
+
+ previousWorkerFk = day.workerFk;
+ previousReceiver = day.receiver;
+
if (tx) await tx.rollback();
- throw e;
+
+ continue;
}
}
diff --git a/modules/worker/back/methods/worker-time-control/weeklyHourRecordEmail.js b/modules/worker/back/methods/worker-time-control/weeklyHourRecordEmail.js
index f44080559..3203dea82 100644
--- a/modules/worker/back/methods/worker-time-control/weeklyHourRecordEmail.js
+++ b/modules/worker/back/methods/worker-time-control/weeklyHourRecordEmail.js
@@ -51,7 +51,7 @@ module.exports = Self => {
const salix = await models.Url.findOne({
where: {
appName: 'salix',
- environment: process.env.NODE_ENV || 'dev'
+ environment: process.env.NODE_ENV || 'development'
}
}, myOptions);
@@ -61,7 +61,7 @@ module.exports = Self => {
const url = `${salix.url}worker/${args.workerId}/time-control?timestamp=${timestamp}`;
ctx.args.url = url;
- Self.sendTemplate(ctx, 'weekly-hour-record');
+ await Self.sendTemplate(ctx, 'weekly-hour-record');
return models.WorkerTimeControl.updateWorkerTimeControlMail(ctx, myOptions);
};