feat: refs #7821 isBooked with grants
gitea/salix/pipeline/pr-dev This commit looks good Details

This commit is contained in:
Javi Gallego 2024-10-25 16:15:13 +02:00
parent 8569bec34a
commit fa9451ea38
10 changed files with 96 additions and 48 deletions

View File

@ -1518,19 +1518,20 @@ INSERT INTO `vn`.`travel`(`id`,`shipped`, `landed`, `warehouseInFk`, `warehouseO
(11, util.VN_CURDATE() - INTERVAL 1 DAY , util.VN_CURDATE(), 6, 3, 0, 50.00, 500, 'eleventh travel', 1, 2, 4), (11, util.VN_CURDATE() - INTERVAL 1 DAY , util.VN_CURDATE(), 6, 3, 0, 50.00, 500, 'eleventh travel', 1, 2, 4),
(12, util.VN_CURDATE() , util.VN_CURDATE() + INTERVAL 1 DAY, 6, 3, 0, 50.00, 500, 'eleventh travel', 1, 2, 4); (12, util.VN_CURDATE() , util.VN_CURDATE() + INTERVAL 1 DAY, 6, 3, 0, 50.00, 500, 'eleventh travel', 1, 2, 4);
INSERT INTO `vn`.`entry`(`id`, `supplierFk`, `created`, `travelFk`, `isConfirmed`, `companyFk`, `invoiceNumber`, `reference`, `isExcludedFromAvailable`, `isRaid`, `evaNotes`) INSERT INTO `vn`.`entry`(`id`, `supplierFk`, `created`, `travelFk`, `isConfirmed`, `companyFk`, `invoiceNumber`, `reference`, `isExcludedFromAvailable`, `isRaid`, `evaNotes`, `typeFk`)
VALUES VALUES
(1, 1, DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH), 1, 1, 442, 'IN2001', 'Movement 1', 0, 0, ''), (1, 1, DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH), 1, 1, 442, 'IN2001', 'Movement 1', 0, 0, '', 'packaging'),
(2, 2, DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH), 2, 0, 442, 'IN2002', 'Movement 2', 0, 0, 'observation two'), (2, 2, DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH), 2, 0, 442, 'IN2002', 'Movement 2', 0, 0, 'observation two', 'product'),
(3, 1, DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH), 3, 0, 442, 'IN2003', 'Movement 3', 0, 0, 'observation three'), (3, 1, DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH), 3, 0, 442, 'IN2003', 'Movement 3', 0, 0, 'observation three', 'product'),
(4, 2, DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH), 2, 0, 69, 'IN2004', 'Movement 4', 0, 0, 'observation four'), (4, 2, DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH), 2, 0, 69, 'IN2004', 'Movement 4', 0, 0, 'observation four', 'product'),
(5, 2, DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH), 5, 0, 442, 'IN2005', 'Movement 5', 0, 0, 'observation five'), (5, 2, DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH), 5, 0, 442, 'IN2005', 'Movement 5', 0, 0, 'observation five', 'product'),
(6, 2, DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH), 6, 0, 442, 'IN2006', 'Movement 6', 0, 0, 'observation six'), (6, 2, DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH), 6, 0, 442, 'IN2006', 'Movement 6', 0, 0, 'observation six', 'product'),
(7, 2, DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH), 7, 0, 442, 'IN2007', 'Movement 7', 0, 0, 'observation seven'), (7, 2, DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH), 7, 0, 442, 'IN2007', 'Movement 7', 0, 0, 'observation seven', 'product'),
(8, 2, DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH), 7, 0, 442, 'IN2008', 'Movement 8', 1, 1, ''), (8, 2, DATE_ADD(util.VN_CURDATE(), INTERVAL -1 MONTH), 7, 0, 442, 'IN2008', 'Movement 8', 1, 1, '', 'product'),
(9, 2, DATE_ADD(util.VN_CURDATE(), INTERVAL +2 DAY), 10, 0, 442, 'IN2009', 'Movement 9', 1, 1, ''), (9, 2, DATE_ADD(util.VN_CURDATE(), INTERVAL +2 DAY), 10, 0, 442, 'IN2009', 'Movement 9', 1, 1, '', 'product'),
(10, 2, DATE_ADD(util.VN_CURDATE(), INTERVAL +2 DAY), 10, 0, 442, 'IN2009', 'Movement 10', 1, 1, ''), (10, 2, DATE_ADD(util.VN_CURDATE(), INTERVAL +2 DAY), 10, 0, 442, 'IN2009', 'Movement 10', 1, 1, '', 'product'),
(99, 69, '2000-12-01 00:00:00.000', 11, 0, 442, 'IN2009', 'Movement 99', 0, 0, ''); (99, 69, '2000-12-01 00:00:00.000', 11, 0, 442, 'IN2009', 'Movement 99', 0, 0, '', 'product');
INSERT INTO `vn`.`entryConfig` (`defaultEntry`, `inventorySupplierFk`, `defaultSupplierFk`) INSERT INTO `vn`.`entryConfig` (`defaultEntry`, `inventorySupplierFk`, `defaultSupplierFk`)
VALUES (2, 4, 1); VALUES (2, 4, 1);

