Skip to content

Commit

Permalink
restrict access by users
Browse files Browse the repository at this point in the history
  • Loading branch information
@mbayopanda
mbayopanda committed Sep 14, 2020
1 parent 164fdbc commit 8c954c3
Show file tree
Hide file tree
Showing 12 changed files with 72 additions and 39 deletions.
2 changes: 1 addition & 1 deletion .env.development
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
PORT=8080

# database configuration
DB_PORT=8889
DB_PORT=3306
DB_HOST='localhost'
DB_USER='bhima'
DB_PASS='HISCongo2013'
Expand Down
77 changes: 48 additions & 29 deletions server/controllers/stock/core.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,9 @@ function getLotFilters(parameters) {
filters.equals('purchase_uuid', 'origin_uuid', 'l');
filters.equals('tag_uuid', 'tags', 't');

// depot permission check
filters.custom('depot_permission_check', 'd.uuid IN (?)', [params.depot_permission_check]);

// tags
filters.custom('tags', 't.uuid IN (?)', [params.tags]);

Expand Down Expand Up @@ -202,7 +205,7 @@ function getLots(sqlQuery, parameters, finalClause = '', orderBy) {
*
* @param {string} finalClause - An optional final clause (GROUP BY, ...) to add to query built
*/
function getLotsDepot(depotUuid, params, finalClause) {
async function getLotsDepot(depotUuid, params, finalClause) {
let _status;
let emptyLotToken = ''; // query token to include/exclude empty lots

Expand All @@ -223,6 +226,8 @@ function getLotsDepot(depotUuid, params, finalClause) {
emptyLotToken = 'HAVING quantity=0';
}

await setDepotPermissionCheck(params);

const sql = `
SELECT BUID(l.uuid) AS uuid, l.label, l.initial_quantity,
SUM(m.quantity * IF(m.is_exit = 1, -1, 1)) AS quantity,
Expand Down Expand Up @@ -256,18 +261,17 @@ function getLotsDepot(depotUuid, params, finalClause) {

const query = filters.applyQuery(sql);
const queryParameters = filters.parameters();
return db.exec(query, queryParameters)
.then(inventories => processStockConsumptionAverage(
inventories, params.dateTo, params.monthAverageConsumption, params.enableDailyConsumption,
))
.then(stockManagementProcess)
.then(processMultipleLots)
.then((rows) => {
if (_status) {
return rows.filter(row => row.status === _status);
}
return rows;
});

const inventories = await db.exec(query, queryParameters);
const processParameters = [inventories, params.dateTo, params.monthAverageConsumption, params.enableDailyConsumption];
const resultFromProcess = await processStockConsumptionAverage(...processParameters);
const inventoriesWithManagementData = await stockManagementProcess(resultFromProcess);
const inventoriesWithLotsProcessed = await processMultipleLots(inventoriesWithManagementData);

if (_status) {
return inventoriesWithLotsProcessed.filter(row => row.status === _status);
}
return inventoriesWithLotsProcessed;
}

/**
Expand All @@ -291,6 +295,8 @@ async function getLotsMovements(depotUuid, params) {
delete params.groupByDocument;
}

await setDepotPermissionCheck(params);

const sql = `
SELECT
BUID(l.uuid) AS uuid, l.label, l.initial_quantity, m.quantity, m.reference, m.description,
Expand Down Expand Up @@ -334,6 +340,8 @@ async function getMovements(depotUuid, params) {
params.depot_uuid = depotUuid;
}

await setDepotPermissionCheck(params);

const sql = `
SELECT
m.description,
Expand Down Expand Up @@ -670,10 +678,21 @@ async function getStockConsumptionAverage(periodId, periodDate, monthAverageCons
return execStockConsumption;
}

/**
* setDepotPermissionCheck
* @param {*} params
*/
async function setDepotPermissionCheck(params) {
const depotPermissionQuery = 'SELECT depot_uuid FROM depot_permission WHERE user_id = ?';
const depotPermission = await db.exec(depotPermissionQuery, [params.user.id]);
params.depot_permission_check = depotPermission.map(item => item.depot_uuid);
delete params.user;
}

