7773-testToMaster_2430 #2774

Merged
alexm merged 368 commits from 7773-testToMaster_2430 into master 2024-07-23 06:21:03 +00:00
8 changed files with 212 additions and 50 deletions
Showing only changes of commit d01820c751 - Show all commits

View File

@ -3911,4 +3911,3 @@ VALUES(1, '');
INSERT INTO dipole.expedition_PrintOut (expeditionFk, ticketFk, addressFk, street, postalCode, city, shopName, isPrinted, created, printerFk, routeFk, parkingCode, INSERT INTO dipole.expedition_PrintOut (expeditionFk, ticketFk, addressFk, street, postalCode, city, shopName, isPrinted, created, printerFk, routeFk, parkingCode,
truckName, clientFk, phone, province, agency, m3, workerCode, itemFk, quantity, longName, shelvingFk, comments) truckName, clientFk, phone, province, agency, m3, workerCode, itemFk, quantity, longName, shelvingFk, comments)
VALUES(1, 1, 0, ' ', ' ', ' ', ' ', 0, '2001-01-01 00:00:00', 1, 0, ' ', ' ', 0, NULL, '', NULL, 0.000, NULL, 10, NULL, NULL, 'NCC', NULL); VALUES(1, 1, 0, ' ', ' ', ' ', ' ', 0, '2001-01-01 00:00:00', 1, 0, ' ', ' ', 0, NULL, '', NULL, 0.000, NULL, 10, NULL, NULL, 'NCC', NULL);

View File

@ -0,0 +1,21 @@
INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`)
VALUES ('Entry','filter','READ','ALLOW','ROLE','supplier');
INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`)
VALUES ('Entry','getBuys','READ','ALLOW','ROLE','supplier');
INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`)
VALUES ('Entry','buyLabel','READ','ALLOW','ROLE','supplier');
INSERT IGNORE INTO `account`.`role` (`name`,`description`,`hasLogin`,`created`,`modified`)
VALUES ('supplier','Proveedores',1,'2017-10-10 14:58:58.000','2017-10-10 14:59:20.000');
SET @supplierFk =LAST_INSERT_ID();
INSERT IGNORE INTO account.roleInherit (`role`,`inheritsFrom`)
VALUES (@supplierFk,2);
UPDATE salix.ACL
SET principalId='$authenticated'
WHERE id=264;

View File

@ -92,6 +92,7 @@ module.exports = Self => {
const locale = modelLocale && modelLocale.get(lang); const locale = modelLocale && modelLocale.get(lang);
json[modelName] = { json[modelName] = {
http: model.sharedClass.http.path,
properties: model.definition.rawProperties, properties: model.definition.rawProperties,
validations: jsonValidations, validations: jsonValidations,
locale locale

View File

@ -29,7 +29,8 @@ module.exports = Self => {
http: { http: {
path: '/:id/buy-label', path: '/:id/buy-label',
verb: 'GET' verb: 'GET'
} },
accessScopes: ['DEFAULT', 'read:multimedia']
}); });
Self.buyLabel = (ctx, id) => Self.printReport(ctx, id, 'buy-label'); Self.buyLabel = (ctx, id) => Self.printReport(ctx, id, 'buy-label');

View File

@ -112,7 +112,6 @@ module.exports = Self => {
if (typeof options == 'object') if (typeof options == 'object')
Object.assign(myOptions, options); Object.assign(myOptions, options);
const conn = Self.dataSource.connector; const conn = Self.dataSource.connector;
const where = buildFilter(ctx.args, (param, value) => { const where = buildFilter(ctx.args, (param, value) => {
switch (param) { switch (param) {
@ -146,7 +145,12 @@ module.exports = Self => {
} }
}); });
filter = mergeFilters(ctx.args.filter, {where}); filter = mergeFilters(ctx.args.filter, {where});
const userId = ctx.req.accessToken.userId;
const isSupplier = await Self.app.models.Supplier.findById(userId, options);
if (isSupplier) {
if (!filter.where) filter.where = {};
filter.where[`e.supplierFk`] = ctx.req.accessToken.userId;
}
const stmts = []; const stmts = [];
let stmt; let stmt;
stmt = new ParameterizedSQL( stmt = new ParameterizedSQL(
@ -158,7 +162,7 @@ module.exports = Self => {
e.invoiceNumber, e.invoiceNumber,
e.isBooked, e.isBooked,
e.isExcludedFromAvailable, e.isExcludedFromAvailable,
e.evaNotes AS observation, e.evaNotes observation,
e.isConfirmed, e.isConfirmed,
e.isOrdered, e.isOrdered,
e.isRaid, e.isRaid,
@ -170,13 +174,18 @@ module.exports = Self => {
e.gestDocFk, e.gestDocFk,
e.invoiceInFk, e.invoiceInFk,
t.landed, t.landed,
s.name AS supplierName, s.name supplierName,
s.nickname AS supplierAlias, s.nickname supplierAlias,
co.code AS companyCode, co.code companyCode,
cu.code AS currencyCode cu.code currencyCode,
t.shipped,
t.landed,
t.warehouseInFk,
w.name warehouseInName
FROM vn.entry e FROM vn.entry e
JOIN vn.supplier s ON s.id = e.supplierFk JOIN vn.supplier s ON s.id = e.supplierFk
JOIN vn.travel t ON t.id = e.travelFk JOIN vn.travel t ON t.id = e.travelFk
JOIN vn.warehouse w ON w.id = t.warehouseInFk
JOIN vn.company co ON co.id = e.companyFk JOIN vn.company co ON co.id = e.companyFk
JOIN vn.currency cu ON cu.id = e.currencyFk` JOIN vn.currency cu ON cu.id = e.currencyFk`
); );

