2024-03-15 08:28:05 +00:00
27 changed files with 245 additions and 154 deletions
--- a/back/methods/dms/downloadFile.js
+++ b/back/methods/dms/downloadFile.js
@ -29,7 +29,8 @@ module.exports = Self => {
        http: {
            path: `/:id/downloadFile`,
            verb: 'GET'
-        }
+        },
        accessScopes: ['read:multimedia']
    });
    Self.downloadFile = async function(ctx, id) {
--- a/back/methods/docuware/download.js
+++ b/back/methods/docuware/download.js
@ -42,7 +42,8 @@ module.exports = Self => {
        http: {
            path: `/:id/download`,
            verb: 'GET'
-        }
+        },
        accessScopes: ['read:multimedia']
    });
    Self.download = async function(id, fileCabinet, filter) {
--- a/back/methods/image/download.js
+++ b/back/methods/image/download.js
@ -47,7 +47,8 @@ module.exports = Self => {
        http: {
            path: `/:collection/:size/:id/download`,
            verb: 'GET'
-        }
+        },
        accessScopes: ['read:multimedia']
    });
    Self.download = async function(ctx, collection, size, id) {
--- a/back/methods/vn-user/share-token.js
+++ b/back/methods/vn-user/share-token.js
@ -0,0 +1,27 @@
 module.exports = Self => {
    Self.remoteMethodCtx('shareToken', {
        description: 'Returns token to view files or images and share it',
        accessType: 'WRITE',
        accepts: [],
        returns: {
            type: 'Object',
            root: true
        },
        http: {
            path: `/shareToken`,
            verb: 'GET'
        }
    });
    Self.shareToken = async function(ctx) {
        const {accessToken: token} = ctx.req;
        const user = await Self.findById(token.userId);
        const multimediaToken = await user.accessTokens.create({
            scopes: ['read:multimedia']
        });
        return {multimediaToken};
    };
 };
--- a/back/methods/vn-user/specs/share-token.spec.js
+++ b/back/methods/vn-user/specs/share-token.spec.js
@ -0,0 +1,27 @@
 const {models} = require('vn-loopback/server/server');
 describe('Share Token', () => {
    let ctx = null;
    beforeAll(async() => {
        const unAuthCtx = {
            req: {
                headers: {},
                connection: {
                    remoteAddress: '127.0.0.1'
                },
                getLocale: () => 'en'
            },
            args: {}
        };
        let login = await models.VnUser.signIn(unAuthCtx, 'salesAssistant', 'nightmare');
        let accessToken = await models.AccessToken.findById(login.token);
        ctx = {req: {accessToken: accessToken}};
    });
    it('should renew token', async() => {
        const multimediaToken = await models.VnUser.shareToken(ctx);
        expect(Object.keys(multimediaToken).length).toEqual(1);
        expect(multimediaToken.multimediaToken.userId).toEqual(ctx.req.accessToken.userId);
        expect(multimediaToken.multimediaToken.scopes[0]).toEqual('read:multimedia');
    });
 });
--- a/back/models/vn-user.js
+++ b/back/models/vn-user.js
@ -13,6 +13,7 @@ module.exports = function(Self) {
    require('../methods/vn-user/privileges')(Self);
    require('../methods/vn-user/validate-auth')(Self);
    require('../methods/vn-user/renew-token')(Self);
    require('../methods/vn-user/share-token')(Self);
    require('../methods/vn-user/update-user')(Self);
    Self.definition.settings.acls = Self.definition.settings.acls.filter(acl => acl.property !== 'create');
--- a/back/models/vn-user.json
+++ b/back/models/vn-user.json
@ -1,129 +1,140 @@
 {
-	"name": "VnUser",
+    "name": "VnUser",
-	"base": "User",
+    "base": "User",
-	"validateUpsert": true,
+    "validateUpsert": true,
-	"options": {
+    "options": {
-		"mysql": {
+        "mysql": {
-			"table": "account.user"
+            "table": "account.user"
-		}
+        }
-	},
+    },
    "mixins": {
        "Loggable": true
    },
    "resetPasswordTokenTTL": "604800",
-	"properties": {
+    "properties": {
-		"id": {
+        "id": {
-			"type": "number",
+            "type": "number",
-			"id": true
+            "id": true
-		},
+        },
        "name": {
-			"type": "string",
+            "type": "string",
-			"required": true
+            "required": true
-		},
+        },
-		"username": {
+        "username": {
