feat(salix): refs #7648 #7648 changes requested

2024-07-01 21:14:27 +02:00 · 2024-07-01 21:14:27 +02:00 · f27bdec758
parent a0185dca04
commit f27bdec758
6 changed files with 14 additions and 37 deletions
--- a/db/versions/11118-limeCymbidium/00-firstScript.sql
+++ b/db/versions/11118-limeCymbidium/00-firstScript.sql
@ -3,13 +3,18 @@ INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`prin
 	VALUES ('Entry','filter','READ','ALLOW','ROLE','supplier');

 INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`)
-	VALUES ('Entry','getBuys','READ','ALLOW','ROLE','$authenticated');
+	VALUES ('Entry','getBuys','READ','ALLOW','ROLE','supplier');

 INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`)
-	VALUES ('Entry','buyLabel','READ','ALLOW','ROLE','$authenticated');
+	VALUES ('Entry','buyLabel','READ','ALLOW','ROLE','supplier');

 INSERT IGNORE INTO `account`.`role` (`name`,`description`,`hasLogin`,`created`,`modified`)
 	VALUES ('supplier','Proveedores',1,'2017-10-10 14:58:58.000','2017-10-10 14:59:20.000');
 SET @supplierFk =LAST_INSERT_ID();
 INSERT IGNORE INTO account.roleInherit (`role`,`inheritsFrom`)
 	VALUES (@supplierFk,2);
+
+UPDATE salix.ACL
+	SET principalId='$authenticated'
+	WHERE id=264;
+
--- a/loopback/common/methods/schema/model-info.js
+++ b/loopback/common/methods/schema/model-info.js
@ -92,6 +92,7 @@ module.exports = Self => {
            const locale = modelLocale && modelLocale.get(lang);

            json[modelName] = {
+                http: model.sharedClass.http.path,
                properties: model.definition.rawProperties,
                validations: jsonValidations,
                locale
--- a/modules/entry/back/methods/entry/filter.js
+++ b/modules/entry/back/methods/entry/filter.js
@ -112,7 +112,6 @@ module.exports = Self => {

        if (typeof options == 'object')
            Object.assign(myOptions, options);
-        const isSupplier = await Self.app.models.Supplier.isSupplier(ctx, options);
        const conn = Self.dataSource.connector;
        const where = buildFilter(ctx.args, (param, value) => {
            switch (param) {
@ -146,7 +145,8 @@ module.exports = Self => {
            }
        });
        filter = mergeFilters(ctx.args.filter, {where});
-        delete filter.order;
+        const userId = ctx.req.accessToken.userId;
+        const isSupplier = await Self.app.models.Supplier.findById(userId, options);
        if (isSupplier) {
            if (!filter.where) filter.where = {};
            filter.where.supplierFk = ctx.req.accessToken.userId;
--- a/modules/entry/back/methods/entry/getBuys.js
+++ b/modules/entry/back/methods/entry/getBuys.js
@ -31,16 +31,17 @@ module.exports = Self => {
    });

    Self.getBuys = async(ctx, id, filter, options) => {
+        const userId = ctx.req.accessToken.userId;
        const models = Self.app.models;
        const myOptions = {};

        if (typeof options == 'object')
            Object.assign(myOptions, options);
-        const isSupplier = await Self.app.models.Supplier.isSupplier(ctx, options);
+        const isSupplier = await Self.app.models.Supplier.findById(userId, options);
        if (isSupplier) {
-            const isEntryOwner = (await Self.findById(id)).supplierFk === ctx.req.accessToken.userId;
+            const isEntryOwner = (await Self.findById(id)).supplierFk === userId;

-            if (! isEntryOwner) throw new UserError('Access Denied');
+            if (!isEntryOwner) throw new UserError('Access Denied');
        }
        let defaultFilter = {
            where: {entryFk: id},
@ -106,7 +107,6 @@ module.exports = Self => {
                }
            }]
        };
-        delete filter.order;
        defaultFilter = mergeFilters(defaultFilter, filter);

        return models.Buy.find(defaultFilter, myOptions);
--- a/modules/supplier/back/methods/supplier/isSupplier.js
+++ b/modules/supplier/back/methods/supplier/isSupplier.js
@ -1,28 +0,0 @@
-const UserError = require('vn-loopback/util/user-error');
-
-module.exports = Self => {
-    Self.remoteMethodCtx('isSupplier', {
-        description: 'Check is supplierFk exists as supplier',
-        accessType: 'READ',
-        returns: {
-            type: 'boolean',
-            root: true
-        },
-        http: {
-            path: `/isSupplier`,
-            verb: 'GET'
-        }
-    });
-
-    Self.isSupplier = async(ctx, options) => {
-        const myOptions = {validate: false};
-
-        if (typeof options == 'object')
-            Object.assign(myOptions, options);
-
-        const userId = ctx.req.accessToken.userId;
-        const exists = await Self.findById(userId);
-
-        return !!exists;
-    };
-};
--- a/modules/supplier/back/models/supplier.js
+++ b/modules/supplier/back/models/supplier.js
@ -12,7 +12,6 @@ module.exports = Self => {
    require('../methods/supplier/campaignMetricsEmail')(Self);
    require('../methods/supplier/newSupplier')(Self);
    require('../methods/supplier/getItemsPackaging')(Self);
-    require('../methods/supplier/isSupplier')(Self);

    Self.validatesPresenceOf('name', {
        message: 'The social name cannot be empty'