From f47197cd8085bb9a762fb98998bd3f8c6b2f3ca6 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Mon, 1 Jul 2024 14:06:28 +0200 Subject: [PATCH 01/12] Merge branch '7648_customerEntries' into 7648_dev_customerEntries --- .../11118-limeCymbidium/00-firstScript.sql | 10 ++++++ modules/entry/back/methods/entry/buyLabel.js | 3 +- modules/entry/back/methods/entry/filter.js | 8 +++-- modules/entry/back/methods/entry/getBuys.js | 34 +++++++++++++++---- .../back/methods/entry/specs/filter.spec.js | 18 ++++++---- .../back/methods/entry/specs/getBuys.spec.js | 9 ++++- .../back/methods/supplier/isSupplier.js | 28 +++++++++++++++ modules/supplier/back/models/supplier.js | 1 + 8 files changed, 95 insertions(+), 16 deletions(-) create mode 100644 db/versions/11118-limeCymbidium/00-firstScript.sql create mode 100644 modules/supplier/back/methods/supplier/isSupplier.js diff --git a/db/versions/11118-limeCymbidium/00-firstScript.sql b/db/versions/11118-limeCymbidium/00-firstScript.sql new file mode 100644 index 000000000..52ab2acbd --- /dev/null +++ b/db/versions/11118-limeCymbidium/00-firstScript.sql @@ -0,0 +1,10 @@ +-- Place your SQL code here +-- Auto-generated SQL script #202406281423 +INSERT INTO salix.ACL (model,property,accessType,permission,principalType,principalId) + VALUES ('Entry','filter','READ','ALLOW','ROLE','$authenticated'); + +-- Auto-generated SQL script #202406281452 +INSERT INTO salix.ACL (model,property,accessType,permission,principalType,principalId) + VALUES ('Entry','getBuys','READ','ALLOW','ROLE','$authenticated'); +INSERT INTO salix.ACL (model,property,accessType,permission,principalType,principalId) + VALUES ('Entry','buyLabel','READ','ALLOW','ROLE','$authenticated'); diff --git a/modules/entry/back/methods/entry/buyLabel.js b/modules/entry/back/methods/entry/buyLabel.js index 650b05c97..d9b0ebf1d 100644 --- a/modules/entry/back/methods/entry/buyLabel.js +++ b/modules/entry/back/methods/entry/buyLabel.js @@ -29,7 +29,8 @@ module.exports = Self => { http: { path: '/:id/buy-label', verb: 'GET' - } + }, + accessScopes: ['DEFAULT', 'read:multimedia'] }); Self.buyLabel = (ctx, id) => Self.printReport(ctx, id, 'buy-label'); diff --git a/modules/entry/back/methods/entry/filter.js b/modules/entry/back/methods/entry/filter.js index 1cd12b737..7d287b842 100644 --- a/modules/entry/back/methods/entry/filter.js +++ b/modules/entry/back/methods/entry/filter.js @@ -112,7 +112,7 @@ module.exports = Self => { if (typeof options == 'object') Object.assign(myOptions, options); - + const isSupplier = await Self.app.models.Supplier.isSupplier(ctx, options); const conn = Self.dataSource.connector; const where = buildFilter(ctx.args, (param, value) => { switch (param) { @@ -146,7 +146,11 @@ module.exports = Self => { } }); filter = mergeFilters(ctx.args.filter, {where}); - + delete filter.order; + if (isSupplier) { + if (!filter.where) filter.where = {}; + filter.where.supplierFk = ctx.req.accessToken.userId; + } const stmts = []; let stmt; stmt = new ParameterizedSQL( diff --git a/modules/entry/back/methods/entry/getBuys.js b/modules/entry/back/methods/entry/getBuys.js index 0ed77e8d1..cfb065b83 100644 --- a/modules/entry/back/methods/entry/getBuys.js +++ b/modules/entry/back/methods/entry/getBuys.js @@ -1,7 +1,10 @@ +const ForbiddenError = require('vn-loopback/util/forbiddenError'); +const UserError = require('vn-loopback/util/user-error'); + const mergeFilters = require('vn-loopback/util/filter').mergeFilters; module.exports = Self => { - Self.remoteMethod('getBuys', { + Self.remoteMethodCtx('getBuys', { description: 'Returns buys for one entry', accessType: 'READ', accepts: [{ @@ -27,13 +30,18 @@ module.exports = Self => { } }); - Self.getBuys = async(id, filter, options) => { + Self.getBuys = async(ctx, id, filter, options) => { const