#7648 - Customer View Entries #2659
|
@ -3,13 +3,18 @@ INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`prin
|
||||||
VALUES ('Entry','filter','READ','ALLOW','ROLE','supplier');
|
VALUES ('Entry','filter','READ','ALLOW','ROLE','supplier');
|
||||||
|
|
||||||
INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`)
|
INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`)
|
||||||
VALUES ('Entry','getBuys','READ','ALLOW','ROLE','$authenticated');
|
VALUES ('Entry','getBuys','READ','ALLOW','ROLE','supplier');
|
||||||
|
|
||||||
INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`)
|
INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`)
|
||||||
VALUES ('Entry','buyLabel','READ','ALLOW','ROLE','$authenticated');
|
VALUES ('Entry','buyLabel','READ','ALLOW','ROLE','supplier');
|
||||||
|
|
||||||
INSERT IGNORE INTO `account`.`role` (`name`,`description`,`hasLogin`,`created`,`modified`)
|
INSERT IGNORE INTO `account`.`role` (`name`,`description`,`hasLogin`,`created`,`modified`)
|
||||||
VALUES ('supplier','Proveedores',1,'2017-10-10 14:58:58.000','2017-10-10 14:59:20.000');
|
VALUES ('supplier','Proveedores',1,'2017-10-10 14:58:58.000','2017-10-10 14:59:20.000');
|
||||||
SET @supplierFk =LAST_INSERT_ID();
|
SET @supplierFk =LAST_INSERT_ID();
|
||||||
INSERT IGNORE INTO account.roleInherit (`role`,`inheritsFrom`)
|
INSERT IGNORE INTO account.roleInherit (`role`,`inheritsFrom`)
|
||||||
VALUES (@supplierFk,2);
|
VALUES (@supplierFk,2);
|
||||||
|
|
||||||
|
UPDATE salix.ACL
|
||||||
|
SET principalId='$authenticated'
|
||||||
|
WHERE id=264;
|
||||||
|
|
||||||
|
|
|
@ -92,6 +92,7 @@ module.exports = Self => {
|
||||||
const locale = modelLocale && modelLocale.get(lang);
|
const locale = modelLocale && modelLocale.get(lang);
|
||||||
|
|
||||||
json[modelName] = {
|
json[modelName] = {
|
||||||
|
http: model.sharedClass.http.path,
|
||||||
properties: model.definition.rawProperties,
|
properties: model.definition.rawProperties,
|
||||||
validations: jsonValidations,
|
validations: jsonValidations,
|
||||||
locale
|
locale
|
||||||
|
|
|
@ -112,7 +112,6 @@ module.exports = Self => {
|
||||||
|
|
||||||
if (typeof options == 'object')
|
if (typeof options == 'object')
|
||||||
Object.assign(myOptions, options);
|
Object.assign(myOptions, options);
|
||||||
const isSupplier = await Self.app.models.Supplier.isSupplier(ctx, options);
|
|
||||||
const conn = Self.dataSource.connector;
|
const conn = Self.dataSource.connector;
|
||||||
const where = buildFilter(ctx.args, (param, value) => {
|
const where = buildFilter(ctx.args, (param, value) => {
|
||||||
switch (param) {
|
switch (param) {
|
||||||
|
@ -146,7 +145,8 @@ module.exports = Self => {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
filter = mergeFilters(ctx.args.filter, {where});
|
filter = mergeFilters(ctx.args.filter, {where});
|
||||||
delete filter.order;
|
const userId = ctx.req.accessToken.userId;
|
||||||
|
const isSupplier = await Self.app.models.Supplier.findById(userId, options);
|
||||||
if (isSupplier) {
|
if (isSupplier) {
|
||||||
if (!filter.where) filter.where = {};
|
if (!filter.where) filter.where = {};
|
||||||
filter.where.supplierFk = ctx.req.accessToken.userId;
|
