verdnatura/salix
verdnatura
/
salix
3
4
Fork 0
Code Issues Pull Requests 67 Releases Wiki Activity

Refactor #1698 claim.basic-data al llamar a updateClaim tener en cuenta el campo roleFk
gitea/salix/dev This commit looks good Details

This commit is contained in:
Bernat 2019-09-26 09:13:18 +02:00
parent 156c9ec3ab
commit f28305de9b
9 changed files with 147 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
db/changes/10090-iberflora/00-ACL.sql Normal file
View File

@ -0,0 +1 @@
INSERT INTO `salix`.`ACL` (`model`, `property`, `accessType`, `permission`, `principalType`, `principalId`) VALUES ('Claim', 'updateClaimAction', 'WRITE', 'ALLOW', 'ROLE', 'salesAssistant');

2
db/changes/10090-iberflora/00-claimState.sql Normal file
View File

@ -0,0 +1,2 @@
UPDATE `vn`.`claimState` SET `roleFk` = '21' WHERE (`id` = '3');
UPDATE `vn`.`claimState` SET `roleFk` = '21' WHERE (`id` = '5');

84
modules/claim/back/methods/claim/specs/updateClaim.spec.js
View File

@ -26,24 +26,21 @@ describe('Update Claim', () => {
done(); done();
}); });
it('should throw error if isSaleAssistant is false and try to modify a forbidden field', async() => { it(`should throw an error as the user doesn't have rights`, async() => {
let params = { const forbiddenState = 3;
ticketFk: 3, const salesPersonId = 18;
clientFk: 101, let data = {
ticketCreated: newDate, claimStateFk: forbiddenState,
workerFk: 18, observation: 'valid observation'
isChargedToMana: false,
responsibility: 3,
observation: 'another'
}; };
let ctx = { let ctx = {
req: { req: {
accessToken: { accessToken: {
userId: 18 userId: salesPersonId
} }
} }
}; };
await app.models.Claim.updateClaim(ctx, newInstance.id, params) await app.models.Claim.updateClaim(ctx, newInstance.id, data)
.catch(e => { .catch(e => {
error = e; error = e;
}); });
@ -51,74 +48,47 @@ describe('Update Claim', () => {
expect(error.message).toEqual(`You don't have enough privileges to change that field`); expect(error.message).toEqual(`You don't have enough privileges to change that field`);
}); });
it('should throw error if isSaleAssistant is false and try to modify a valid field but a forbidden stated', async() => { it(`should success to update the claim within privileges `, async() => {
let params = { const correctState = 4;
ticketFk: 3, const salesPersonId = 18;
clientFk: 101, let data = {
ticketCreated: newDate, observation: 'valid observation',
workerFk: 18, claimStateFk: correctState,
claimStateFk: 4,
observation: 'another'
}; };
let ctx = { let ctx = {
req: { req: {
accessToken: { accessToken: {
userId: 18 userId: salesPersonId
} }
} }
}; };
await app.models.Claim.updateClaim(ctx, newInstance.id, params) await app.models.Claim.updateClaim(ctx, newInstance.id, data);
.catch(e => {
error = e;
});
expect(error.message).toEqual(`You don't have enough privileges to change that field`);
});
it('should change field observation', async() => {
let params = {
ticketCreated: newDate,
observation: 'another3'
};
let ctx = {
req: {
accessToken: {
userId: 18
}
}
};
await app.models.Claim.updateClaim(ctx, newInstance.id, params);
let claimUpdated = await app.models.Claim.findById(newInstance.id); let claimUpdated = await app.models.Claim.findById(newInstance.id);
expect(claimUpdated.observation).toEqual(params.observation); expect(claimUpdated.observation).toEqual(data.observation);
}); });
it('should change sensible fields as salesAssistant', async() => { it('should change some sensible fields as salesAssistant', async() => {
let params = { const salesAssistantId = 21;
ticketFk: 3, let data = {
clientFk: 101,
ticketCreated: newDate,
workerFk: 18,
claimStateFk: 3, claimStateFk: 3,
isChargedToMana: true, workerFk: 5,
responsibility: 3, observation: 'another valid observation'
observation: 'another'
}; };
let ctx = { let ctx = {
req: { req: {
accessToken: { accessToken: {
userId: 21 userId: salesAssistantId
} }
} }
}; };
await app.models.Claim.updateClaim(ctx, newInstance.id, params); await app.models.Claim.updateClaim(ctx, newInstance.id, data);
let claimUpdated = await app.models.Claim.findById(newInstance.id); let claimUpdated = await app.models.Claim.findById(newInstance.id);
expect(claimUpdated.observation).toEqual(params.observation); expect(claimUpdated.observation).toEqual(data.observation);
expect(claimUpdated.claimStateFk).toEqual(params.claimStateFk); expect(claimUpdated.claimStateFk).toEqual(data.claimStateFk);
expect(claimUpdated.responsibility).toEqual(params.responsibility); expect(claimUpdated.workerFk).toEqual(data.workerFk);
expect(claimUpdated.isChargedToMana).toEqual(params.isChargedToMana);
}); });
}); });