models = Self.app.models; const myOptions = {}; if (typeof options == 'object') Object.assign(myOptions, options); + const isSupplier = await Self.app.models.Supplier.isSupplier(ctx, options); + if (isSupplier) { + const isEntryOwner = (await Self.findById(id)).supplierFk === ctx.req.accessToken.userId; + if (! isEntryOwner) throw new UserError('Access Denied'); + } let defaultFilter = { where: {entryFk: id}, fields: [ @@ -49,9 +57,23 @@ module.exports = Self => { 'buyingValue', 'price2', 'price3', - 'printedStickers' + 'printedStickers', + 'entryFk' ], - include: { + include: [{ + relation: 'entry', + scope: { + fields: [ + 'id', 'supplierFk' + ], + include: { + relation: 'supplier', scope: { + fields: ['id'] + } + } + } + }, + { relation: 'item', scope: { fields: [ @@ -82,9 +104,9 @@ module.exports = Self => { } } } - } + }] }; - + delete filter.order; defaultFilter = mergeFilters(defaultFilter, filter); return models.Buy.find(defaultFilter, myOptions); diff --git a/modules/entry/back/methods/entry/specs/filter.spec.js b/modules/entry/back/methods/entry/specs/filter.spec.js index 28763bc81..e116d1c5f 100644 --- a/modules/entry/back/methods/entry/specs/filter.spec.js +++ b/modules/entry/back/methods/entry/specs/filter.spec.js @@ -9,7 +9,8 @@ describe('Entry filter()', () => { const ctx = { args: { search: 1 - } + }, + req: {accessToken: {userId: 9}} }; const result = await models.Entry.filter(ctx, options); @@ -32,7 +33,8 @@ describe('Entry filter()', () => { const ctx = { args: { currencyFk: 1 - } + }, + req: {accessToken: {userId: 9}} }; const result = await models.Entry.filter(ctx, options); @@ -54,7 +56,8 @@ describe('Entry filter()', () => { const ctx = { args: { supplierFk: 2 - } + }, + req: {accessToken: {userId: 9}} }; const result = await models.Entry.filter(ctx, options); @@ -76,7 +79,8 @@ describe('Entry filter()', () => { const ctx = { args: { companyFk: 442 - } + }, + req: {accessToken: {userId: 9}} }; const result = await models.Entry.filter(ctx, options); @@ -98,7 +102,8 @@ describe('Entry filter()', () => { const ctx = { args: { isBooked: true, - } + }, + req: {accessToken: {userId: 9}} }; const result = await models.Entry.filter(ctx, options); @@ -121,7 +126,8 @@ describe('Entry filter()', () => { args: { reference: 'movement', travelFk: '2' - } + }, + req: {accessToken: {userId: 9}} }; const result = await models.Entry.filter(ctx, options); diff --git a/modules/entry/back/methods/entry/specs/getBuys.spec.js b/modules/entry/back/methods/entry/specs/getBuys.spec.js index cf4462e48..44b2ff5bc 100644 --- a/modules/entry/back/methods/entry/specs/getBuys.spec.js +++ b/modules/entry/back/methods/entry/specs/getBuys.spec.js @@ -7,7 +7,14 @@ describe('entry getBuys()', () => { const options = {transaction: tx}; try { - const result = await models.Entry.getBuys(entryId, options); + const ctx = { + args: { + search: 1 + }, + req: {accessToken: {userId: 2}} + }; + + const result = await models.Entry.getBuys(ctx, entryId, options); const length = result.length; const anyResult = result[Math.floor(Math.random() * Math.floor(length))]; diff --git a/modules/supplier/back/methods/supplier/isSupplier.js b/modules/supplier/back/methods/supplier/isSupplier.js new file mode 100644 index 000000000..d13f304a8 --- /dev/null +++ b/modules/supplier/back/methods/supplier/isSupplier.js @@ -0,0 +1,28 @@ +const UserError = require('vn-loopback/util/user-error'); + +module.exports = Self => { + Self.remoteMethodCtx('isSupplier', { + description: 'Check is supplierFk exists as supplier', + accessType: 'READ', + returns: { + type: 'boolean', + root: true + }, + http: { + path: `/isSupplier`, + verb: 'GET' + } + }); + + Self.isSupplier = async(ctx, options) => { + const myOptions = {validate: false}; + + if (typeof options == 'object') + Object.assign(myOptions, options); + + const userId = ctx.req.accessToken.userId; + const exists = await Self.findById(userId); + + return !!exists; + }; +}; diff --git a/modules/supplier/back/models/supplier.js b/modules/supplier/back/models/supplier.js index 2d3ffef3e..6094602b6 100644 --- a/modules/supplier/back/models/supplier.js +++ b/modules/supplier/back/models/supplier.js @@ -12,6 +12,7 @@ module.exports = Self => { require('../methods/supplier/campaignMetricsEmail')(Self); require('../methods/supplier/newSupplier')(Self); require('../methods/supplier/getItemsPackaging')(Self); + require('../methods/supplier/isSupplier')(Self); Self.validatesPresenceOf('name', { message: 'The social name cannot be empty' From f0326860baaac84570a1e261cb1738860760bf4a Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Mon, 1 Jul 2024 14:07:46 +0200 Subject: [PATCH 02/12] feat(salix): refs #7648 #7648 add new fields --- modules/entry/back/methods/entry/filter.js | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/entry/back/methods/entry/filter.js b/modules/entry/back/methods/entry/filter.js index 7d287b842..929df8bd9 100644 --- a/modules/entry/back/methods/entry/filter.js +++ b/modules/entry/back/methods/entry/filter.js @@ -177,10 +177,15 @@ module.exports = Self => { s.name AS supplierName, s.nickname AS supplierAlias, co.code AS companyCode, - cu.code AS currencyCode + cu.code AS currencyCode, + t.shipped AS shipped, + t.landed AS landed, + t.warehouseInFk AS warehouseId, + w.name AS warehouseName FROM vn.entry e JOIN vn.supplier s ON s.id = e.supplierFk JOIN vn.travel t ON t.id = e.travelFk + JOIN vn.warehouse w ON w.id = t.warehouseInFk JOIN vn.company co ON co.id = e.companyFk JOIN vn.currency cu ON cu.id = e.currencyFk` ); From a0185dca0486a339ba41ab8822ff4e767e19be1b Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Mon, 1 Jul 2024 18:39:21 +0200 Subject: [PATCH 03/12] feat(salix): refs #7648 #7648 new supplier role --- .../11118-limeCymbidium/00-firstScript.sql | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/db/versions/11118-limeCymbidium/00-firstScript.sql b/db/versions/11118-limeCymbidium/00-firstScript.sql index 52ab2acbd..7f9a2432d 100644 --- a/db/versions/11118-limeCymbidium/00-firstScript.sql +++ b/db/versions/11118-limeCymbidium/00-firstScript.sql @@ -1,10 +1,15 @@ --- Place your SQL code here --- Auto-generated SQL script #202406281423 -INSERT INTO salix.ACL (model,property,accessType,permission,principalType,principalId) - VALUES ('Entry','filter','READ','ALLOW','ROLE','$authenticated'); --- Auto-generated SQL script #202406281452 -INSERT INTO salix.ACL (model,property,accessType,permission,principalType,principalId) +INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) + VALUES ('Entry','filter','READ','ALLOW','ROLE','supplier'); + +INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) VALUES ('Entry','getBuys','READ','ALLOW','ROLE','$authenticated'); -INSERT INTO salix.ACL (model,property,accessType,permission,principalType,principalId) + +INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) VALUES ('Entry','buyLabel','READ','ALLOW','ROLE','$authenticated'); + +INSERT IGNORE INTO `account`.`role` (`name`,`description`,`hasLogin`,`created`,`modified`) + VALUES ('supplier','Proveedores',1,'2017-10-10 14:58:58.000','2017-10-10 14:59:20.000'); +SET @supplierFk =LAST_INSERT_ID(); +INSERT IGNORE INTO account.roleInherit (`role`,`inheritsFrom`) + VALUES (@supplierFk,2); From f27bdec75822835be3db77ff496f686d524a826d Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Mon, 1 Jul 2024 21:14:27 +0200 Subject: [PATCH 04/12] feat(salix): refs #7648 #7648 changes requested --- .../11118-limeCymbidium/00-firstScript.sql | 9 ++++-- loopback/common/methods/schema/model-info.js | 1 + modules/entry/back/methods/entry/filter.js | 4 +-- modules/entry/back/methods/entry/getBuys.js | 8 +++--- .../back/methods/supplier/isSupplier.js | 28 ------------------- modules/supplier/back/models/supplier.js | 1 - 6 files changed, 14 insertions(+), 37 deletions(-) delete mode 100644 modules/supplier/back/methods/supplier/isSupplier.js diff --git a/db/versions/11118-limeCymbidium/00-firstScript.sql b/db/versions/11118-limeCymbidium/00-firstScript.sql index 7f9a2432d..0ed1337a0 100644 --- a/db/versions/11118-limeCymbidium/00-firstScript.sql +++ b/db/versions/11118-limeCymbidium/00-firstScript.sql @@ -3,13 +3,18 @@ INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`prin VALUES ('Entry','filter','READ','ALLOW','ROLE','supplier'); INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) - VALUES ('Entry','getBuys','READ','ALLOW','ROLE','$authenticated'); + VALUES ('Entry','getBuys','READ','ALLOW','ROLE','supplier'); INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) - VALUES ('Entry','buyLabel','READ','ALLOW','ROLE','$authenticated'); + VALUES ('Entry','buyLabel','READ','ALLOW','ROLE','supplier'); INSERT IGNORE INTO `account`.`role` (`name`,`description`,`hasLogin`,`created`,`modified`) VALUES ('supplier','Proveedores',1,'2017-10-10 14:58:58.000','2017-10-10 14:59:20.000'); SET @supplierFk =LAST_INSERT_ID(); INSERT IGNORE INTO account.roleInherit (`role`,`inheritsFrom`) VALUES (@supplierFk,2); + +UPDATE salix.ACL + SET principalId='$authenticated' + WHERE id=264; + diff --git a/loopback/common/methods/schema/model-info.js b/loopback/common/methods/schema/model-info.js index 0648deb80..74d764475 100644 --- a/loopback/common/methods/schema/model-info.js +++ b/loopback/common/methods/schema/model-info.js @@ -92,6 +92,7 @@ module.exports = Self => { const locale = modelLocale && modelLocale.get(lang); json[modelName] = { + http: model.sharedClass.http.path, properties: model.definition.rawProperties, validations: jsonValidations, locale diff --git a/modules/entry/back/methods/entry/filter.js b/modules/entry/back/methods/entry/filter.js index 929df8bd9..2a127b496 100644 --- a/modules/entry/back/methods/entry/filter.js +++ b/modules/entry/back/methods/entry/filter.js @@ -112,7 +112,6 @@ module.exports = Self => { if (typeof options == 'object') Object.assign(myOptions, options); - const isSupplier = await Self.app.models.Supplier.isSupplier(ctx, options); const conn = Self.dataSource.connector; const where = buildFilter(ctx.args, (param, value) => { switch (param) { @@ -146,7 +145,8 @@ module.exports = Self => { } }); filter = mergeFilters(ctx.args.filter, {where}); - delete filter.order; + const userId = ctx.req.accessToken.userId; + const isSupplier = await Self.app.models.Supplier.findById(userId, options); if (isSupplier) { if (!filter.where) filter.where = {}; filter.where.supplierFk = ctx.req.accessToken.userId; diff --git a/modules/entry/back/methods/entry/getBuys.js b/modules/entry/back/methods/entry/getBuys.js index cfb065b83..e392ba3ce 100644 --- a/modules/entry/back/methods/entry/getBuys.js +++ b/modules/entry/back/methods/entry/getBuys.js @@ -31,16 +31,17 @@ module.exports = Self => { }); Self.getBuys = async(ctx, id, filter, options) => { + const userId = ctx.req.accessToken.userId; const models = Self.app.models; const myOptions = {}; if (typeof options == 'object') Object.assign(myOptions, options); - const isSupplier = await Self.app.models.Supplier.isSupplier(ctx, options); + const isSupplier = await Self.app.models.Supplier.findById(userId, options); if (isSupplier) { - const isEntryOwner = (await Self.findById(id)).supplierFk === ctx.req.accessToken.userId; + const isEntryOwner = (await Self.findById(id)).supplierFk === userId; - if (! isEntryOwner) throw new UserError('Access Denied'); + if (!isEntryOwner) throw new UserError('Access Denied'); } let defaultFilter = { where: {entryFk: id}, @@ -106,7 +107,6 @@ module.exports = Self => { } }] }; - delete filter.order; defaultFilter = mergeFilters(defaultFilter, filter); return models.Buy.find(defaultFilter, myOptions); diff --git a/modules/supplier/back/methods/supplier/isSupplier.js b/modules/supplier/back/methods/supplier/isSupplier.js deleted file mode 100644 index d13f304a8..000000000 --- a/modules/supplier/back/methods/supplier/isSupplier.js +++ /dev/null @@ -1,28 +0,0 @@ -const UserError = require('vn-loopback/util/user-error'); - -module.exports = Self => { - Self.remoteMethodCtx('isSupplier', { - description: 'Check is supplierFk exists as supplier', - accessType: 'READ', - returns: { - type: 'boolean', - root: true - }, - http: { - path: `/isSupplier`, - verb: 'GET' - } - }); - - Self.isSupplier = async(ctx, options) => { - const myOptions = {validate: false}; - - if (typeof options == 'object') - Object.assign(myOptions, options); - - const userId = ctx.req.accessToken.userId; - const exists = await Self.findById(userId); - - return !!exists; - }; -}; diff --git a/modules/supplier/back/models/supplier.js b/modules/supplier/back/models/supplier.js index 6094602b6..2d3ffef3e 100644 --- a/modules/supplier/back/models/supplier.js +++ b/modules/supplier/back/models/supplier.js @@ -12,7 +12,6 @@ module.exports = Self => { require('../methods/supplier/campaignMetricsEmail')(Self); require('../methods/supplier/newSupplier')(Self); require('../methods/supplier/getItemsPackaging')(Self); - require('../methods/supplier/isSupplier')(Self); Self.validatesPresenceOf('name', { message: 'The social name cannot be empty' From 89a394a10def74e4b9c11cd3986bf7b91b24aab2 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Tue, 2 Jul 2024 09:52:18 +0200 Subject: [PATCH 05/12] test(salix): refs #7648 #7648 entry.filter --- modules/entry/back/methods/entry/filter.js | 2 +- .../back/methods/entry/specs/filter.spec.js | 82 +++++++++++++++---- 2 files changed, 65 insertions(+), 19 deletions(-) diff --git a/modules/entry/back/methods/entry/filter.js b/modules/entry/back/methods/entry/filter.js index 2a127b496..700d251a2 100644 --- a/modules/entry/back/methods/entry/filter.js +++ b/modules/entry/back/methods/entry/filter.js @@ -149,7 +149,7 @@ module.exports = Self => { const isSupplier = await Self.app.models.Supplier.findById(userId, options); if (isSupplier) { if (!filter.where) filter.where = {}; - filter.where.supplierFk = ctx.req.accessToken.userId; + filter.where[`e.supplierFk`] = ctx.req.accessToken.userId; } const stmts = []; let stmt; diff --git a/modules/entry/back/methods/entry/specs/filter.spec.js b/modules/entry/back/methods/entry/specs/filter.spec.js index e116d1c5f..76dc7b786 100644 --- a/modules/entry/back/methods/entry/specs/filter.spec.js +++ b/modules/entry/back/methods/entry/specs/filter.spec.js @@ -1,6 +1,6 @@ const models = require('vn-loopback/server/server').models; -describe('Entry filter()', () => { +fdescribe('Entry filter()', () => { it('should return the entry matching "search"', async() => { const tx = await models.Entry.beginTransaction({}); const options = {transaction: tx}; @@ -48,27 +48,73 @@ describe('Entry filter()', () => { } }); - it('should return the entry matching the supplier', async() => { - const tx = await models.Entry.beginTransaction({}); - const options = {transaction: tx}; + describe('should return the entry matching the supplier', () => { + it('when userId is supplier ', async() => { + const tx = await models.Entry.beginTransaction({}); + const options = {transaction: tx}; - try { - const ctx = { - args: { - supplierFk: 2 - }, - req: {accessToken: {userId: 9}} - }; + try { + const ctx = { + args: {}, + req: {accessToken: {userId: 