-			"type": "string"
+            "type": "string"
-		},
+        },
-		"roleFk": {
+        "roleFk": {
-			"type": "number",
+            "type": "number",
-			"mysql": {
+            "mysql": {
-				"columnName": "role"
+                "columnName": "role"
-			}
+            }
-		},
+        },
-		"nickname": {
+        "nickname": {
-			"type": "string"
+            "type": "string"
-		},
+        },
-		"lang": {
+        "lang": {
-			"type": "string"
+            "type": "string"
-		},
+        },
-		"active": {
+        "active": {
-			"type": "boolean"
+            "type": "boolean"
-		},
+        },
-		"email": {
+        "email": {
-			"type": "string"
+            "type": "string"
-		},
+        },
-		"emailVerified": {
+        "emailVerified": {
-			"type": "boolean"
+            "type": "boolean"
-		},
+        },
-		"created": {
+        "created": {
-			"type": "date"
+            "type": "date"
-		},
+        },
-		"updated": {
+        "updated": {
-			"type": "date"
+            "type": "date"
-		},
+        },
-		"image": {
+        "image": {
-			"type": "string"
+            "type": "string"
-		},
+        },
-		"hasGrant": {
+        "hasGrant": {
-			"type": "boolean"
+            "type": "boolean"
-		},
+        },
        "passExpired": {
            "type": "date"
        },
-		"twoFactor": {
+        "twoFactor": {
-			"type": "string"
+            "type": "string"
-		}
+        }
-	},
+    },
-	"relations": {
+    "relations": {
-		"role": {
+        "role": {
-			"type": "belongsTo",
+            "type": "belongsTo",
-			"model": "VnRole",
+            "model": "VnRole",
-			"foreignKey": "roleFk"
+            "foreignKey": "roleFk"
-		},
+        },
-		"roles": {
+        "roles": {
-			"type": "hasMany",
+            "type": "hasMany",
-			"model": "RoleRole",
+            "model": "RoleRole",
-			"foreignKey": "role",
+            "foreignKey": "role",
-			"primaryKey": "roleFk"
+            "primaryKey": "roleFk"
-		},
+        },
-		"emailUser": {
+        "emailUser": {
-			"type": "hasOne",
+            "type": "hasOne",
-			"model": "EmailUser",
+            "model": "EmailUser",
-			"foreignKey": "userFk"
+            "foreignKey": "userFk"
-		},
+        },
-		"worker": {
+        "worker": {
-			"type": "hasOne",
+            "type": "hasOne",
-			"model": "Worker",
+            "model": "Worker",
-			"foreignKey": "id"
+            "foreignKey": "id"
-		},
+        },
-		"userConfig": {
+        "userConfig": {
-			"type": "hasOne",
+            "type": "hasOne",
-			"model": "UserConfig",
+            "model": "UserConfig",
-			"foreignKey": "userFk"
+            "foreignKey": "userFk"
-		}
+        }
-	},
+    },
-	"acls": [
+    "acls": [
-		{
+        {
-			"property": "signIn",
+            "property": "signIn",
-			"accessType": "EXECUTE",
+            "accessType": "EXECUTE",
-			"principalType": "ROLE",
+            "principalType": "ROLE",
-			"principalId": "$everyone",
+            "principalId": "$everyone",
-			"permission": "ALLOW"
+            "permission": "ALLOW"
-		}, {
+        },
-			"property": "recoverPassword",
+        {
-			"accessType": "EXECUTE",
+            "property": "recoverPassword",
-			"principalType": "ROLE",
+            "accessType": "EXECUTE",
-			"principalId": "$everyone",
+            "principalType": "ROLE",
-			"permission": "ALLOW"
+            "principalId": "$everyone",
-		}, {
+            "permission": "ALLOW"
-			"property": "validateAuth",
+        },
-			"accessType": "EXECUTE",
+        {
-			"principalType": "ROLE",
+            "property": "validateAuth",
-			"principalId": "$everyone",
+            "accessType": "EXECUTE",
-			"permission": "ALLOW"
+            "principalType": "ROLE",
-		}, {
+            "principalId": "$everyone",
-			"property": "privileges",
+            "permission": "ALLOW"
-			"accessType": "*",
+        },
-			"principalType": "ROLE",
+        {
-			"principalId": "$authenticated",
+            "property": "privileges",
-			"permission": "ALLOW"
+            "accessType": "*",
-		}, {
+            "principalType": "ROLE",
-			"property": "renewToken",
+            "principalId": "$authenticated",
-			"accessType": "WRITE",
+            "permission": "ALLOW"
