7773-testToMaster_2430 #2774
|
@ -0,0 +1,10 @@
|
||||||
|
-- Place your SQL code here
|
||||||
|
-- Auto-generated SQL script #202406281423
|
||||||
|
INSERT INTO salix.ACL (model,property,accessType,permission,principalType,principalId)
|
||||||
|
VALUES ('Entry','filter','READ','ALLOW','ROLE','$authenticated');
|
||||||
|
|
||||||
|
-- Auto-generated SQL script #202406281452
|
||||||
|
INSERT INTO salix.ACL (model,property,accessType,permission,principalType,principalId)
|
||||||
|
VALUES ('Entry','getBuys','READ','ALLOW','ROLE','$authenticated');
|
||||||
|
INSERT INTO salix.ACL (model,property,accessType,permission,principalType,principalId)
|
||||||
|
VALUES ('Entry','buyLabel','READ','ALLOW','ROLE','$authenticated');
|
|
@ -29,7 +29,8 @@ module.exports = Self => {
|
||||||
http: {
|
http: {
|
||||||
path: '/:id/buy-label',
|
path: '/:id/buy-label',
|
||||||
verb: 'GET'
|
verb: 'GET'
|
||||||
}
|
},
|
||||||
|
accessScopes: ['DEFAULT', 'read:multimedia']
|
||||||
});
|
});
|
||||||
|
|
||||||
Self.buyLabel = (ctx, id) => Self.printReport(ctx, id, 'buy-label');
|
Self.buyLabel = (ctx, id) => Self.printReport(ctx, id, 'buy-label');
|
||||||
|
|
|
@ -112,7 +112,7 @@ module.exports = Self => {
|
||||||
|
|
||||||
if (typeof options == 'object')
|
if (typeof options == 'object')
|
||||||
Object.assign(myOptions, options);
|
Object.assign(myOptions, options);
|
||||||
|
const isSupplier = await Self.app.models.Supplier.isSupplier(ctx, options);
|
||||||
const conn = Self.dataSource.connector;
|
const conn = Self.dataSource.connector;
|
||||||
const where = buildFilter(ctx.args, (param, value) => {
|
const where = buildFilter(ctx.args, (param, value) => {
|
||||||
switch (param) {
|
switch (param) {
|
||||||
|
@ -146,7 +146,11 @@ module.exports = Self => {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
filter = mergeFilters(ctx.args.filter, {where});
|
filter = mergeFilters(ctx.args.filter, {where});
|
||||||
|
delete filter.order;
|
||||||
|
if (isSupplier) {
|
||||||
|
if (!filter.where) filter.where = {};
|
||||||
|
filter.where.supplierFk = ctx.req.accessToken.userId;
|
||||||
|
}
|
||||||
const stmts = [];
|
const stmts = [];
|
||||||
let stmt;
|
let stmt;
|
||||||
stmt = new ParameterizedSQL(
|
stmt = new ParameterizedSQL(
|
||||||
|
|
|
@ -1,7 +1,10 @@
|
||||||
|
const ForbiddenError = require('vn-loopback/util/forbiddenError');
|
||||||
|
const UserError = require('vn-loopback/util/user-error');
|
||||||
|
|
||||||
const mergeFilters = require('vn-loopback/util/filter').mergeFilters;
|
const mergeFilters = require('vn-loopback/util/filter').mergeFilters;
|
||||||
|
|
||||||
module.exports = Self => {
|
module.exports = Self => {
|
||||||
Self.remoteMethod('getBuys', {
|
Self.remoteMethodCtx('getBuys', {
|
||||||
description: 'Returns buys for one entry',
|
description: 'Returns buys for one entry',
|
||||||
accessType: 'READ',
|
accessType: 'READ',
|
||||||
accepts: [{
|
accepts: [{
|
||||||
|
@ -27,13 +30,18 @@ module.exports = Self => {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
Self.getBuys = async(id, filter, options) => {
|
Self.getBuys = async(ctx, id, filter, options) => {
|
||||||