View File

@ -9,16 +9,16 @@ BEGIN
* *
* @param vSelf Id de entrada * @param vSelf Id de entrada
*/ */
DECLARE vIsEditable BOOL; DECLARE vIsNotEditable BOOL;
SELECT e.isBooked INTO vIsEditable SELECT (e.typeFk IS NULL OR NOT et.isInformal) INTO vIsNotEditable
FROM `entry` e FROM `entry` e
JOIN entryType et ON et.code = e.typeFk LEFT JOIN entryType et ON et.code = e.typeFk
WHERE NOT et.isInformal WHERE e.id = vSelf
AND e.id = vSelf; AND e.isBooked;
IF vIsEditable AND NOT IFNULL(@isModeInventory, FALSE) THEN IF vIsNotEditable AND NOT IFNULL(@isModeInventory, FALSE) THEN
CALL util.throw(CONCAT('Entry ', vSelf, ' is not editable')); CALL util.throw(CONCAT('Entry ', vSelf, ' is not editable'));
END IF; END IF;
END$$ END$$
DELIMITER ; DELIMITER ;

View File

@ -0,0 +1,40 @@
-- Eliminar registros existentes donde property = '*'
DELETE FROM `salix`.ACL WHERE model = 'entry' AND property = '*';
-- Insertar permisos para los métodos solicitados en el modelo Entry
INSERT INTO `salix`.ACL (model, property, accessType, permission, principalType, principalId)
VALUES
-- Permisos para administrative
('Entry', 'upsert', 'WRITE', 'ALLOW', 'ROLE', 'administrative'),
('Entry', 'updateAttributes', 'WRITE', 'ALLOW', 'ROLE', 'administrative'),
('Entry', 'isBooked', 'READ', 'ALLOW', 'ROLE', 'administrative'),
('Entry', 'findById', 'READ', 'ALLOW', 'ROLE', 'administrative'),
('Entry', 'find', 'READ', 'ALLOW', 'ROLE', 'administrative'),
('Entry', 'filter', 'READ', 'ALLOW', 'ROLE', 'administrative'),
('Entry', 'count', 'READ', 'ALLOW', 'ROLE', 'administrative'),
('Entry', 'getEntry', 'READ', 'ALLOW', 'ROLE', 'administrative'),
('Entry', 'getBuys', 'READ', 'ALLOW', 'ROLE', 'administrative'),
('Entry', 'findOne', 'READ', 'ALLOW', 'ROLE', 'administrative'),
('Entry', 'deleteBuys', 'WRITE', 'ALLOW', 'ROLE', 'administrative'),
('Entry', 'editLatestBuys', 'WRITE', 'ALLOW', 'ROLE', 'administrative'),
('Entry', 'importBuys', 'WRITE', 'ALLOW', 'ROLE', 'administrative'),
('Entry', 'importBuysPreview', 'READ', 'ALLOW', 'ROLE', 'administrative'),
('Entry', 'lastItemBuys', 'READ', 'ALLOW', 'ROLE', 'administrative'),
('Entry', 'latestBuysFilter', 'READ', 'ALLOW', 'ROLE', 'administrative'),
-- Permisos para buyer (excluyendo isBooked)
('Entry', 'upsert', 'WRITE', 'ALLOW', 'ROLE', 'buyer'),
('Entry', 'updateAttributes', 'WRITE', 'ALLOW', 'ROLE', 'buyer'),
('Entry', 'findById', 'READ', 'ALLOW', 'ROLE', 'buyer'),
('Entry', 'find', 'READ', 'ALLOW', 'ROLE', 'buyer'),
('Entry', 'filter', 'READ', 'ALLOW', 'ROLE', 'buyer'),
('Entry', 'count', 'READ', 'ALLOW', 'ROLE', 'buyer'),
('Entry', 'getEntry', 'READ', 'ALLOW', 'ROLE', 'buyer'),
('Entry', 'getBuys', 'READ', 'ALLOW', 'ROLE', 'buyer'),
('Entry', 'findOne', 'READ', 'ALLOW', 'ROLE', 'buyer'),
('Entry', 'deleteBuys', 'WRITE', 'ALLOW', 'ROLE', 'buyer'),
('Entry', 'editLatestBuys', 'WRITE', 'ALLOW', 'ROLE', 'buyer'),
('Entry', 'importBuys', 'WRITE', 'ALLOW', 'ROLE', 'buyer'),
('Entry', 'importBuysPreview', 'READ', 'ALLOW', 'ROLE', 'buyer'),
('Entry', 'lastItemBuys', 'READ', 'ALLOW', 'ROLE', 'buyer'),
('Entry', 'latestBuysFilter', 'READ', 'ALLOW', 'ROLE', 'buyer');

