verdnatura/salix
verdnatura
/
salix
3
4
Fork 0
Code Issues Pull Requests 59 Releases Wiki Activity

feat(salix): refs #7648 #7648 changes requested
gitea/salix/pipeline/pr-dev This commit looks good Details

This commit is contained in:
Javier Segarra 2024-07-01 21:14:27 +02:00
parent a0185dca04
commit f27bdec758
6 changed files with 14 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
db/versions/11118-limeCymbidium/00-firstScript.sql
View File

@ -3,13 +3,18 @@ INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`prin
VALUES ('Entry','filter','READ','ALLOW','ROLE','supplier'); VALUES ('Entry','filter','READ','ALLOW','ROLE','supplier');
INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`)
VALUES ('Entry','getBuys','READ','ALLOW','ROLE','$authenticated'); VALUES ('Entry','getBuys','READ','ALLOW','ROLE','supplier');
INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`) INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`)
VALUES ('Entry','buyLabel','READ','ALLOW','ROLE','$authenticated'); VALUES ('Entry','buyLabel','READ','ALLOW','ROLE','supplier');
INSERT IGNORE INTO `account`.`role` (`name`,`description`,`hasLogin`,`created`,`modified`) INSERT IGNORE INTO `account`.`role` (`name`,`description`,`hasLogin`,`created`,`modified`)
VALUES ('supplier','Proveedores',1,'2017-10-10 14:58:58.000','2017-10-10 14:59:20.000'); VALUES ('supplier','Proveedores',1,'2017-10-10 14:58:58.000','2017-10-10 14:59:20.000');
SET @supplierFk =LAST_INSERT_ID(); SET @supplierFk =LAST_INSERT_ID();
INSERT IGNORE INTO account.roleInherit (`role`,`inheritsFrom`) INSERT IGNORE INTO account.roleInherit (`role`,`inheritsFrom`)
VALUES (@supplierFk,2); VALUES (@supplierFk,2);
UPDATE salix.ACL
SET principalId='$authenticated'
WHERE id=264;

1
loopback/common/methods/schema/model-info.js
View File

@ -92,6 +92,7 @@ module.exports = Self => {
const locale = modelLocale && modelLocale.get(lang); const locale = modelLocale && modelLocale.get(lang);
json[modelName] = { json[modelName] = {
http: model.sharedClass.http.path,
properties: model.definition.rawProperties, properties: model.definition.rawProperties,
validations: jsonValidations, validations: jsonValidations,
locale locale

4
modules/entry/back/methods/entry/filter.js
View File

@ -112,7 +112,6 @@ module.exports = Self => {
if (typeof options == 'object') if (typeof options == 'object')
Object.assign(myOptions, options); Object.assign(myOptions, options);
const isSupplier = await Self.app.models.Supplier.isSupplier(ctx, options);
const conn = Self.dataSource.connector; const conn = Self.dataSource.connector;
const where = buildFilter(ctx.args, (param, value) => { const where = buildFilter(ctx.args, (param, value) => {
switch (param) { switch (param) {
@ -146,7 +145,8 @@ module.exports = Self => {
} }
}); });
filter = mergeFilters(ctx.args.filter, {where}); filter = mergeFilters(ctx.args.filter, {where});
delete filter.order; const userId = ctx.req.accessToken.userId;
const isSupplier = await Self.app.models.Supplier.findById(userId, options);
if (isSupplier) { if (isSupplier) {
if (!filter.where) filter.where = {}; if (!filter.where) filter.where = {};
filter.where.supplierFk = ctx.req.accessToken.userId; filter.where.supplierFk = ctx.req.accessToken.userId;

8
modules/entry/back/methods/entry/getBuys.js
View File

@ -31,16 +31,17 @@ module.exports = Self => {
}); });
Self.getBuys = async(ctx, id, filter, options) => { Self.getBuys = async(ctx, id, filter, options) => {
const userId = ctx.req.accessToken.userId;
const models = Self.app.models; const models = Self.app.models;
const myOptions = {}; const myOptions = {};
if (typeof options == 'object') if (typeof options == 'object')
Object.assign(myOptions, options); Object.assign(myOptions, options);
const isSupplier = await Self.app.models.Supplier.isSupplier(ctx, options); const isSupplier = await Self.app.models.Supplier.findById(userId, options);
if (isSupplier) { if (isSupplier) {
const isEntryOwner = (await Self.findById(id)).supplierFk === ctx.req.accessToken.userId; const isEntryOwner = (await Self.findById(id)).supplierFk === userId;
if (! isEntryOwner) throw new UserError('Access Denied'); if (!isEntryOwner) throw new UserError('Access Denied');
} }
let defaultFilter = { let defaultFilter = {
where: {entryFk: id}, where: {entryFk: id},
@ -106,7 +107,6 @@ module.exports = Self => {
} }
}] }]
}; };
delete filter.order;
defaultFilter = mergeFilters(defaultFilter, filter); defaultFilter = mergeFilters(defaultFilter, filter);
return models.Buy.find(defaultFilter, myOptions); return models.Buy.find(defaultFilter, myOptions);

28
modules/supplier/back/methods/supplier/isSupplier.js
View File

@ -1,28 +0,0 @@
const UserError = require('vn-loopback/util/user-error');
module.exports = Self => {
Self.remoteMethodCtx('isSupplier', {
description: 'Check is supplierFk exists as supplier',
accessType: 'READ',
returns: {
type: 'boolean',
root: true
},
http: {
path: `/isSupplier`,
verb: 'GET'
}
});
Self.isSupplier = async(ctx, options) => {
const myOptions = {validate: false};
if (typeof options == 'object')
Object.assign(myOptions, options);
const userId = ctx.req.accessToken.userId;
const exists = await Self.findById(userId);
return !!exists;
};
};

1
modules/supplier/back/models/supplier.js
View File

@ -12,7 +12,6 @@ module.exports = Self => {
require('../methods/supplier/campaignMetricsEmail')(Self); require('../methods/supplier/campaignMetricsEmail')(Self);
require('../methods/supplier/newSupplier')(Self); require('../methods/supplier/newSupplier')(Self);
require('../methods/supplier/getItemsPackaging')(Self); require('../methods/supplier/getItemsPackaging')(Self);
require('../methods/supplier/isSupplier')(Self);
Self.validatesPresenceOf('name', { Self.validatesPresenceOf('name', {
message: 'The social name cannot be empty' message: 'The social name cannot be empty'