const models = Self.app.models;
|
const models = Self.app.models;
|
||||||
const myOptions = {};
|
const myOptions = {};
|
||||||
|
|
||||||
if (typeof options == 'object')
|
if (typeof options == 'object')
|
||||||
Object.assign(myOptions, options);
|
Object.assign(myOptions, options);
|
||||||
|
const isSupplier = await Self.app.models.Supplier.isSupplier(ctx, options);
|
||||||
|
if (isSupplier) {
|
||||||
|
const isEntryOwner = (await Self.findById(id)).supplierFk === ctx.req.accessToken.userId;
|
||||||
|
|
||||||
|
if (! isEntryOwner) throw new UserError('Access Denied');
|
||||||
|
}
|
||||||
let defaultFilter = {
|
let defaultFilter = {
|
||||||
where: {entryFk: id},
|
where: {entryFk: id},
|
||||||
fields: [
|
fields: [
|
||||||
|
@ -49,9 +57,23 @@ module.exports = Self => {
|
||||||
'buyingValue',
|
'buyingValue',
|
||||||
'price2',
|
'price2',
|
||||||
'price3',
|
'price3',
|
||||||
'printedStickers'
|
'printedStickers',
|
||||||
|
'entryFk'
|
||||||
],
|
],
|
||||||
include: {
|
include: [{
|
||||||
|
relation: 'entry',
|
||||||
|
scope: {
|
||||||
|
fields: [
|
||||||
|
'id', 'supplierFk'
|
||||||
|
],
|
||||||
|
include: {
|
||||||
|
relation: 'supplier', scope: {
|
||||||
|
fields: ['id']
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
relation: 'item',
|
relation: 'item',
|
||||||
scope: {
|
scope: {
|
||||||
fields: [
|
fields: [
|
||||||
|
@ -82,9 +104,9 @@ module.exports = Self => {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}]
|
||||||
};
|
};
|
||||||
|
delete filter.order;
|
||||||
defaultFilter = mergeFilters(defaultFilter, filter);
|
defaultFilter = mergeFilters(defaultFilter, filter);
|
||||||
|
|
||||||
return models.Buy.find(defaultFilter, myOptions);
|
return models.Buy.find(defaultFilter, myOptions);
|
||||||
|
|
|
@ -9,7 +9,8 @@ describe('Entry filter()', () => {
|
||||||
const ctx = {
|
const ctx = {
|
||||||
args: {
|
args: {
|
||||||
search: 1
|
search: 1
|
||||||
}
|
},
|
||||||
|
req: {accessToken: {userId: 9}}
|
||||||
};
|
};
|
||||||
|
|
||||||
const result = await models.Entry.filter(ctx, options);
|
const result = await models.Entry.filter(ctx, options);
|
||||||
|
@ -32,7 +33,8 @@ describe('Entry filter()', () => {
|
||||||
const ctx = {
|
const ctx = {
|
||||||
args: {
|
args: {
|
||||||
currencyFk: 1
|
currencyFk: 1
|
||||||
}
|
},
|
||||||
|
req: {accessToken: {userId: 9}}
|
||||||
};
|
};
|
||||||
|
|
||||||
const result = await models.Entry.filter(ctx, options);
|
const result = await models.Entry.filter(ctx, options);
|
||||||
|
@ -54,7 +56,8 @@ describe('Entry filter()', () => {
|
||||||
const ctx = {
|
const ctx = {
|
||||||
args: {
|
args: {
|
||||||
supplierFk: 2
|
supplierFk: 2
|
||||||
}
|
},
|
||||||
|
req: {accessToken: {userId: 9}}
|
||||||
};
|
};
|
||||||
|
|
||||||
const result = await models.Entry.filter(ctx, options);
|
const result = await models.Entry.filter(ctx, options);
|
||||||
|
@ -76,7 +79,8 @@ describe('Entry filter()', () => {
|
||||||
const ctx = {
|
const ctx = {
|
||||||
args: {
|
args: {
|
||||||
companyFk: 442
|
companyFk: 442
|
||||||
}
|
},
|
||||||
|
req: {accessToken: {userId: 9}}
|
||||||
};
|
};
|
||||||
|
|
||||||