2}} + }; - const result = await models.Entry.filter(ctx, options); + const result = await models.Entry.filter(ctx, options); - expect(result.length).toEqual(6); + expect(result.length).toEqual(6); - await tx.rollback(); - } catch (e) { - await tx.rollback(); - throw e; - } + await tx.rollback(); + } catch (e) { + await tx.rollback(); + throw e; + } + }); + + it('when userId is supplier fetching other supplier', async() => { + const tx = await models.Entry.beginTransaction({}); + const options = {transaction: tx}; + + try { + const ctx = { + args: { + supplierFk: 1 + }, + req: {accessToken: {userId: 2}} + }; + + const result = await models.Entry.filter(ctx, options); + + expect(result.length).toEqual(6); + + await tx.rollback(); + } catch (e) { + await tx.rollback(); + throw e; + } + }); + + it('when userId is not supplier', async() => { + const tx = await models.Entry.beginTransaction({}); + const options = {transaction: tx}; + + try { + const ctx = { + args: { + supplierFk: 2 + }, + req: {accessToken: {userId: 9}} + }; + + const result = await models.Entry.filter(ctx, options); + + expect(result.length).toEqual(6); + + await tx.rollback(); + } catch (e) { + await tx.rollback(); + throw e; + } + }); }); it('should return the entry matching the company', async() => { From 30520cbe4895357a1026e236a0d8caa90442e6bf Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Tue, 2 Jul 2024 10:06:26 +0200 Subject: [PATCH 06/12] test(salix): refs #7648 #7648 getBuys.filter --- .../back/methods/entry/specs/getBuys.spec.js | 93 ++++++++++++++----- 1 file changed, 72 insertions(+), 21 deletions(-) diff --git a/modules/entry/back/methods/entry/specs/getBuys.spec.js b/modules/entry/back/methods/entry/specs/getBuys.spec.js index 44b2ff5bc..801cd6f1a 100644 --- a/modules/entry/back/methods/entry/specs/getBuys.spec.js +++ b/modules/entry/back/methods/entry/specs/getBuys.spec.js @@ -1,31 +1,82 @@ +const UserError = require('vn-loopback/util/user-error'); const models = require('vn-loopback/server/server').models; -describe('entry getBuys()', () => { +fdescribe('entry getBuys()', () => { const entryId = 4; - it('should get the buys and items of an entry', async() => { - const tx = await models.Entry.beginTransaction({}); - const options = {transaction: tx}; + describe('should get the buys and items of an entry ', () => { + it('when is supplier and entry owner', async() => { + const tx = await models.Entry.beginTransaction({}); + const options = {transaction: tx}; - try { - const ctx = { - args: { - search: 1 - }, - req: {accessToken: {userId: 2}} - }; + try { + const ctx = { + args: { + search: 1 + }, + req: {accessToken: {userId: 2}} + }; - const result = await models.Entry.getBuys(ctx, entryId, options); + const result = await models.Entry.getBuys(ctx, entryId, options); - const length = result.length; - const anyResult = result[Math.floor(Math.random() * Math.floor(length))]; + const length = result.length; + const anyResult = result[Math.floor(Math.random() * Math.floor(length))]; - expect(result.length).toEqual(4); - expect(anyResult.item).toBeDefined(); + expect(result.length).toEqual(4); + expect(anyResult.item).toBeDefined(); - await tx.rollback(); - } catch (e) { - await tx.rollback(); - throw e; - } + await tx.rollback(); + } catch (e) { + await tx.rollback(); + throw e; + } + }); + + it('when is supplier but not entry owner', async() => { + const tx = await models.Entry.beginTransaction({}); + const options = {transaction: tx}; + const entryId = 1; + try { + const ctx = { + args: { + search: 1 + }, + req: {accessToken: {userId: 2}} + }; + + const result = await models.Entry.getBuys(ctx, entryId, options); + + expect(result).toBeUndefined(); + } catch (error) { + expect(error).toBeInstanceOf(UserError); + expect(error.message).toBe('Access