-			"principalType": "ROLE",
+        },
-			"principalId": "$authenticated",
+        {
-			"permission": "ALLOW"
+            "property": "renewToken",
-		}
+            "accessType": "WRITE",
-	],
+            "principalType": "ROLE",
            "principalId": "$authenticated",
            "permission": "ALLOW"
        },
        {
            "property": "shareToken",
            "accessType": "WRITE",
            "principalType": "ROLE",
            "principalId": "$authenticated",
            "permission": "ALLOW"
        }
    ],
    "scopes": {
        "preview": {
            "fields": [
@ -140,7 +151,7 @@
                "hasGrant",
                "realm",
                "email",
-				"emailVerified"
+                "emailVerified"
            ]
        }
    }
--- a/db/versions/10919-brownMoss/00-firstScript.sql
+++ b/db/versions/10919-brownMoss/00-firstScript.sql
@ -0,0 +1,3 @@
 -- Place your SQL code here
--- a/front/core/services/auth.js
+++ b/front/core/services/auth.js
@ -83,22 +83,27 @@ export default class Auth {
    }
    onLoginOk(json, now, remember) {
-        this.vnToken.set(json.data.token, now, json.data.ttl, remember);
+        return this.$http.get('VnUsers/ShareToken', {
-
+            headers: {Authorization: json.data.token}
-        return this.loadAcls().then(() => {
+        }).then(({data}) => {
-            let continueHash = this.$state.params.continue;
+            this.vnToken.set(json.data.token, data.multimediaToken.id, now, json.data.ttl, remember);
-            if (continueHash)
+            this.loadAcls().then(() => {
-                this.$window.location = continueHash;
+                let continueHash = this.$state.params.continue;
-            else
+                if (continueHash)
-                this.$state.go('home');
+                    this.$window.location = continueHash;
-        });
+                else
                    this.$state.go('home');
            });
        }).catch(() => {});
    }
    logout() {
        this.$http.post('Accounts/logout', null, {headers: {'Authorization': this.vnToken.tokenMultimedia},
        }).catch(() => {});
        let promise = this.$http.post('VnUsers/logout', null, {
            headers: {Authorization: this.vnToken.token}
        }).catch(() => {});
        this.vnToken.unset();
        this.loggedIn = false;
        this.vnModules.reset();
--- a/front/core/services/interceptor.js
+++ b/front/core/services/interceptor.js
@ -19,7 +19,7 @@ function interceptor($q, vnApp, $translate) {
            if (config.url.charAt(0) !== '/' && apiPath)
                config.url = `${apiPath}${config.url}`;
-            if (token)
+            if (token && !config.headers.Authorization)
                config.headers.Authorization = token;
            if ($translate.use())
                config.headers['Accept-Language'] = $translate.use();
--- a/front/core/services/token.js
+++ b/front/core/services/token.js
@ -24,21 +24,22 @@ export default class Token {
        } catch (e) {}
    }
-    set(token, created, ttl, remember) {
+    set(token, tokenMultimedia, created, ttl, remember) {
        this.unset();
        Object.assign(this, {
            token,
            tokenMultimedia,
            created,
            ttl,
            remember
        });
-        this.vnInterceptor.setToken(token);
+        this.vnInterceptor.setToken(token, tokenMultimedia);
        try {
            if (remember)
-                this.setStorage(localStorage, token, created, ttl);
+                this.setStorage(localStorage, token, tokenMultimedia, created, ttl);
            else
-                this.setStorage(sessionStorage, token, created, ttl);
+                this.setStorage(sessionStorage, token, tokenMultimedia, created, ttl);
        } catch (err) {
            console.error(err);
        }
@ -46,6 +47,7 @@ export default class Token {
    unset() {
        this.token = null;
        this.tokenMultimedia = null;
        this.created = null;
        this.ttl = null;
        this.remember = null;
@ -57,13 +59,15 @@ export default class Token {
    getStorage(storage) {
        this.token = storage.getItem('vnToken');
        this.tokenMultimedia = storage.getItem('vnTokenMultimedia');
        if (!this.token) return;
