7773-testToMaster_2430 #2774
|
@ -3911,4 +3911,3 @@ VALUES(1, '');
|
|||
INSERT INTO dipole.expedition_PrintOut (expeditionFk, ticketFk, addressFk, street, postalCode, city, shopName, isPrinted, created, printerFk, routeFk, parkingCode,
|
||||
truckName, clientFk, phone, province, agency, m3, workerCode, itemFk, quantity, longName, shelvingFk, comments)
|
||||
VALUES(1, 1, 0, ' ', ' ', ' ', ' ', 0, '2001-01-01 00:00:00', 1, 0, ' ', ' ', 0, NULL, '', NULL, 0.000, NULL, 10, NULL, NULL, 'NCC', NULL);
|
||||
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
|
||||
INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`)
|
||||
VALUES ('Entry','filter','READ','ALLOW','ROLE','supplier');
|
||||
|
||||
INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`)
|
||||
VALUES ('Entry','getBuys','READ','ALLOW','ROLE','supplier');
|
||||
|
||||
INSERT IGNORE INTO salix.ACL (`model`,`property`,`accessType`,`permission`,`principalType`,`principalId`)
|
||||
VALUES ('Entry','buyLabel','READ','ALLOW','ROLE','supplier');
|
||||
|
||||
INSERT IGNORE INTO `account`.`role` (`name`,`description`,`hasLogin`,`created`,`modified`)
|
||||
VALUES ('supplier','Proveedores',1,'2017-10-10 14:58:58.000','2017-10-10 14:59:20.000');
|
||||
SET @supplierFk =LAST_INSERT_ID();
|
||||
INSERT IGNORE INTO account.roleInherit (`role`,`inheritsFrom`)
|
||||
VALUES (@supplierFk,2);
|
||||
|
||||
UPDATE salix.ACL
|
||||
SET principalId='$authenticated'
|
||||
WHERE id=264;
|
||||
|
||||
|
|
@ -92,6 +92,7 @@ module.exports = Self => {
|
|||
const locale = modelLocale && modelLocale.get(lang);
|
||||
|
||||
json[modelName] = {
|
||||
http: model.sharedClass.http.path,
|
||||
properties: model.definition.rawProperties,
|
||||
validations: jsonValidations,
|
||||
locale
|
||||
|
|
|
@ -29,7 +29,8 @@ module.exports = Self => {
|
|||
http: {
|
||||
path: '/:id/buy-label',
|
||||
verb: 'GET'
|
||||
}
|
||||
},
|
||||
accessScopes: ['DEFAULT', 'read:multimedia']
|
||||
});
|
||||
|
||||
Self.buyLabel = (ctx, id) => Self.printReport(ctx, id, 'buy-label');
|
||||
|
|
|
@ -112,7 +112,6 @@ module.exports = Self => {
|
|||
|
||||
if (typeof options == 'object')
|
||||
Object.assign(myOptions, options);
|
||||
|
||||
const conn = Self.dataSource.connector;
|
||||
const where = buildFilter(ctx.args, (param, value) => {
|
||||
switch (param) {
|
||||
|
@ -146,7 +145,12 @@ module.exports = Self => {
|
|||
}
|
||||
});
|
||||
filter = mergeFilters(ctx.args.filter, {where});
|
||||
|
||||
const userId = ctx.req.accessToken.userId;
|
||||
const isSupplier = await Self.app.models.Supplier.findById(userId, options);
|
||||
if (isSupplier) {
|
||||
if (!filter.where) filter.where = {};
|
||||
filter.where[`e.supplierFk`] = ctx.req.accessToken.userId;
|
||||
}
|
||||
const stmts = [];
|
||||
let stmt;
|
||||
stmt = new ParameterizedSQL(
|
||||
|
@ -158,7 +162,7 @@ module.exports = Self => {
|
|||
e.invoiceNumber,
|
||||
e.isBooked,
|
||||
e.isExcludedFromAvailable,
|
||||
e.evaNotes AS observation,
|
||||
e.evaNotes observation,
|
||||
e.isConfirmed,
|
||||
e.isOrdered,
|
||||
e.isRaid,
|
||||
|
@ -170,13 +174,18 @@ module.exports = Self => {
|
|||
e.gestDocFk,
|
||||
e.invoiceInFk,
|
||||
t.landed,
|
||||
s.name AS supplierName,
|
||||
s.nickname AS supplierAlias,
|
||||
co.code AS companyCode,
|
||||
cu.code AS currencyCode
|
||||
s.name supplierName,
|
||||
s.nickname supplierAlias,
|
||||
co.code companyCode,
|
||||
cu.code currencyCode,
|
||||
t.shipped,
|
||||
t.landed,
|
||||
t.warehouseInFk,
|
||||
w.name warehouseInName
|
||||
FROM vn.entry e
|
||||
JOIN vn.supplier s ON s.id = e.supplierFk
|
||||
JOIN vn.travel t ON t.id = e.travelFk
|
||||
JOIN vn.warehouse w ON w.id = t.warehouseInFk
|
||||
JOIN vn.company co ON co.id = e.companyFk
|
||||
JOIN vn.currency cu ON cu.id = e.currencyFk`