View File

@ -240,6 +240,10 @@
"There is already a tray with the same height": "There is already a tray with the same height", "There is already a tray with the same height": "There is already a tray with the same height",
"The height must be greater than 50cm": "The height must be greater than 50cm", "The height must be greater than 50cm": "The height must be greater than 50cm",
"The maximum height of the wagon is 200cm": "The maximum height of the wagon is 200cm", "The maximum height of the wagon is 200cm": "The maximum height of the wagon is 200cm",
"The quantity claimed cannot be greater than the quantity of the line": "The quantity claimed cannot be greater than the quantity of the line", "The quantity claimed cannot be greater than the quantity of the line": "The quantity claimed cannot be greater than the quantity of the line",
"There are tickets for this area, delete them first": "There are tickets for this area, delete them first" "There are tickets for this area, delete them first": "There are tickets for this area, delete them first",
} "Payment method is required": "Payment method is required",
"You do not have permission to modify the booked field": "You do not have permission to modify the booked field",
"null": "null",
"Invalid or expired verification code": "Invalid or expired verification code"
}

View File

@ -385,5 +385,11 @@
"The quantity claimed cannot be greater than the quantity of the line": "La cantidad reclamada no puede ser mayor que la cantidad de la línea", "The quantity claimed cannot be greater than the quantity of the line": "La cantidad reclamada no puede ser mayor que la cantidad de la línea",
"type cannot be blank": "Se debe rellenar el tipo", "type cannot be blank": "Se debe rellenar el tipo",
"There are tickets for this area, delete them first": "Hay tickets para esta sección, borralos primero", "There are tickets for this area, delete them first": "Hay tickets para esta sección, borralos primero",
"There is no company associated with that warehouse": "No hay ninguna empresa asociada a ese almacén" "There is no company associated with that warehouse": "No hay ninguna empresa asociada a ese almacén",
"You do not have permission to modify the booked field": "No tienes permisos para modificar el campo contabilizada",
"Entry 99 is not editable": "Entry 99 is not editable",
"Entry 9 is not editable": "Entry 9 is not editable",
"Entry must have lines to be marked booked": "Entry must have lines to be marked booked",
"Entry 10 is not editable": "Entry 10 is not editable",
"Entry 7 is not editable": "Entry 7 is not editable"
} }

View File

@ -363,5 +363,6 @@
"It has been invoiced but the PDF of refund not be generated": "Il a été facturé mais le PDF de remboursement n'a pas été généré", "It has been invoiced but the PDF of refund not be generated": "Il a été facturé mais le PDF de remboursement n'a pas été généré",
"Cannot send mail": "Impossible d'envoyer le mail", "Cannot send mail": "Impossible d'envoyer le mail",
"Original invoice not found": "Facture originale introuvable", "Original invoice not found": "Facture originale introuvable",
"The quantity claimed cannot be greater than the quantity of the line": "Le montant réclamé ne peut pas être supérieur au montant de la ligne" "The quantity claimed cannot be greater than the quantity of the line": "Le montant réclamé ne peut pas être supérieur au montant de la ligne",
"You do not have permission to modify the booked field": "Vous n'avez pas la permission de modifier le champ comptabilisé"
} }