Denied'); + } + }); + + it('when is not supplier', async() => { + const tx = await models.Entry.beginTransaction({}); + const options = {transaction: tx}; + + try { + const ctx = { + args: { + search: 1 + }, + req: {accessToken: {userId: 9}} + }; + + const result = await models.Entry.getBuys(ctx, entryId, options); + + const length = result.length; + const anyResult = result[Math.floor(Math.random() * Math.floor(length))]; + + expect(result.length).toEqual(4); + expect(anyResult.item).toBeDefined(); + + await tx.rollback(); + } catch (e) { + await tx.rollback(); + throw e; + } + }); }); }); From 08612fc70cccafdc802673e96032cc3787913842 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Tue, 2 Jul 2024 10:07:23 +0200 Subject: [PATCH 07/12] perf(salix): refs #7648 #7648 fixtures and firstScript --- db/dump/fixtures.before.sql | 3 +++ db/versions/11118-limeCymbidium/00-firstScript.sql | 1 + 2 files changed, 4 insertions(+) diff --git a/db/dump/fixtures.before.sql b/db/dump/fixtures.before.sql index 27f84bdfb..b27bc8ef6 100644 --- a/db/dump/fixtures.before.sql +++ b/db/dump/fixtures.before.sql @@ -3913,3 +3913,6 @@ INSERT INTO dipole.expedition_PrintOut (expeditionFk, ticketFk, addressFk, stree truckName, clientFk, phone, province, agency, m3, workerCode, itemFk, quantity, longName, shelvingFk, comments) VALUES(1, 1, 0, ' ', ' ', ' ', ' ', 0, '2001-01-01 00:00:00', 1, 0, ' ', ' ', 0, NULL, '', NULL, 0.000, NULL, 10, NULL, NULL, 'NCC', NULL); +UPDATE account.`user` + SET `role`=131 + WHERE id=2; diff --git a/db/versions/11118-limeCymbidium/00-firstScript.sql b/db/versions/11118-limeCymbidium/00-firstScript.sql index 0ed1337a0..3921a8a13 100644 --- a/db/versions/11118-limeCymbidium/00-firstScript.sql +++ b/db/versions/11118-limeCymbidium/00-firstScript.sql @@ -18,3 +18,4 @@ UPDATE salix.ACL SET principalId='$authenticated' WHERE id=264; + From 3539b5a33e906cc182ae4468929a43790b76a53d Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Tue, 2 Jul 2024 10:08:51 +0200 Subject: [PATCH 08/12] test(salix): refs #7648 #7648 remove fdescribe --- modules/entry/back/methods/entry/specs/filter.spec.js | 2 +- modules/entry/back/methods/entry/specs/getBuys.spec.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/entry/back/methods/entry/specs/filter.spec.js b/modules/entry/back/methods/entry/specs/filter.spec.js index 76dc7b786..9d954cdc4 100644 --- a/modules/entry/back/methods/entry/specs/filter.spec.js +++ b/modules/entry/back/methods/entry/specs/filter.spec.js @@ -1,6 +1,6 @@ const models = require('vn-loopback/server/server').models; -fdescribe('Entry filter()', () => { +describe('Entry filter()', () => { it('should return the entry matching "search"', async() => { const tx = await models.Entry.beginTransaction({}); const options = {transaction: tx}; diff --git a/modules/entry/back/methods/entry/specs/getBuys.spec.js b/modules/entry/back/methods/entry/specs/getBuys.spec.js index 801cd6f1a..cb7f7cb80 100644 --- a/modules/entry/back/methods/entry/specs/getBuys.spec.js +++ b/modules/entry/back/methods/entry/specs/getBuys.spec.js @@ -1,7 +1,7 @@ const UserError = require('vn-loopback/util/user-error'); const models = require('vn-loopback/server/server').models; -fdescribe('entry getBuys()', () => { +describe('entry getBuys()', () => { const entryId = 4; describe('should get the buys and items of an entry ', () => { it('when is supplier and entry owner', async() => { From cc004a864a58397e0e2701aa7f7bbac29ad02575 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Tue, 2 Jul 2024 20:41:53 +0200 Subject: [PATCH 09/12] feat(salix): refs #7648 #7648 rename some travel fields --- modules/entry/back/methods/entry/filter.