43
modules/claim/back/methods/claim/specs/updateClaimAction.spec.js Normal file
View File

@ -0,0 +1,43 @@
const app = require('vn-loopback/server/server');
describe('Update Claim', () => {
let newDate = new Date();
let newInstance;
let original = {
ticketFk: 3,
clientFk: 101,
ticketCreated: newDate,
workerFk: 18,
claimStateFk: 2,
isChargedToMana: true,
responsibility: 4,
observation: 'observation'
};
beforeAll(async done => {
newInstance = await app.models.Claim.create(original);
done();
});
afterAll(async done => {
await app.models.Claim.destroyById(newInstance.id);
done();
});
it('should update the claim isChargedToMana attribute', async() => {
const data = {isChargedToMana: false};
const result = await app.models.Claim.updateClaimAction(newInstance.id, data);
expect(result.id).toEqual(newInstance.id);
expect(result.isChargedToMana).toBeFalsy();
});
it('should update the claim responsibility attribute', async() => {
const data = {responsibility: 2};
const result = await app.models.Claim.updateClaimAction(newInstance.id, data);
expect(result.id).toEqual(newInstance.id);
expect(result.responsibility).toEqual(2);
});
});

54
modules/claim/back/methods/claim/updateClaim.js
View File

@ -1,26 +1,23 @@
const UserError = require('vn-loopback/util/user-error'); const UserError = require('vn-loopback/util/user-error');
let pick = require('object.pick');
let diff = require('object-diff');
module.exports = Self => { module.exports = Self => {
Self.remoteMethodCtx('updateClaim', { Self.remoteMethodCtx('updateClaim', {
description: 'Update a claim with privileges', description: 'Update a claim with privileges',
accessType: 'WRITE', accessType: 'WRITE',
accepts: [{ accepts: [{
arg: 'id', arg: 'id',
type: 'string', type: 'number',
required: true, required: true,
description: 'Client id', description: 'Claim id',
http: {source: 'path'} http: {source: 'path'}
}, { }, {
arg: 'params', arg: 'data',
type: 'object', type: 'object',
required: true, required: true,
description: 'ticketFk, stateFk', description: 'Data to update on the model',
http: {source: 'body'} http: {source: 'body'}
}], }],
returns: { returns: {
type: 'string', type: 'object',
root: true root: true
}, },
http: { http: {
@ -29,28 +26,31 @@ module.exports = Self => {
} }
}); });
Self.updateClaim = async(ctx, id, params) => { Self.updateClaim = async(ctx, id, data) => {
let models = Self.app.models; let models = Self.app.models;
let isSalesAssistant; let claim = await models.Claim.findById(id);
let currentUserId = ctx.req.accessToken.userId;
isSalesAssistant = await models.Account.hasRole(currentUserId, 'salesAssistant'); let canUpdate = await canChangeState(ctx, claim.claimStateFk);
let hasRights = await canChangeState(ctx, data.claimStateFk);
if (!isSalesAssistant) { if (!canUpdate || !hasRights)
let oldClaim = await models.Claim.findById(id); throw new UserError(`You don't have enough privileges to change that field`);
let notModifiable = ['id', 'responsibility', 'isChargedToMana'];
let changedFields = diff(oldClaim, params);
let changedFieldsPicked = pick(changedFields, notModifiable);
let statesViables = ['Gestionado', 'Pendiente', 'Anulado', 'Mana'];
let oldState = await models.ClaimState.findOne({where: {id: oldClaim.claimStateFk}});
let newState = await models.ClaimState.findOne({where: {id: params.claimStateFk}});
let canChangeState = statesViables.includes(oldState.description)
&& statesViables.includes(newState.description);
if (Object.keys(changedFieldsPicked).length != 0 || !canChangeState)
throw new UserError(`You don't have enough privileges to change that field`);
}
let claim = await Self.findById(id); return await claim.updateAttributes(data);
return await claim.updateAttributes(params);
}; };
async function canChangeState(ctx, id) {
let models = Self.app.models;
let userId = ctx.req.accessToken.userId;
let state = await models.ClaimState.findById(id, {
include: {
relation: 'writeRole'
}
});
let stateRole = state.writeRole().name;
let canUpdate = await models.Account.hasRole(userId, stateRole);
return canUpdate;
}
}; };