View File

@ -363,5 +363,6 @@
"It has been invoiced but the PDF of refund not be generated": "Foi faturado mas não foi gerado o PDF do reembolso", "It has been invoiced but the PDF of refund not be generated": "Foi faturado mas não foi gerado o PDF do reembolso",
"Original invoice not found": "Fatura original não encontrada", "Original invoice not found": "Fatura original não encontrada",
"Cannot send mail": "Não é possível enviar o email", "Cannot send mail": "Não é possível enviar o email",
"The quantity claimed cannot be greater than the quantity of the line": "O valor reclamado não pode ser superior ao valor da linha" "The quantity claimed cannot be greater than the quantity of the line": "O valor reclamado não pode ser superior ao valor da linha",
"You do not have permission to modify the booked field": "Você não tem permissão para modificar o campo contabilizado"
} }

View File

@ -1,3 +1,4 @@
const UserError = require('vn-loopback/util/user-error');
const LoopBackContext = require('loopback-context'); const LoopBackContext = require('loopback-context');
module.exports = Self => { module.exports = Self => {
require('../methods/entry/filter')(Self); require('../methods/entry/filter')(Self);
@ -18,11 +19,20 @@ module.exports = Self => {
const changes = ctx.data || ctx.instance; const changes = ctx.data || ctx.instance;
const orgData = ctx.currentInstance; const orgData = ctx.currentInstance;
const loopBackContext = LoopBackContext.getCurrentContext();
const accessToken = {req: loopBackContext.active};
const hasChanges = orgData && changes;
const isBookedChanged = changes.isBooked !== undefined && orgData.isBooked !== changes.isBooked;
if (isBookedChanged) {
const canEditIsBooked = await Self.app.models.ACL.checkAccessAcl(accessToken, 'Entry', 'isBooked', 'READ');
if (!canEditIsBooked)
throw new UserError('You do not have permission to modify the booked field');
}
const observation = changes.observation || orgData.observation; const observation = changes.observation || orgData.observation;
const hasChanges = orgData && changes; const observationChanged = hasChanges && orgData.observation != observation;
const observationChanged = hasChanges
&& orgData.observation != observation;
if (observationChanged) { if (observationChanged) {
let tx; let tx;
@ -37,8 +47,7 @@ module.exports = Self => {
} }
try { try {
const loopbackContext = LoopBackContext.getCurrentContext(); const userId = loopBackContext.active.accessToken.userId;
const userId = loopbackContext.active.accessToken.userId;
const id = changes.id || orgData.id; const id = changes.id || orgData.id;
const entry = await Self.app.models.Entry.findById(id, null, myOptions); const entry = await Self.app.models.Entry.findById(id, null, myOptions);
await entry.updateAttribute('observationEditorFk', userId, myOptions); await entry.updateAttribute('observationEditorFk', userId, myOptions);

View File

@ -15,7 +15,7 @@ module.exports = Self => {
Self.getWithPackaging = async options => { Self.getWithPackaging = async options => {
const models = Self.app.models; const models = Self.app.models;
const myOptions = {}; const myOptions = {};
const oneYearAgo = new Date(); const oneYearAgo = Date.vnNew();
oneYearAgo.setFullYear(oneYearAgo.getFullYear() - 1); oneYearAgo.setFullYear(oneYearAgo.getFullYear() - 1);
if (typeof options == 'object') if (typeof options == 'object')

View File

@ -1,26 +1,12 @@
const {models} = require('vn-loopback/server/server'); const {models} = require('vn-loopback/server/server');
describe('Supplier getWithPackaging()', () => { describe('Supplier getWithPackaging()', () => {
beforeAll.mockLoopBackContext();
it('should return a list of suppliers with an entry of type packaging', async() => { it('should return a list of suppliers with an entry of type packaging', async() => {
const typeFk = 'packaging';
const tx = await models.Supplier.beginTransaction({}); const tx = await models.Supplier.beginTransaction({});
const myOptions = {transaction: tx}; const myOptions = {transaction: tx};
try { try {
const entry = await models.Entry.findOne(
{
where: {
id: 1
},
myOptions
});
await entry.updateAttributes({
typeFk: typeFk,
created: new Date()
});
const result = await models.Supplier.getWithPackaging(myOptions); const result = await models.Supplier.getWithPackaging(myOptions);
expect(result.length).toEqual(1); expect(result.length).toEqual(1);