|
||||
);
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
const UserError = require('vn-loopback/util/user-error');
|
||||
|
||||
const mergeFilters = require('vn-loopback/util/filter').mergeFilters;
|
||||
|
||||
module.exports = Self => {
|
||||
Self.remoteMethod('getBuys', {
|
||||
Self.remoteMethodCtx('getBuys', {
|
||||
description: 'Returns buys for one entry',
|
||||
accessType: 'READ',
|
||||
accepts: [{
|
||||
|
@ -27,13 +29,19 @@ module.exports = Self => {
|
|||
}
|
||||
});
|
||||
|
||||
Self.getBuys = async(id, filter, options) => {
|
||||
Self.getBuys = async(ctx, id, filter, options) => {
|
||||
const userId = ctx.req.accessToken.userId;
|
||||
const models = Self.app.models;
|
||||
const myOptions = {};
|
||||
|
||||
if (typeof options == 'object')
|
||||
Object.assign(myOptions, options);
|
||||
const isSupplier = await Self.app.models.Supplier.findById(userId, myOptions);
|
||||
if (isSupplier) {
|
||||
const isEntryOwner = (await Self.findById(id)).supplierFk === userId;
|
||||
|
||||
if (!isEntryOwner) throw new UserError('Access Denied');
|
||||
}
|
||||
let defaultFilter = {
|
||||
where: {entryFk: id},
|
||||
fields: [
|
||||
|
@ -49,9 +57,23 @@ module.exports = Self => {
|
|||
'buyingValue',
|
||||
'price2',
|
||||
'price3',
|
||||
'printedStickers'
|
||||
'printedStickers',
|
||||
'entryFk'
|
||||
],
|
||||
include: [{
|
||||
relation: 'entry',
|
||||
scope: {
|
||||
fields: [
|
||||
'id', 'supplierFk'
|
||||
],
|
||||
include: {
|
||||
relation: 'supplier', scope: {
|
||||
fields: ['id']
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
relation: 'item',
|
||||
scope: {
|
||||
fields: [
|
||||
|
@ -82,9 +104,8 @@ module.exports = Self => {
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}]
|
||||
};
|
||||
|
||||
defaultFilter = mergeFilters(defaultFilter, filter);
|
||||
|
||||
return models.Buy.find(defaultFilter, myOptions);
|
||||
|
|
|
@ -9,7 +9,8 @@ describe('Entry filter()', () => {
|
|||
const ctx = {
|
||||
args: {
|
||||
search: 1
|
||||
}
|
||||
},
|
||||
req: {accessToken: {userId: 9}}
|
||||
};
|
||||
|
||||
const result = await models.Entry.filter(ctx, options);
|
||||
|
@ -32,7 +33,8 @@ describe('Entry filter()', () => {
|
|||
const ctx = {
|
||||
args: {
|
||||
currencyFk: 1
|
||||
}
|
||||
},
|
||||
req: {accessToken: {userId: 9}}
|
||||
};
|
||||
|
||||
const result = await models.Entry.filter(ctx, options);
|
||||
|
@ -46,15 +48,15 @@ describe('Entry filter()', () => {
|
|||
}
|
||||
});
|
||||
|
||||
it('should return the entry matching the supplier', async() => {
|
||||
describe('should return the entry matching the supplier', () => {
|
||||
it('when userId is supplier ', async() => {
|
||||
const tx = await models.Entry.beginTransaction({});
|
||||
const options = {transaction: tx};
|
||||
|
||||
try {
|
||||
const ctx = {
|
||||
args: {
|
||||
supplierFk: 2
|
||||
}
|
||||
args: {},
|
||||
req: {accessToken: {userId: 2}}
|
||||
};
|
||||
|
||||
const result = await models.Entry.filter(ctx, options);
|
||||
|
@ -68,6 +70,53 @@ describe('Entry filter()', () => {
|
|||
}
|
||||
});
|
||||
|
||||
it('when userId is supplier fetching other supplier', async() => {
|
||||
const tx = await models.Entry.beginTransaction({});
|
||||
const options = {transaction: tx};
|
||||
|
||||
try {
|
||||
const ctx = {
|
||||
args: {
|
||||
supplierFk: 1
|
||||
},
|
||||
req: {accessToken: {userId: 2}}
|
||||
};
|
||||
|
||||
const result = await models.Entry.filter(ctx, options);
|
||||
|
||||
expect(result.length).toEqual(6);
|
||||
|
||||
await tx.rollback();
|
||||
} catch (e) {
|
||||
await tx.rollback();
|
||||
throw e;
|
||||
}
|
||||
});
|
||||
|
||||
it('when userId is not supplier', async() => {
|
||||
const tx = await models.Entry.beginTransaction({});
|
||||
