7773-testToMaster_2430 #2774

Merged
alexm merged 368 commits from 7773-testToMaster_2430 into master 2024-07-23 06:21:03 +00:00
8 changed files with 95 additions and 16 deletions
Showing only changes of commit f47197cd80 - Show all commits

View File

@ -0,0 +1,10 @@
-- Place your SQL code here
-- Auto-generated SQL script #202406281423
INSERT INTO salix.ACL (model,property,accessType,permission,principalType,principalId)
VALUES ('Entry','filter','READ','ALLOW','ROLE','$authenticated');
-- Auto-generated SQL script #202406281452
INSERT INTO salix.ACL (model,property,accessType,permission,principalType,principalId)
VALUES ('Entry','getBuys','READ','ALLOW','ROLE','$authenticated');
INSERT INTO salix.ACL (model,property,accessType,permission,principalType,principalId)
VALUES ('Entry','buyLabel','READ','ALLOW','ROLE','$authenticated');

View File

@ -29,7 +29,8 @@ module.exports = Self => {
http: { http: {
path: '/:id/buy-label', path: '/:id/buy-label',
verb: 'GET' verb: 'GET'
} },
accessScopes: ['DEFAULT', 'read:multimedia']
}); });
Self.buyLabel = (ctx, id) => Self.printReport(ctx, id, 'buy-label'); Self.buyLabel = (ctx, id) => Self.printReport(ctx, id, 'buy-label');

View File

@ -112,7 +112,7 @@ module.exports = Self => {
if (typeof options == 'object') if (typeof options == 'object')
Object.assign(myOptions, options); Object.assign(myOptions, options);
const isSupplier = await Self.app.models.Supplier.isSupplier(ctx, options);
const conn = Self.dataSource.connector; const conn = Self.dataSource.connector;
const where = buildFilter(ctx.args, (param, value) => { const where = buildFilter(ctx.args, (param, value) => {
switch (param) { switch (param) {
@ -146,7 +146,11 @@ module.exports = Self => {
} }
}); });
filter = mergeFilters(ctx.args.filter, {where}); filter = mergeFilters(ctx.args.filter, {where});
delete filter.order;
if (isSupplier) {
if (!filter.where) filter.where = {};
filter.where.supplierFk = ctx.req.accessToken.userId;
}
const stmts = []; const stmts = [];
let stmt; let stmt;
stmt = new ParameterizedSQL( stmt = new ParameterizedSQL(

View File

@ -1,7 +1,10 @@
const ForbiddenError = require('vn-loopback/util/forbiddenError');
const UserError = require('vn-loopback/util/user-error');
const mergeFilters = require('vn-loopback/util/filter').mergeFilters; const mergeFilters = require('vn-loopback/util/filter').mergeFilters;
module.exports = Self => { module.exports = Self => {
Self.remoteMethod('getBuys', { Self.remoteMethodCtx('getBuys', {
description: 'Returns buys for one entry', description: 'Returns buys for one entry',
accessType: 'READ', accessType: 'READ',
accepts: [{ accepts: [{
@ -27,13 +30,18 @@ module.exports = Self => {
} }
}); });
Self.getBuys = async(id, filter, options) => { Self.getBuys = async(ctx, id, filter, options) => {
const models = Self.app.models; const models = Self.app.models;
const myOptions = {}; const myOptions = {};
if (typeof options == 'object') if (typeof options == 'object')
Object.assign(myOptions, options); Object.assign(myOptions, options);
const isSupplier = await Self.app.models.Supplier.isSupplier(ctx, options);
if (isSupplier) {
const isEntryOwner = (await Self.findById(id)).supplierFk === ctx.req.accessToken.userId;
if (! isEntryOwner) throw new UserError('Access Denied');
}
let defaultFilter = { let defaultFilter = {
where: {entryFk: id}, where: {entryFk: id},
fields: [ fields: [
@ -49,9 +57,23 @@ module.exports = Self => {
'buyingValue', 'buyingValue',
'price2', 'price2',
'price3', 'price3',
'printedStickers' 'printedStickers',
'entryFk'
], ],
include: { include: [{
relation: 'entry',
scope: {
fields: [
'id', 'supplierFk'
],
include: {
relation: 'supplier', scope: {
fields: ['id']
}
}
}
},
{
relation: 'item', relation: 'item',
scope: { scope: {
fields: [ fields: [
@ -82,9 +104,9 @@ module.exports = Self => {
} }
} }
} }
} }]
}; };
delete filter.order;
defaultFilter = mergeFilters(defaultFilter, filter); defaultFilter = mergeFilters(defaultFilter, filter);
return models.Buy.find(defaultFilter, myOptions); return models.Buy.find(defaultFilter, myOptions);