const result = await models.Entry.filter(ctx, options);
|
const result = await models.Entry.filter(ctx, options);
|
||||||
|
@ -98,7 +102,8 @@ describe('Entry filter()', () => {
|
||||||
const ctx = {
|
const ctx = {
|
||||||
args: {
|
args: {
|
||||||
isBooked: true,
|
isBooked: true,
|
||||||
}
|
},
|
||||||
|
req: {accessToken: {userId: 9}}
|
||||||
};
|
};
|
||||||
|
|
||||||
const result = await models.Entry.filter(ctx, options);
|
const result = await models.Entry.filter(ctx, options);
|
||||||
|
@ -121,7 +126,8 @@ describe('Entry filter()', () => {
|
||||||
args: {
|
args: {
|
||||||
reference: 'movement',
|
reference: 'movement',
|
||||||
travelFk: '2'
|
travelFk: '2'
|
||||||
}
|
},
|
||||||
|
req: {accessToken: {userId: 9}}
|
||||||
};
|
};
|
||||||
|
|
||||||
const result = await models.Entry.filter(ctx, options);
|
const result = await models.Entry.filter(ctx, options);
|
||||||
|
|
|
@ -7,7 +7,14 @@ describe('entry getBuys()', () => {
|
||||||
const options = {transaction: tx};
|
const options = {transaction: tx};
|
||||||
|
|
||||||
try {
|
try {
|
||||||
const result = await models.Entry.getBuys(entryId, options);
|
const ctx = {
|
||||||
|
args: {
|
||||||
|
search: 1
|
||||||
|
},
|
||||||
|
req: {accessToken: {userId: 2}}
|
||||||
|
};
|
||||||
|
|
||||||
|
const result = await models.Entry.getBuys(ctx, entryId, options);
|
||||||
|
|
||||||
const length = result.length;
|
const length = result.length;
|
||||||
const anyResult = result[Math.floor(Math.random() * Math.floor(length))];
|
const anyResult = result[Math.floor(Math.random() * Math.floor(length))];
|
||||||
|
|
|
@ -0,0 +1,28 @@
|
||||||
|
const UserError = require('vn-loopback/util/user-error');
|
||||||
|
|
||||||
|
module.exports = Self => {
|
||||||
|
Self.remoteMethodCtx('isSupplier', {
|
||||||
|
description: 'Check is supplierFk exists as supplier',
|
||||||
|
accessType: 'READ',
|
||||||
|
returns: {
|
||||||
|
type: 'boolean',
|
||||||
|
root: true
|
||||||
|
},
|
||||||
|
http: {
|
||||||
|
path: `/isSupplier`,
|
||||||
|
verb: 'GET'
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
Self.isSupplier = async(ctx, options) => {
|
||||||
|
const myOptions = {validate: false};
|
||||||
|
|
||||||
|
if (typeof options == 'object')
|
||||||
|
Object.assign(myOptions, options);
|
||||||
|
|
||||||
|
const userId = ctx.req.accessToken.userId;
|
||||||
|
const exists = await Self.findById(userId);
|
||||||
|
|
||||||
|
return !!exists;
|
||||||
|
};
|
||||||
|
};
|
|
@ -12,6 +12,7 @@ module.exports = Self => {
|
||||||
require('../methods/supplier/campaignMetricsEmail')(Self);
|
require('../methods/supplier/campaignMetricsEmail')(Self);
|
||||||
require('../methods/supplier/newSupplier')(Self);
|
require('../methods/supplier/newSupplier')(Self);
|
||||||
require('../methods/supplier/getItemsPackaging')(Self);
|
require('../methods/supplier/getItemsPackaging')(Self);
|
||||||
|
require('../methods/supplier/isSupplier')(Self);
|
||||||
|
|
||||||
Self.validatesPresenceOf('name', {
|
Self.validatesPresenceOf('name', {
|
||||||
message: 'The social name cannot be empty'
|
message: 'The social name cannot be empty'
|
||||||
|
|
Loading…
Reference in New Issue