/**
* Inventory Quantity and Consumptions
*/
function getInventoryQuantityAndConsumption(params, monthAverageConsumption, enableDailyConsumption) {
async function getInventoryQuantityAndConsumption(params, monthAverageConsumption, enableDailyConsumption) {
let _status;
let delay;
let purchaseInterval;
Expand Down Expand Up @@ -708,6 +727,8 @@ function getInventoryQuantityAndConsumption(params, monthAverageConsumption, ena
emptyLotToken = 'HAVING quantity=0';
}

await setDepotPermissionCheck(params);

const sql = `
SELECT BUID(l.uuid) AS uuid, l.label, l.initial_quantity,
SUM(m.quantity * IF(m.is_exit = 1, -1, 1)) AS quantity,
Expand All @@ -731,24 +752,22 @@ function getInventoryQuantityAndConsumption(params, monthAverageConsumption, ena

const clause = ` GROUP BY l.inventory_uuid, m.depot_uuid ${emptyLotToken} ORDER BY ig.name, i.text `;

return getLots(sql, params, clause)
.then(inventories => processStockConsumptionAverage(
inventories, params.dateTo, monthAverageConsumption, enableDailyConsumption,
))
.then(inventories => stockManagementProcess(inventories, delay, purchaseInterval))
.then(rows => {
let filteredRows = rows;
const inventories = await getLots(sql, params, clause);
const processParams = [inventories, params.dateTo, monthAverageConsumption, enableDailyConsumption];
const inventoriesProcessed = await processStockConsumptionAverage(...processParams);
const inventoriesWithManagementData = await stockManagementProcess(inventoriesProcessed, delay, purchaseInterval);

if (_status) {
filteredRows = filteredRows.filter(row => row.status === _status);
}
let filteredRows = inventoriesWithManagementData;

if (requirePurchaseOrder) {
filteredRows = filteredRows.filter(row => row.S_Q > 0);
}
if (_status) {
filteredRows = filteredRows.filter(row => row.status === _status);
}

return filteredRows;
});
if (requirePurchaseOrder) {
filteredRows = filteredRows.filter(row => row.S_Q > 0);
}

return filteredRows;
}

/**
Expand Down
7 changes: 7 additions & 0 deletions server/controllers/stock/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -557,6 +557,7 @@ async function listLots(req, res, next) {
*/
function listLotsMovements(req, res, next) {
const params = req.query;
params.user = req.session.user;

core.getLotsMovements(null, params)
.then((rows) => {
Expand All @@ -571,6 +572,7 @@ function listLotsMovements(req, res, next) {
*/
function listMovements(req, res, next) {
const params = req.query;
params.user = req.session.user;

core.getMovements(null, params)
.then((rows) => {
Expand All @@ -587,6 +589,8 @@ async function listLotsDepot(req, res, next) {
const params = req.query;
params.monthAverageConsumption = req.session.enterprise.settings.month_average_consumption;
params.enableDailyConsumption = req.session.enterprise.settings.enable_daily_consumption;
params.user = req.session.user;

if (params.defaultPeriod) {
params.defaultPeriodEntry = params.defaultPeriod;
delete params.defaultPeriod;
Expand Down Expand Up @@ -632,6 +636,9 @@ async function listInventoryDepot(req, res, next) {
const monthAverageConsumption = req.session.enterprise.settings.month_average_consumption;
const enableDailyConsumption = req.session.enterprise.settings.enable_daily_consumption;

// expose connected user data
params.user = req.session.user;

try {
const inventoriesParameters = [params, monthAverageConsumption, enableDailyConsumption];

Expand Down
1 change: 0 additions & 1 deletion server/controllers/stock/reports/stock/adjustment_receipt.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ const {
getVoucherReferenceForStockMovement,
} = require('../common');


/**
* @method stockAdjustmentReceipt
*
Expand Down
1 change: 0 additions & 1 deletion server/controllers/stock/reports/stock/assign_receipt.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ const {
_, ReportManager, db, identifiers, barcode, STOCK_ASSIGN_TEMPLATE,
} = require('../common');


