diff --git a/modules/entry/back/methods/entry/filter.js b/modules/entry/back/methods/entry/filter.js index 5989494a4..f21d9dbc4 100644 --- a/modules/entry/back/methods/entry/filter.js +++ b/modules/entry/back/methods/entry/filter.js @@ -146,10 +146,11 @@ module.exports = Self => { }); filter = mergeFilters(ctx.args.filter, {where}); const userId = ctx.req.accessToken.userId; - const isSupplier = await Self.app.models.Supplier.findById(userId, myOptions); - if (isSupplier) { + const client = await Self.app.models.Client.findById(userId, myOptions); + const supplier = await Self.app.models.Supplier.findOne({where: {nif: client.fi}}, myOptions); + if (supplier) { if (!filter.where) filter.where = {}; - filter.where[`e.supplierFk`] = ctx.req.accessToken.userId; + filter.where[`e.supplierFk`] = supplier.id; } const stmts = []; let stmt; diff --git a/modules/entry/back/methods/entry/getBuys.js b/modules/entry/back/methods/entry/getBuys.js index 444e6cb14..0cb71653e 100644 --- a/modules/entry/back/methods/entry/getBuys.js +++ b/modules/entry/back/methods/entry/getBuys.js @@ -36,9 +36,10 @@ module.exports = Self => { if (typeof options == 'object') Object.assign(myOptions, options); - const isSupplier = await Self.app.models.Supplier.findById(userId, myOptions); - if (isSupplier) { - const isEntryOwner = (await Self.findById(id)).supplierFk === userId; + const client = await Self.app.models.Client.findById(userId, myOptions); + const supplier = await Self.app.models.Supplier.findOne({where: {nif: client.fi}}, myOptions); + if (supplier) { + const isEntryOwner = (await Self.findById(id)).supplierFk === supplier.id; if (!isEntryOwner) throw new UserError('Access Denied'); } diff --git a/modules/entry/back/methods/entry/specs/filter.spec.js b/modules/entry/back/methods/entry/specs/filter.spec.js index 9d954cdc4..c8a5bd94f 100644 --- a/modules/entry/back/methods/entry/specs/filter.spec.js +++ b/modules/entry/back/methods/entry/specs/filter.spec.js @@ -56,7 +56,7 @@ describe('Entry filter()', () => { try { const ctx = { args: {}, - req: {accessToken: {userId: 2}} + req: {accessToken: {userId: 1102}} }; const result = await models.Entry.filter(ctx, options); @@ -79,7 +79,7 @@ describe('Entry filter()', () => { args: { supplierFk: 1 }, - req: {accessToken: {userId: 2}} + req: {accessToken: {userId: 1102}} }; const result = await models.Entry.filter(ctx, options); diff --git a/modules/entry/back/methods/entry/specs/getBuys.spec.js b/modules/entry/back/methods/entry/specs/getBuys.spec.js index cb7f7cb80..2d3531249 100644 --- a/modules/entry/back/methods/entry/specs/getBuys.spec.js +++ b/modules/entry/back/methods/entry/specs/getBuys.spec.js @@ -40,7 +40,7 @@ describe('entry getBuys()', () => { args: { search: 1 }, - req: {accessToken: {userId: 2}} + req: {accessToken: {userId: 1102}} }; const result = await models.Entry.getBuys(ctx, entryId, options);