View File

@ -1,7 +1,9 @@
const UserError = require('vn-loopback/util/user-error');
const mergeFilters = require('vn-loopback/util/filter').mergeFilters; const mergeFilters = require('vn-loopback/util/filter').mergeFilters;
module.exports = Self => { module.exports = Self => {
Self.remoteMethod('getBuys', { Self.remoteMethodCtx('getBuys', {
description: 'Returns buys for one entry', description: 'Returns buys for one entry',
accessType: 'READ', accessType: 'READ',
accepts: [{ accepts: [{
@ -27,13 +29,19 @@ module.exports = Self => {
} }
}); });
Self.getBuys = async(id, filter, options) => { Self.getBuys = async(ctx, id, filter, options) => {
const userId = ctx.req.accessToken.userId;
const models = Self.app.models; const models = Self.app.models;
const myOptions = {}; const myOptions = {};
if (typeof options == 'object') if (typeof options == 'object')
Object.assign(myOptions, options); Object.assign(myOptions, options);
const isSupplier = await Self.app.models.Supplier.findById(userId, myOptions);
if (isSupplier) {
const isEntryOwner = (await Self.findById(id)).supplierFk === userId;
if (!isEntryOwner) throw new UserError('Access Denied');
}
let defaultFilter = { let defaultFilter = {
where: {entryFk: id}, where: {entryFk: id},
fields: [ fields: [
@ -49,9 +57,23 @@ module.exports = Self => {
'buyingValue', 'buyingValue',
'price2', 'price2',
'price3', 'price3',
'printedStickers' 'printedStickers',
'entryFk'
], ],
include: { include: [{
relation: 'entry',
scope: {
fields: [
'id', 'supplierFk'
],
include: {
relation: 'supplier', scope: {
fields: ['id']
}
}
}
},
{
relation: 'item', relation: 'item',
scope: { scope: {
fields: [ fields: [
@ -82,9 +104,8 @@ module.exports = Self => {
} }
} }
} }
} }]
}; };
defaultFilter = mergeFilters(defaultFilter, filter); defaultFilter = mergeFilters(defaultFilter, filter);
return models.Buy.find(defaultFilter, myOptions); return models.Buy.find(defaultFilter, myOptions);