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/entry/back/methods/entry/filter.js b/modules/entry/back/methods/entry/filter.js index 700d251a2..c25a7527e 100644 --- a/modules/entry/back/methods/entry/filter.js +++ b/modules/entry/back/methods/entry/filter.js @@ -178,10 +178,10 @@ module.exports = Self => { s.nickname AS supplierAlias, co.code AS companyCode, cu.code AS currencyCode, - t.shipped AS shipped, - t.landed AS landed, - t.warehouseInFk AS warehouseId, - w.name AS warehouseName + t.shipped, + t.landed, + t.warehouseInFk, + w.name AS warehouseInName FROM vn.entry e JOIN vn.supplier s ON s.id = e.supplierFk JOIN vn.travel t ON t.id = e.travelFk From adbbe4aef9c57513be79fb8e4804d9bf40a8f9fe Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Wed, 3 Jul 2024 01:46:01 +0200 Subject: [PATCH 10/12] fix(salix): refs #7648 #7648 solve big bug --- modules/entry/back/methods/entry/getBuys.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/entry/back/methods/entry/getBuys.js b/modules/entry/back/methods/entry/getBuys.js index e392ba3ce..444e6cb14 100644 --- a/modules/entry/back/methods/entry/getBuys.js +++ b/modules/entry/back/methods/entry/getBuys.js @@ -1,4 +1,3 @@ -const ForbiddenError = require('vn-loopback/util/forbiddenError'); const UserError = require('vn-loopback/util/user-error'); const mergeFilters = require('vn-loopback/util/filter').mergeFilters; @@ -37,7 +36,7 @@ module.exports = Self => { if (typeof options == 'object') Object.assign(myOptions, options); - const isSupplier = await Self.app.models.Supplier.findById(userId, options); + const isSupplier = await Self.app.models.Supplier.findById(userId, myOptions); if (isSupplier) { const isEntryOwner = (await Self.findById(id)).supplierFk === userId; From 946d6f553af0be220e5b9d882397c6fda4252daf Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Wed, 3 Jul 2024 08:16:55 +0200 Subject: [PATCH 11/12] perf(salix): refs #7648 #7648 sql conventions --- modules/entry/back/methods/entry/filter.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/entry/back/methods/entry/filter.js b/modules/entry/back/methods/entry/filter.js index c25a7527e..9bbce1c95 100644 --- a/modules/entry/back/methods/entry/filter.js +++ b/modules/entry/back/methods/entry/filter.js @@ -162,7 +162,7 @@ module.exports = Self => { e.invoiceNumber, e.isBooked, e.isExcludedFromAvailable, - e.evaNotes AS observation, + e.evaNotes observation, e.isConfirmed, e.isOrdered, e.isRaid, @@ -174,14 +174,14 @@ module.exports = Self => { e.gestDocFk, e.invoiceInFk, t.landed, - s.name AS supplierName, - s.nickname AS supplierAlias, - co.code AS companyCode, - cu.code AS currencyCode, + s.name supplierName, + s.nickname supplierAlias, + co.code companyCode, + cu.code currencyCode, t.shipped, t.landed, t.warehouseInFk, - w.name AS warehouseInName + w.name warehouseInName FROM vn.entry e JOIN vn.supplier s ON s.id = e.supplierFk JOIN vn.travel t ON t.id = e.travelFk From beff905e02bfb6b2d074eb122d0e01f8c9668ec8 Mon Sep 17 00:00:00 2001 From: Javier Segarra Date: Wed, 3 Jul 2024 08:54:58 +0200 Subject: [PATCH 12/12] perf(salix): refs #7648 #7648 remove change role for user 2 --- db/dump/fixtures.before.sql | 4 ---- 1 file changed, 4 deletions(-) diff --git a/db/dump/fixtures.before.sql b/db/dump/fixtures.before.sql index b27bc8ef6..359410564 100644 --- a/db/dump/fixtures.before.sql +++ b/db/dump/fixtures.before.sql @@ -3912,7 +3912,3 @@ VALUES(1, ''); INSERT INTO dipole.expedition_PrintOut (expeditionFk, ticketFk, addressFk, street, postalCode, city, shopName, isPrinted, created, printerFk, routeFk, parkingCode, truckName, clientFk, phone, province, agency, m3, workerCode, itemFk, quantity, longName, shelvingFk, comments) VALUES(1, 1, 0, ' ', ' ', ' ', ' ', 0, '2001-01-01 00:00:00', 1, 0, ' ', ' ', 0, NULL, '', NULL, 0.000, NULL, 10, NULL, NULL, 'NCC', NULL); - -UPDATE account.`user` - SET `role`=131 - WHERE id=2;