View File

@ -9,7 +9,8 @@ describe('Entry filter()', () => {
const ctx = { const ctx = {
args: { args: {
search: 1 search: 1
} },
req: {accessToken: {userId: 9}}
}; };
const result = await models.Entry.filter(ctx, options); const result = await models.Entry.filter(ctx, options);
@ -32,7 +33,8 @@ describe('Entry filter()', () => {
const ctx = { const ctx = {
args: { args: {
currencyFk: 1 currencyFk: 1
} },
req: {accessToken: {userId: 9}}
}; };
const result = await models.Entry.filter(ctx, options); const result = await models.Entry.filter(ctx, options);
@ -54,7 +56,8 @@ describe('Entry filter()', () => {
const ctx = { const ctx = {
args: { args: {
supplierFk: 2 supplierFk: 2
} },
req: {accessToken: {userId: 9}}
}; };
const result = await models.Entry.filter(ctx, options); const result = await models.Entry.filter(ctx, options);
@ -76,7 +79,8 @@ describe('Entry filter()', () => {
const ctx = { const ctx = {
args: { args: {
companyFk: 442 companyFk: 442
} },
req: {accessToken: {userId: 9}}
}; };
const result = await models.Entry.filter(ctx, options); const result = await models.Entry.filter(ctx, options);
@ -98,7 +102,8 @@ describe('Entry filter()', () => {
const ctx = { const ctx = {
args: { args: {
isBooked: true, isBooked: true,
} },
req: {accessToken: {userId: 9}}
}; };
const result = await models.Entry.filter(ctx, options); const result = await models.Entry.filter(ctx, options);
@ -121,7 +126,8 @@ describe('Entry filter()', () => {
args: { args: {
reference: 'movement', reference: 'movement',
travelFk: '2' travelFk: '2'
} },
req: {accessToken: {userId: 9}}
}; };
const result = await models.Entry.filter(ctx, options); const result = await models.Entry.filter(ctx, options);

View File

@ -7,7 +7,14 @@ describe('entry getBuys()', () => {
const options = {transaction: tx}; const options = {transaction: tx};
try { try {
const result = await models.Entry.getBuys(entryId, options); const ctx = {
args: {
search: 1
},
req: {accessToken: {userId: 2}}
};
const result = await models.Entry.getBuys(ctx, entryId, options);
const length = result.length; const length = result.length;
const anyResult = result[Math.floor(Math.random() * Math.floor(length))]; const anyResult = result[Math.floor(Math.random() * Math.floor(length))];

View File

@ -0,0 +1,28 @@
const UserError = require('vn-loopback/util/user-error');
module.exports = Self => {
Self.remoteMethodCtx('isSupplier', {
description: 'Check is supplierFk exists as supplier',
accessType: 'READ',
returns: {
type: 'boolean',
root: true
},
http: {
path: `/isSupplier`,
verb: 'GET'
}
});
Self.isSupplier = async(ctx, options) => {
const myOptions = {validate: false};
if (typeof options == 'object')
Object.assign(myOptions, options);
const userId = ctx.req.accessToken.userId;
const exists = await Self.findById(userId);
return !!exists;
};
};

View File

@ -12,6 +12,7 @@ module.exports = Self => {
require('../methods/supplier/campaignMetricsEmail')(Self); require('../methods/supplier/campaignMetricsEmail')(Self);
require('../methods/supplier/newSupplier')(Self); require('../methods/supplier/newSupplier')(Self);
require('../methods/supplier/getItemsPackaging')(Self); require('../methods/supplier/getItemsPackaging')(Self);
require('../methods/supplier/isSupplier')(Self);
Self.validatesPresenceOf('name', { Self.validatesPresenceOf('name', {
message: 'The social name cannot be empty' message: 'The social name cannot be empty'