View File

@ -9,7 +9,8 @@ describe('Entry filter()', () => {
const ctx = { const ctx = {
args: { args: {
search: 1 search: 1
} },
req: {accessToken: {userId: 9}}
}; };
const result = await models.Entry.filter(ctx, options); const result = await models.Entry.filter(ctx, options);
@ -32,7 +33,8 @@ describe('Entry filter()', () => {
const ctx = { const ctx = {
args: { args: {
currencyFk: 1 currencyFk: 1
} },
req: {accessToken: {userId: 9}}
}; };
const result = await models.Entry.filter(ctx, options); const result = await models.Entry.filter(ctx, options);
@ -46,26 +48,73 @@ describe('Entry filter()', () => {
} }
}); });
it('should return the entry matching the supplier', async() => { describe('should return the entry matching the supplier', () => {
const tx = await models.Entry.beginTransaction({}); it('when userId is supplier ', async() => {
const options = {transaction: tx}; const tx = await models.Entry.beginTransaction({});
const options = {transaction: tx};
try { try {
const ctx = { const ctx = {
args: { args: {},
supplierFk: 2 req: {accessToken: {userId: 2}}
} };
};
const result = await models.Entry.filter(ctx, options); const result = await models.Entry.filter(ctx, options);
expect(result.length).toEqual(6); expect(result.length).toEqual(6);
await tx.rollback(); await tx.rollback();
} catch (e) { } catch (e) {
await tx.rollback(); await tx.rollback();
throw e; throw e;
} }
});
it('when userId is supplier fetching other supplier', async() => {
const tx = await models.Entry.beginTransaction({});
const options = {transaction: tx};
try {
const ctx = {
args: {
supplierFk: 1
},
req: {accessToken: {userId: 2}}
};
const result = await models.Entry.filter(ctx, options);
expect(result.length).toEqual(6);
await tx.rollback();
} catch (e) {
await tx.rollback();
throw e;
}
});
it('when userId is not supplier', async() => {
const tx = await models.Entry.beginTransaction({});
const options = {transaction: tx};
try {
const ctx = {
args: {
supplierFk: 2
},
req: {accessToken: {userId: 9}}
};
const result = await models.Entry.filter(ctx, options);
expect(result.length).toEqual(6);
await tx.rollback();
} catch (e) {
await tx.rollback();
throw e;
}
});
}); });
it('should return the entry matching the company', async() => { it('should return the entry matching the company', async() => {
@ -76,7 +125,8 @@ describe('Entry filter()', () => {
const ctx = { const ctx = {
args: { args: {
companyFk: 442 companyFk: 442
} },
req: {accessToken: {userId: 9}}
}; };
const result = await models.Entry.filter(ctx, options); const result = await models.Entry.filter(ctx, options);
@ -98,7 +148,8 @@ describe('Entry filter()', () => {
const ctx = { const ctx = {
args: { args: {
isBooked: true, isBooked: true,
} },
req: {accessToken: {userId: 9}}
}; };
const result = await models.Entry.filter(ctx, options); const result = await models.Entry.filter(ctx, options);
@ -121,7 +172,8 @@ describe('Entry filter()', () => {
args: { args: {
reference: 'movement', reference: 'movement',
travelFk: '2' travelFk: '2'
} },
req: {accessToken: {userId: 9}}
}; };
const result = await models.Entry.filter(ctx, options); const result = await models.Entry.filter(ctx, options);

View File

@ -1,24 +1,82 @@
const UserError = require('vn-loopback/util/user-error');
const models = require('vn-loopback/server/server').models; const models = require('vn-loopback/server/server').models;
describe('entry getBuys()', () => { describe('entry getBuys()', () => {
const entryId = 4; const entryId = 4;
it('should get the buys and items of an entry', async() => { describe('should get the buys and items of an entry ', () => {
const tx = await models.Entry.beginTransaction({}); it('when is supplier and entry owner', async() => {
const options = {transaction: tx}; const tx = await models.Entry.beginTransaction({});
const options = {transaction: tx};
try { try {
const result = await models.Entry.getBuys(entryId, options); const ctx = {
args: {
search: 1
},
req: {accessToken: {userId: 2}}
};
const length = result.length; const result = await models.Entry.getBuys(ctx, entryId, options);
const anyResult = result[Math.floor(Math.random() * Math.floor(length))];
expect(result.length).toEqual(4); const length = result.length;
expect(anyResult.item).toBeDefined(); const anyResult = result[Math.floor(Math.random() * Math.floor(length))];
await tx.rollback(); expect(result.length).toEqual(4);
} catch (e) { expect(anyResult.item).toBeDefined();
await tx.rollback();
throw e; await tx.rollback();
} } catch (e) {
await tx.rollback();
throw e;
}
});
it('when is supplier but not entry owner', async() => {
const tx = await models.Entry.beginTransaction({});
const options = {transaction: tx};
const entryId = 1;
try {
const ctx = {
args: {
search: 1
},
req: {accessToken: {userId: 2}}
};
const result = await models.Entry.getBuys(ctx, entryId, options);
expect(result).toBeUndefined();
} catch (error) {
expect(error).toBeInstanceOf(UserError);
expect(error.message).toBe('Access Denied');
}
});
it('when is not supplier', async() => {
const tx = await models.Entry.beginTransaction({});
const options = {transaction: tx};
try {
const ctx = {
args: {
search: 1
},
req: {accessToken: {userId: 9}}
};
const result = await models.Entry.getBuys(ctx, entryId, options);
const length = result.length;
const anyResult = result[Math.floor(Math.random() * Math.floor(length))];
expect(result.length).toEqual(4);
expect(anyResult.item).toBeDefined();
await tx.rollback();
} catch (e) {
await tx.rollback();
throw e;
}
});
}); });
}); });