filter.where.supplierFk = ctx.req.accessToken.userId;
|
||||||
|
|
|
@ -31,16 +31,17 @@ module.exports = Self => {
|
||||||
});
|
});
|
||||||
|
|
||||||
Self.getBuys = async(ctx, id, filter, options) => {
|
Self.getBuys = async(ctx, id, filter, options) => {
|
||||||
|
const userId = ctx.req.accessToken.userId;
|
||||||
const models = Self.app.models;
|
const models = Self.app.models;
|
||||||
const myOptions = {};
|
const myOptions = {};
|
||||||
|
|
||||||
if (typeof options == 'object')
|
if (typeof options == 'object')
|
||||||
Object.assign(myOptions, options);
|
Object.assign(myOptions, options);
|
||||||
const isSupplier = await Self.app.models.Supplier.isSupplier(ctx, options);
|
const isSupplier = await Self.app.models.Supplier.findById(userId, options);
|
||||||
if (isSupplier) {
|
if (isSupplier) {
|
||||||
const isEntryOwner = (await Self.findById(id)).supplierFk === ctx.req.accessToken.userId;
|
const isEntryOwner = (await Self.findById(id)).supplierFk === userId;
|
||||||
|
|
||||||
if (! isEntryOwner) throw new UserError('Access Denied');
|
if (!isEntryOwner) throw new UserError('Access Denied');
|
||||||
}
|
}
|
||||||
let defaultFilter = {
|
let defaultFilter = {
|
||||||
where: {entryFk: id},
|
where: {entryFk: id},
|
||||||
|
@ -106,7 +107,6 @@ module.exports = Self => {
|
||||||
}
|
}
|
||||||
}]
|
}]
|
||||||
};
|
};
|
||||||
delete filter.order;
|
|
||||||
defaultFilter = mergeFilters(defaultFilter, filter);
|
defaultFilter = mergeFilters(defaultFilter, filter);
|
||||||
|
|
||||||
return models.Buy.find(defaultFilter, myOptions);
|
return models.Buy.find(defaultFilter, myOptions);
|
||||||
|
|
|
@ -1,28 +0,0 @@
|
||||||
const UserError = require('vn-loopback/util/user-error');
|
|
||||||
|
|
||||||
module.exports = Self => {
|
|
||||||
Self.remoteMethodCtx('isSupplier', {
|
|
||||||
description: 'Check is supplierFk exists as supplier',
|
|
||||||
accessType: 'READ',
|
|
||||||
returns: {
|
|
||||||
type: 'boolean',
|
|
||||||
root: true
|
|
||||||
},
|
|
||||||
http: {
|
|
||||||
path: `/isSupplier`,
|
|
||||||
verb: 'GET'
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
Self.isSupplier = async(ctx, options) => {
|
|
||||||
const myOptions = {validate: false};
|
|
||||||
|
|
||||||
if (typeof options == 'object')
|
|
||||||
Object.assign(myOptions, options);
|
|
||||||
|
|
||||||
const userId = ctx.req.accessToken.userId;
|
|
||||||
const exists = await Self.findById(userId);
|
|
||||||
|
|
||||||
return !!exists;
|
|
||||||
};
|
|
||||||
};
|
|
|
@ -12,7 +12,6 @@ module.exports = Self => {
|
||||||
require('../methods/supplier/campaignMetricsEmail')(Self);
|
require('../methods/supplier/campaignMetricsEmail')(Self);
|
||||||
require('../methods/supplier/newSupplier')(Self);
|
require('../methods/supplier/newSupplier')(Self);
|
||||||
require('../methods/supplier/getItemsPackaging')(Self);
|
require('../methods/supplier/getItemsPackaging')(Self);
|
||||||
require('../methods/supplier/isSupplier')(Self);
|
|
||||||
|
|
||||||
Self.validatesPresenceOf('name', {
|
Self.validatesPresenceOf('name', {
|
||||||
message: 'The social name cannot be empty'
|
message: 'The social name cannot be empty'
|
||||||
|
|
Loading…
Reference in New Issue