        const created = storage.getItem('vnTokenCreated');
        this.created = created && new Date(created);
        this.ttl = storage.getItem('vnTokenTtl');
    }
-    setStorage(storage, token, created, ttl) {
+    setStorage(storage, token, tokenMultimedia, created, ttl) {
        storage.setItem('vnTokenMultimedia', tokenMultimedia);
        storage.setItem('vnToken', token);
        storage.setItem('vnTokenCreated', created.toJSON());
        storage.setItem('vnTokenTtl', ttl);
@ -71,6 +75,7 @@ export default class Token {
    removeStorage(storage) {
        storage.removeItem('vnToken');
        storage.removeItem('vnTokenMultimedia');
        storage.removeItem('vnTokenCreated');
        storage.removeItem('vnTokenTtl');
    }
--- a/front/salix/components/layout/index.js
+++ b/front/salix/components/layout/index.js
@ -23,8 +23,7 @@ export class Layout extends Component {
        if (!this.$.$root.user) return;
        const userId = this.$.$root.user.id;
-        const token = this.vnToken.token;
+        return `/api/Images/user/160x160/${userId}/download?access_token=${this.vnToken.tokenMultimedia}`;
        return `/api/Images/user/160x160/${userId}/download?access_token=${token}`;
    }
    refresh() {
--- a/front/salix/components/log/index.html
+++ b/front/salix/components/log/index.html
@ -31,7 +31,7 @@
                    ng-click="$ctrl.showDescriptor($event, userLog)">
                    <img
                        ng-if="::userLog.user.image"
-                        ng-src="/api/Images/user/160x160/{{::userLog.userFk}}/download?access_token={{::$ctrl.vnToken.token}}">
+                        ng-src="/api/Images/user/160x160/{{::userLog.userFk}}/download?access_token={{::$ctrl.vnToken.tokenMultimedia}}">
                    </img>
                </vn-avatar>
                </div>
@ -181,7 +181,7 @@
                        val="{{::nickname}}">
                        <img
                            ng-if="::image"
-                            ng-src="/api/Images/user/160x160/{{::id}}/download?access_token={{::$ctrl.vnToken.token}}">
+                            ng-src="/api/Images/user/160x160/{{::id}}/download?access_token={{::$ctrl.vnToken.tokenMultimedia}}">
                        </img>
                    </vn-avatar>
                    <div>
--- a/front/salix/module.js
+++ b/front/salix/module.js
@ -13,7 +13,7 @@ export function run($window, $rootScope, vnAuth, vnApp, vnToken, $state) {
        if (!collection || !size || !id) return;
        const basePath = `/api/Images/${collection}/${size}/${id}`;
-        return `${basePath}/download?access_token=${vnToken.token}`;
+        return `${basePath}/download?access_token=${vnToken.tokenMultimedia}`;
    };
    $window.validations = {};
--- a/modules/account/back/methods/account/logout.js
+++ b/modules/account/back/methods/account/logout.js
@ -15,7 +15,8 @@ module.exports = Self => {
        http: {
            path: `/logout`,
            verb: 'POST'
-        }
+        },
        accessScopes: ['DEFAULT', 'read:multimedia']
    });
    Self.logout = async ctx => Self.app.models.VnUser.logout(ctx.req.accessToken.id);
--- a/modules/claim/back/methods/claim/downloadFile.js
+++ b/modules/claim/back/methods/claim/downloadFile.js
@ -32,7 +32,8 @@ module.exports = Self => {
        http: {
            path: `/:id/downloadFile`,
            verb: 'GET'
-        }
+        },
        accessScopes: ['read:multimedia']
    });
    Self.downloadFile = async function(ctx, id) {
--- a/modules/client/front/balance/index/index.html
+++ b/modules/client/front/balance/index/index.html
@ -114,7 +114,7 @@
                    <vn-td center shrink>
                        <a ng-show="balance.hasPdf"
                            target="_blank"
-                            href="api/InvoiceOuts/{{::balance.id}}/download?access_token={{::$ctrl.vnToken.token}}">
+                            href="api/InvoiceOuts/{{::balance.id}}/download?access_token={{::$ctrl.vnToken.tokenMultimedia}}">
                            <vn-icon-button
                                icon="cloud_download"
                                title="{{'Download PDF' | translate}}">
--- a/modules/invoiceOut/back/methods/invoiceOut/download.js
