7729-devToTest_2430 #2739
|
@ -146,10 +146,11 @@ module.exports = Self => {
|
||||||
});
|
});
|
||||||
filter = mergeFilters(ctx.args.filter, {where});
|
filter = mergeFilters(ctx.args.filter, {where});
|
||||||
const userId = ctx.req.accessToken.userId;
|
const userId = ctx.req.accessToken.userId;
|
||||||
const isSupplier = await Self.app.models.Supplier.findById(userId, myOptions);
|
const client = await Self.app.models.Client.findById(userId, myOptions);
|
||||||
if (isSupplier) {
|
const supplier = await Self.app.models.Supplier.findOne({where: {nif: client.fi}}, myOptions);
|
||||||
|
if (supplier) {
|
||||||
if (!filter.where) filter.where = {};
|
if (!filter.where) filter.where = {};
|
||||||
filter.where[`e.supplierFk`] = ctx.req.accessToken.userId;
|
filter.where[`e.supplierFk`] = supplier.id;
|
||||||
}
|
}
|
||||||
const stmts = [];
|
const stmts = [];
|
||||||
let stmt;
|
let stmt;
|
||||||
|
|
|
@ -36,9 +36,10 @@ module.exports = Self => {
|
||||||
|
|
||||||
if (typeof options == 'object')
|
if (typeof options == 'object')
|
||||||
Object.assign(myOptions, options);
|
Object.assign(myOptions, options);
|
||||||
const isSupplier = await Self.app.models.Supplier.findById(userId, myOptions);
|
const client = await Self.app.models.Client.findById(userId, myOptions);
|
||||||
if (isSupplier) {
|
const supplier = await Self.app.models.Supplier.findOne({where: {nif: client.fi}}, myOptions);
|
||||||
const isEntryOwner = (await Self.findById(id)).supplierFk === userId;
|
if (supplier) {
|
||||||
|
const isEntryOwner = (await Self.findById(id)).supplierFk === supplier.id;
|
||||||
|
|
||||||
if (!isEntryOwner) throw new UserError('Access Denied');
|
if (!isEntryOwner) throw new UserError('Access Denied');
|
||||||
}
|
}
|
||||||
|
|
|
@ -56,7 +56,7 @@ describe('Entry filter()', () => {
|
||||||
try {
|
try {
|
||||||
const ctx = {
|
const ctx = {
|
||||||
args: {},
|
args: {},
|
||||||
req: {accessToken: {userId: 2}}
|
req: {accessToken: {userId: 1102}}
|
||||||
};
|
};
|
||||||
|
|
||||||
const result = await models.Entry.filter(ctx, options);
|
const result = await models.Entry.filter(ctx, options);
|
||||||
|
@ -79,7 +79,7 @@ describe('Entry filter()', () => {
|
||||||
args: {
|
args: {
|
||||||
supplierFk: 1
|
supplierFk: 1
|
||||||
},
|
},
|
||||||
req: {accessToken: {userId: 2}}
|
req: {accessToken: {userId: 1102}}
|
||||||
};
|
};
|
||||||
|
|
||||||
const result = await models.Entry.filter(ctx, options);
|
const result = await models.Entry.filter(ctx, options);
|
||||||
|
|
|
@ -40,7 +40,7 @@ describe('entry getBuys()', () => {
|
||||||
args: {
|
args: {
|
||||||
search: 1
|
search: 1
|
||||||
},
|
},
|
||||||
req: {accessToken: {userId: 2}}
|
req: {accessToken: {userId: 1102}}
|
||||||
};
|
};
|
||||||
|
|
||||||
const result = await models.Entry.getBuys(ctx, entryId, options);
|
const result = await models.Entry.getBuys(ctx, entryId, options);
|
||||||
|
|
Loading…
Reference in New Issue