7729-devToTest_2430 #2739

Merged
alexm merged 339 commits from 7729-devToTest_2430 into test 2024-07-16 07:11:37 +00:00
4 changed files with 11 additions and 9 deletions
Showing only changes of commit 0e0d07c4fe - Show all commits

View File

@ -146,10 +146,11 @@ module.exports = Self => {
}); });
filter = mergeFilters(ctx.args.filter, {where}); filter = mergeFilters(ctx.args.filter, {where});
const userId = ctx.req.accessToken.userId; const userId = ctx.req.accessToken.userId;
const isSupplier = await Self.app.models.Supplier.findById(userId, myOptions); const client = await Self.app.models.Client.findById(userId, myOptions);
if (isSupplier) { const supplier = await Self.app.models.Supplier.findOne({where: {nif: client.fi}}, myOptions);
if (supplier) {
if (!filter.where) filter.where = {}; if (!filter.where) filter.where = {};
filter.where[`e.supplierFk`] = ctx.req.accessToken.userId; filter.where[`e.supplierFk`] = supplier.id;
} }
const stmts = []; const stmts = [];
let stmt; let stmt;

View File

@ -36,9 +36,10 @@ module.exports = Self => {
if (typeof options == 'object') if (typeof options == 'object')
Object.assign(myOptions, options); Object.assign(myOptions, options);
const isSupplier = await Self.app.models.Supplier.findById(userId, myOptions); const client = await Self.app.models.Client.findById(userId, myOptions);
if (isSupplier) { const supplier = await Self.app.models.Supplier.findOne({where: {nif: client.fi}}, myOptions);
const isEntryOwner = (await Self.findById(id)).supplierFk === userId; if (supplier) {
const isEntryOwner = (await Self.findById(id)).supplierFk === supplier.id;
if (!isEntryOwner) throw new UserError('Access Denied'); if (!isEntryOwner) throw new UserError('Access Denied');
} }

View File

@ -56,7 +56,7 @@ describe('Entry filter()', () => {
try { try {
const ctx = { const ctx = {
args: {}, args: {},
req: {accessToken: {userId: 2}} req: {accessToken: {userId: 1102}}
}; };
const result = await models.Entry.filter(ctx, options); const result = await models.Entry.filter(ctx, options);
@ -79,7 +79,7 @@ describe('Entry filter()', () => {
args: { args: {
supplierFk: 1 supplierFk: 1
}, },
req: {accessToken: {userId: 2}} req: {accessToken: {userId: 1102}}
}; };
const result = await models.Entry.filter(ctx, options); const result = await models.Entry.filter(ctx, options);

View File

@ -40,7 +40,7 @@ describe('entry getBuys()', () => {
args: { args: {
search: 1 search: 1
}, },
req: {accessToken: {userId: 2}} req: {accessToken: {userId: 1102}}
}; };
const result = await models.Entry.getBuys(ctx, entryId, options); const result = await models.Entry.getBuys(ctx, entryId, options);