+++ b/modules/invoiceOut/back/methods/invoiceOut/download.js
@ -31,7 +31,8 @@ module.exports = Self => {
        http: {
            path: '/:id/download',
            verb: 'GET'
-        }
+        },
        accessScopes: ['read:multimedia']
    });
    Self.download = async function(ctx, id, options) {
--- a/modules/invoiceOut/back/methods/invoiceOut/downloadZip.js
+++ b/modules/invoiceOut/back/methods/invoiceOut/downloadZip.js
@ -31,7 +31,8 @@ module.exports = Self => {
        http: {
            path: '/downloadZip',
            verb: 'GET'
-        }
+        },
        accessScopes: ['read:multimedia']
    });
    Self.downloadZip = async function(ctx, ids, options) {
--- a/modules/invoiceOut/front/descriptor-menu/index.html
+++ b/modules/invoiceOut/front/descriptor-menu/index.html
@ -37,7 +37,7 @@
            <vn-menu vn-id="showInvoiceMenu">
                <vn-list>
                    <a class="vn-item"
-                        href="api/InvoiceOuts/{{$ctrl.id}}/download?access_token={{$ctrl.vnToken.token}}"
+                        href="api/InvoiceOuts/{{$ctrl.id}}/download?access_token={{$ctrl.vnToken.tokenMultimedia}}"
                        target="_blank"
                        name="showInvoicePdf"
                        translate>
--- a/modules/invoiceOut/front/index/index.js
+++ b/modules/invoiceOut/front/index/index.js
@ -25,7 +25,7 @@ export default class Controller extends Section {
    openPdf() {
        if (this.checked.length <= 1) {
            const [invoiceOutId] = this.checked;
-            const url = `api/InvoiceOuts/${invoiceOutId}/download?access_token=${this.vnToken.token}`;
+            const url = `api/InvoiceOuts/${invoiceOutId}/download?access_token=${this.vnToken.tokenMultimedia}`;
            window.open(url, '_blank');
        } else {
            const invoiceOutIds = this.checked;
--- a/modules/item/back/methods/item-image-queue/download.js
+++ b/modules/item/back/methods/item-image-queue/download.js
@ -11,6 +11,7 @@ module.exports = Self => {
            path: `/download`,
            verb: 'POST',
        },
        accessScopes: ['read:multimedia']
    });
    Self.download = async() => {
--- a/modules/route/back/methods/route/downloadCmrsZip.js
+++ b/modules/route/back/methods/route/downloadCmrsZip.js
@ -29,7 +29,8 @@ module.exports = Self => {
        http: {
            path: '/downloadCmrsZip',
            verb: 'GET'
-        }
+        },
        accessScopes: ['read:multimedia']
    });
    Self.downloadCmrsZip = async function(ctx, ids, options) {
--- a/modules/route/back/methods/route/downloadZip.js
+++ b/modules/route/back/methods/route/downloadZip.js
@ -29,7 +29,8 @@ module.exports = Self => {
        http: {
            path: '/downloadZip',
            verb: 'GET'
-        }
+        },
        accessScopes: ['read:multimedia']
    });
    Self.downloadZip = async function(ctx, id, options) {
--- a/modules/route/back/methods/route/driverRoutePdf.js
+++ b/modules/route/back/methods/route/driverRoutePdf.js
@ -34,7 +34,9 @@ module.exports = Self => {
        http: {
            path: '/:id/driver-route-pdf',
            verb: 'GET'
-        }
+        },
        accessScopes: ['read:multimedia']
    });
    Self.driverRoutePdf = (ctx, id) => Self.printReport(ctx, id, 'driver-route');
--- a/modules/route/front/index/index.js
+++ b/modules/route/front/index/index.js
@ -40,7 +40,7 @@ export default class Controller extends Section {
        const stringRoutesIds = routesIds.join(',');
        if (this.checked.length <= 1) {
-            const url = `api/Routes/${stringRoutesIds}/driver-route-pdf?access_token=${this.vnToken.token}`;
+            const url = `api/Routes/${stringRoutesIds}/driver-route-pdf?access_token=${this.vnToken.tokenMultimedia}`;
            window.open(url, '_blank');
        } else {
            const serializedParams = this.$httpParamSerializer({
--- a/modules/worker/back/methods/worker-dms/downloadFile.js
+++ b/modules/worker/back/methods/worker-dms/downloadFile.js
@ -29,7 +29,8 @@ module.exports = Self => {
        http: {
            path: `/:id/downloadFile`,
            verb: 'GET'
-        }
+        },
        accessScopes: ['read:multimedia']
    });
    Self.downloadFile = async function(ctx, id) {