const options = {transaction: tx};
|
||||
|
||||
try {
|
||||
const ctx = {
|
||||
args: {
|
||||
supplierFk: 2
|
||||
},
|
||||
req: {accessToken: {userId: 9}}
|
||||
};
|
||||
|
||||
const result = await models.Entry.filter(ctx, options);
|
||||
|
||||
expect(result.length).toEqual(6);
|
||||
|
||||
await tx.rollback();
|
||||
} catch (e) {
|
||||
await tx.rollback();
|
||||
throw e;
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
it('should return the entry matching the company', async() => {
|
||||
const tx = await models.Entry.beginTransaction({});
|
||||
const options = {transaction: tx};
|
||||
|
@ -76,7 +125,8 @@ describe('Entry filter()', () => {
|
|||
const ctx = {
|
||||
args: {
|
||||
companyFk: 442
|
||||
}
|
||||
},
|
||||
req: {accessToken: {userId: 9}}
|
||||
};
|
||||
|
||||
const result = await models.Entry.filter(ctx, options);
|
||||
|
@ -98,7 +148,8 @@ describe('Entry filter()', () => {
|
|||
const ctx = {
|
||||
args: {
|
||||
isBooked: true,
|
||||
}
|
||||
},
|
||||
req: {accessToken: {userId: 9}}
|
||||
};
|
||||
|
||||
const result = await models.Entry.filter(ctx, options);
|
||||
|
@ -121,7 +172,8 @@ describe('Entry filter()', () => {
|
|||
args: {
|
||||
reference: 'movement',
|
||||
travelFk: '2'
|
||||
}
|
||||
},
|
||||
req: {accessToken: {userId: 9}}
|
||||
};
|
||||
|
||||
const result = await models.Entry.filter(ctx, options);
|
||||
|
|
|
@ -1,13 +1,22 @@
|
|||
const UserError = require('vn-loopback/util/user-error');
|
||||
const models = require('vn-loopback/server/server').models;
|
||||
|
||||
describe('entry getBuys()', () => {
|
||||
const entryId = 4;
|
||||
it('should get the buys and items of an entry', async() => {
|
||||
describe('should get the buys and items of an entry ', () => {
|
||||
it('when is supplier and entry owner', async() => {
|
||||
const tx = await models.Entry.beginTransaction({});
|
||||
const options = {transaction: tx};
|
||||
|
||||
try {
|
||||
const result = await models.Entry.getBuys(entryId, options);
|
||||
const ctx = {
|
||||
args: {
|
||||
search: 1
|
||||
},
|
||||
req: {accessToken: {userId: 2}}
|
||||
};
|
||||
|
||||
const result = await models.Entry.getBuys(ctx, entryId, options);
|
||||
|
||||
const length = result.length;
|
||||
const anyResult = result[Math.floor(Math.random() * Math.floor(length))];
|
||||
|
@ -21,4 +30,53 @@ describe('entry getBuys()', () => {
|
|||
throw e;
|
||||
}
|
||||
});
|
||||
|
||||
it('when is supplier but not entry owner', async() => {
|
||||
const tx = await models.Entry.beginTransaction({});
|
||||
const options = {transaction: tx};
|
||||
const entryId = 1;
|
||||
try {
|
||||
const ctx = {
|
||||
args: {
|
||||
search: 1
|
||||
},
|
||||
req: {accessToken: {userId: 2}}
|
||||
};
|
||||
|
||||
const result = await models.Entry.getBuys(ctx, entryId, options);
|
||||
|
||||
expect(result).toBeUndefined();
|
||||
} catch (error) {
|
||||
expect(error).toBeInstanceOf(UserError);
|
||||
expect(error.message).toBe('Access Denied');
|
||||
}
|
||||
});
|
||||
|
||||
it('when is not supplier', async() => {
|
||||
const tx = await models.Entry.beginTransaction({});
|
||||
const options = {transaction: tx};
|
||||
|
||||
try {
|
||||
const ctx = {
|
||||
args: {
|
||||
search: 1
|
||||
},
|
||||
req: {accessToken: {userId: 9}}
|
||||
};
|
||||
|
||||
const result = await models.Entry.getBuys(ctx, entryId, options);
|
||||
|
||||
const length = result.length;
|
||||
const anyResult = result[Math.floor(Math.random() * Math.floor(length))];
|
||||
|
||||
expect(result.length).toEqual(4);
|
||||
expect(anyResult.item).toBeDefined();
|
||||
|
||||
await tx.rollback();
|
||||
} catch (e) {
|
||||
await tx.rollback();
|
||||
throw e;
|
||||
}
|
||||
});
|
||||
});
|
||||
});
|
||||
|
|
Loading…
Reference in New Issue