/**
* @method stockAssignReceipt
*
Expand Down
2 changes: 2 additions & 0 deletions server/controllers/stock/reports/stock/expiration_report.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ async function stockExpirationReport(req, res, next) {

const depotSql = 'SELECT text FROM depot WHERE uuid=?';
const options = req.query;
options.user = req.session.user;

let depot = {};

if (options.depot_uuid) {
Expand Down
5 changes: 4 additions & 1 deletion server/controllers/stock/reports/stock/inline_movements_report.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,10 @@ async function stockInlineMovementsReport(req, res, next) {
try {
const report = new ReportManager(STOCK_INLINE_MOVEMENTS_REPORT_TEMPLATE, req.session, optionReport);

const rows = await Stock.getMovements(null, req.query);
const params = req.query;
params.user = req.session.user;

const rows = await Stock.getMovements(null, params);

const data = {
rows,
Expand Down
2 changes: 2 additions & 0 deletions server/controllers/stock/reports/stock/inventories_report.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@ async function stockInventoriesReport(req, res, next) {

delete options.label;

options.user = req.session.user;

const report = new ReportManager(STOCK_INVENTORIES_REPORT_TEMPLATE, req.session, optionReport);
const rows = await Stock.getInventoryQuantityAndConsumption(
options, monthAverageConsumption, enableDailyConsumption,
Expand Down
4 changes: 2 additions & 2 deletions server/controllers/stock/reports/stock/lots_report.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ function stockLotsReport(req, res, next) {

options.monthAverageConsumption = req.session.enterprise.settings.month_average_consumption;
options.enableDailyConsumption = req.session.enterprise.settings.enable_daily_consumption;
options.user = req.session.user;

return Stock.getLotsDepot(null, options)
.then((rows) => {
Expand All @@ -71,8 +72,7 @@ function stockLotsReport(req, res, next) {
.then((result) => {
res.set(result.headers).send(result.report);
})
.catch(next)
.done();
.catch(next);
}

function compare(a, b) {
Expand Down
5 changes: 4 additions & 1 deletion server/controllers/stock/reports/stock/movements_report.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,10 @@ async function stockMovementsReport(req, res, next) {

const report = new ReportManager(STOCK_MOVEMENTS_REPORT_TEMPLATE, req.session, optionReport);

const rows = await Stock.getLotsMovements(null, req.query);
const params = req.query;
params.user = req.session.user;

const rows = await Stock.getLotsMovements(null, params);
rows.forEach(row => {
row.cost = util.roundDecimal(row.quantity * row.unit_cost, 3);
});
Expand Down
2 changes: 0 additions & 2 deletions server/controllers/stock/reports/stock/value.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ async function reporting(_options, session) {

const report = new ReportManager(STOCK_VALUE_REPORT_TEMPLATE, session, optionReport);


const options = (typeof (_options.params) === 'string') ? JSON.parse(_options.params) : _options.params;
data.dateTo = options.dateTo;
data.depot = await db.one('SELECT * FROM depot WHERE uuid=?', [db.bid(options.depot_uuid)]);
Expand Down Expand Up @@ -104,7 +103,6 @@ async function reporting(_options, session) {
const stockValueElements = options.exclude_zero_value
? stockValues.filter(item => item.stockValue > 0) : stockValues;


data.stockValues = stockValueElements || [];

data.stocktotal = stockTotal;
Expand Down
3 changes: 2 additions & 1 deletion test/data.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2978,7 +2978,8 @@ INSERT INTO `depot` VALUES

-- Set Depot Management By User
INSERT INTO depot_permission (user_id, depot_uuid) VALUES
(@superUser, @depot_uuid);
(@superUser, @depot_uuid),
(@superUser, @second_depot_uuid);

-- TODO : As soon as the stored Procedure for Stock accounting landed, stock movement records should be posted also
SET @quinine = HUID('43f3decb-fce9-426e-940a-bc2150e62186');
Expand Down

0 comments on commit 8c954c3

Please sign in to comment.