43
modules/claim/back/methods/claim/updateClaimAction.js Normal file
View File

@ -0,0 +1,43 @@
module.exports = Self => {
Self.remoteMethod('updateClaimAction', {
description: 'Update a claim with privileges',
accessType: 'WRITE',
accepts: [{
arg: 'id',
type: 'number',
required: true,
description: 'Claim id',
http: {source: 'path'}
}, {
arg: 'data',
type: 'object',
required: true,
description: 'Data to update on the model',
http: {source: 'body'}
}],
returns: {
type: 'object',
root: true
},
http: {
path: `/:id/updateClaimAction`,
verb: 'post'
}
});
Self.updateClaimAction = async(id, data) => {
let models = Self.app.models;
let claim = await models.Claim.findById(id);
let updatedData = {};
if (data.hasOwnProperty('responsibility'))
updatedData.responsibility = data.responsibility;
if (data.hasOwnProperty('isChargedToMana'))
updatedData.isChargedToMana = data.isChargedToMana;
return await claim.updateAttributes(updatedData);
};
};

2
modules/claim/back/models/claim-state.json
View File

@ -18,7 +18,7 @@
} }
}, },
"relations": { "relations": {
"role": { "writeRole": {
"type": "belongsTo", "type": "belongsTo",
"model": "Role", "model": "Role",
"foreignKey": "roleFk" "foreignKey": "roleFk"

1
modules/claim/back/models/claim.js
View File

@ -5,4 +5,5 @@ module.exports = Self => {
require('../methods/claim/updateClaim')(Self); require('../methods/claim/updateClaim')(Self);
require('../methods/claim/regularizeClaim')(Self); require('../methods/claim/regularizeClaim')(Self);
require('../methods/claim/uploadFile')(Self); require('../methods/claim/uploadFile')(Self);
require('../methods/claim/updateClaimAction')(Self);
}; };

4
modules/claim/front/action/index.js
View File

@ -167,14 +167,14 @@ class Controller {
} }
saveResponsibility(value) { saveResponsibility(value) {
let query = `/api/Claims/${this.$stateParams.id}/updateClaim`; let query = `/api/Claims/${this.$stateParams.id}/updateClaimAction`;
this.$http.post(query, {responsibility: value}).then(() => { this.$http.post(query, {responsibility: value}).then(() => {
this.vnApp.showSuccess(this.$translate.instant('Data saved!')); this.vnApp.showSuccess(this.$translate.instant('Data saved!'));
}); });
} }
saveMana(value) { saveMana(value) {
let query = `/api/Claims/${this.$stateParams.id}/updateClaim`; let query = `/api/Claims/${this.$stateParams.id}/updateClaimAction`;
this.$http.post(query, {isChargedToMana: value}).then(() => { this.$http.post(query, {isChargedToMana: value}).then(() => {
this.vnApp.showSuccess(this.$translate.instant('Data saved!')); this.vnApp.showSuccess(this.$translate.instant('Data saved!'));