diff --git a/db/versions/11118-limeCymbidium/00-firstScript.sql b/db/versions/11118-limeCymbidium/00-firstScript.sql index 7f9a2432d2..0ed1337a04 100644 --- a/db/versions/11118-limeCymbidium/00-firstScript.sql +++ b/db/versions/11118-limeCymbidium/00-firstScript.sql @@ -3,13 +3,18 @@ INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`prin VALUES ('Entry','filter','READ','ALLOW','ROLE','supplier'); INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) - VALUES ('Entry','getBuys','READ','ALLOW','ROLE','$authenticated'); + VALUES ('Entry','getBuys','READ','ALLOW','ROLE','supplier'); INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) - VALUES ('Entry','buyLabel','READ','ALLOW','ROLE','$authenticated'); + VALUES ('Entry','buyLabel','READ','ALLOW','ROLE','supplier'); INSERT IGNORE INTO `account`.`role` (`name`,`description`,`hasLogin`,`created`,`modified`) VALUES ('supplier','Proveedores',1,'2017-10-10 14:58:58.000','2017-10-10 14:59:20.000'); SET @supplierFk =LAST_INSERT_ID(); INSERT IGNORE INTO account.roleInherit (`role`,`inheritsFrom`) VALUES (@supplierFk,2); + +UPDATE salix.ACL + SET principalId='$authenticated' + WHERE id=264; + diff --git a/loopback/common/methods/schema/model-info.js b/loopback/common/methods/schema/model-info.js index 0648deb800..74d7644750 100644 --- a/loopback/common/methods/schema/model-info.js +++ b/loopback/common/methods/schema/model-info.js @@ -92,6 +92,7 @@ module.exports = Self => { const locale = modelLocale && modelLocale.get(lang); json[modelName] = { + http: model.sharedClass.http.path, properties: model.definition.rawProperties, validations: jsonValidations, locale diff --git a/modules/entry/back/methods/entry/filter.js b/modules/entry/back/methods/entry/filter.js index 929df8bd99..2a127b496a 100644 --- a/modules/entry/back/methods/entry/filter.js +++ b/modules/entry/back/methods/entry/filter.js @@ -112,7 +112,6 @@ module.exports = Self => { if (typeof options == 'object') Object.assign(myOptions, options); - const isSupplier = await Self.app.models.Supplier.isSupplier(ctx, options); const conn = Self.dataSource.connector; const where = buildFilter(ctx.args, (param, value) => { switch (param) { @@ -146,7 +145,8 @@ module.exports = Self => { } }); filter = mergeFilters(ctx.args.filter, {where}); - delete filter.order; + const userId = ctx.req.accessToken.userId; + const isSupplier = await Self.app.models.Supplier.findById(userId, options); if (isSupplier) { if (!filter.where) filter.where = {}; filter.where.supplierFk = ctx.req.accessToken.userId; diff --git a/modules/entry/back/methods/entry/getBuys.js b/modules/entry/back/methods/entry/getBuys.js index cfb065b83f..e392ba3ce3 100644 --- a/modules/entry/back/methods/entry/getBuys.js +++ b/modules/entry/back/methods/entry/getBuys.js @@ -31,16 +31,17 @@ module.exports = Self => { }); Self.getBuys = async(ctx, id, filter, options) => { + const userId = ctx.req.accessToken.userId; const models = Self.app.models; const myOptions = {}; if (typeof options == 'object') Object.assign(myOptions, options); - const isSupplier = await Self.app.models.Supplier.isSupplier(ctx, options); + const isSupplier = await Self.app.models.Supplier.findById(userId, options); if (isSupplier) { - const isEntryOwner = (await Self.findById(id)).supplierFk === ctx.req.accessToken.userId; + const isEntryOwner = (await Self.findById(id)).supplierFk === userId; - if (! isEntryOwner) throw new UserError('Access Denied'); + if (!isEntryOwner) throw new UserError('Access Denied'); } let defaultFilter = { where: {entryFk: id}, @@ -106,7 +107,6 @@ module.exports = Self => { } }] }; - delete filter.order; defaultFilter = mergeFilters(defaultFilter, filter); return models.Buy.find(defaultFilter, myOptions); diff --git a/modules/supplier/back/methods/supplier/isSupplier.js b/modules/supplier/back/methods/supplier/isSupplier.js deleted file mode 100644 index d13f304a84..0000000000 --- a/modules/supplier/back/methods/supplier/isSupplier.js +++ /dev/null @@ -1,28 +0,0 @@ -const UserError = require('vn-loopback/util/user-error'); - -module.exports = Self => { - Self.remoteMethodCtx('isSupplier', { - description: 'Check is supplierFk exists as supplier', - accessType: 'READ', - returns: { - type: 'boolean', - root: true - }, - http: { - path: `/isSupplier`, - verb: 'GET' - } - }); - - Self.isSupplier = async(ctx, options) => { - const myOptions = {validate: false}; - - if (typeof options == 'object') - Object.assign(myOptions, options); - - const userId = ctx.req.accessToken.userId; - const exists = await Self.findById(userId); - - return !!exists; - }; -}; diff --git a/modules/supplier/back/models/supplier.js b/modules/supplier/back/models/supplier.js index 6094602b6d..2d3ffef3e5 100644 --- a/modules/supplier/back/models/supplier.js +++ b/modules/supplier/back/models/supplier.js @@ -12,7 +12,6 @@ module.exports = Self => { require('../methods/supplier/campaignMetricsEmail')(Self); require('../methods/supplier/newSupplier')(Self); require('../methods/supplier/getItemsPackaging')(Self); - require('../methods/supplier/isSupplier')(Self); Self.validatesPresenceOf('name', { message: 'The social name cannot be empty'