Permissions authorization middleware.

server/src/http/controllers/AccountOpeningBalance.js

@@ -1,9 +1,10 @@
 import express from 'express';
 import { check, validationResult, oneOf } from 'express-validator';
 import { difference } from 'lodash';
+import knex from 'knex';
 import asyncMiddleware from '../middleware/asyncMiddleware';
 import Account from '@/models/Account';
-// import AccountBalance from '@/models/AccountBalance';
+import '@/models/AccountBalance';
 
 export default {
   /**
@@ -35,6 +36,7 @@ export default {
     ],
     async handler(req, res) {
       const validationErrors = validationResult(req);
+      // const defaultCurrency = 'USD';
 
       if (!validationErrors.isEmpty()) {
         return res.boom.badData(null, {
@@ -48,11 +50,12 @@ export default {
       const accountsCollection = await Account.query((query) => {
         query.select(['id']);
         query.whereIn('id', accountsIds);
-      }).fetchAll();
+      }).fetchAll({
+        withRelated: ['balances'],
+      });
 
       const accountsStoredIds = accountsCollection.map((account) => account.attributes.id);
       const notFoundAccountsIds = difference(accountsIds, accountsStoredIds);
-
       const errorReasons = [];
 
       if (notFoundAccountsIds.length > 0) {
@@ -64,6 +67,29 @@ export default {
         return res.boom.badData(null, { errors: errorReasons });
       }
 
+      const storedAccountsBalances = accountsCollection.related('balances');
+
+      const submitBalancesMap = new Map(accounts.map((account) => [account, account.id]));
+      const storedBalancesMap = new Map(storedAccountsBalances.map((balance) => [
+        balance.attributes, balance.attributes.id,
+      ]));
+
+      // const updatedStoredBalanced = [];
+      const notStoredBalances = [];
+
+      accountsIds.forEach((id) => {
+        if (!storedBalancesMap.get(id)) {
+          notStoredBalances.push(id);
+        }
+      });
+
+      await knex('accounts_balances').insert([
+        ...notStoredBalances.map((id) => {
+          const account = submitBalancesMap.get(id);
+          return { ...account };
+        }),
+      ]);
+
       return res.status(200).send();
     },
   },

server/src/http/controllers/Accounts.js

@@ -152,7 +152,6 @@ export default {
       if (!account) {
         return res.boom.notFound();
       }
-
       return res.status(200).send({ item: { ...account.attributes } });
     },
   },

server/src/http/controllers/Authentication.js

@@ -4,6 +4,7 @@ import { check, validationResult } from 'express-validator';
 import path from 'path';
 import fs from 'fs';
 import Mustache from 'mustache';
+import jwt from 'jsonwebtoken';
 import User from '@/models/User';
 import asyncMiddleware from '../middleware/asyncMiddleware';
 import PasswordReset from '@/models/PasswordReset';
@@ -49,6 +50,7 @@ export default {
         });
       }
       const { crediential, password } = req.body;
+      const { JWT_SECRET_KEY } = process.env;
 
       const user = await User.query({
         where: { email: crediential },
@@ -70,8 +72,15 @@ export default {
           errors: [{ type: 'USER_INACTIVE', code: 120 }],
         });
       }
-      user.save({ alst_login_at: new Date() });
-      return res.status(200).send({});
+      user.save({ last_login_at: new Date() });
+
+      const token = jwt.sign({
+        email: user.attributes.email,
+        _id: user.id,
+      }, JWT_SECRET_KEY, {
+        expiresIn: '1d',
+      });
+      return res.status(200).send({ token });
     },
   },
 

server/src/http/controllers/ItemCategories.js

@@ -2,7 +2,8 @@ import express from 'express';
 import { check, param, validationResult } from 'express-validator';
 import asyncMiddleware from '../middleware/asyncMiddleware';
 import ItemCategory from '@/models/ItemCategory';
-// import JWTAuth from '@/http/middleware/jwtAuth';
+import Authorization from '@/http/middleware/authorization';
+import JWTAuth from '@/http/middleware/jwtAuth';
 
 export default {
   /**
@@ -10,24 +11,32 @@ export default {
    */
   router() {
     const router = express.Router();
+    const permit = Authorization('items_categories');
+
+    router.use(JWTAuth);
 
     router.post('/:id',
+      permit('create', 'edit'),
       this.editCategory.validation,
       asyncMiddleware(this.editCategory.handler));
 
     router.post('/',
+      permit('create'),
       this.newCategory.validation,
       asyncMiddleware(this.newCategory.handler));
 
     router.delete('/:id',
+      permit('create', 'edit', 'delete'),
       this.deleteItem.validation,
       asyncMiddleware(this.deleteItem.handler));
 
-    // router.get('/:id',
-    //   this.getCategory.validation,
-    //   asyncMiddleware(this.getCategory.handler));
+    router.get('/:id',
+      permit('view'),
+      this.getCategory.validation,
+      asyncMiddleware(this.getCategory.handler));
 
     router.get('/',
+      permit('view'),
       this.getList.validation,
       asyncMiddleware(this.getList.validation));
 
@@ -152,6 +161,9 @@ export default {
     },
   },
 
+  /**
+   * Retrieve details of the given category.
+   */
   getCategory: {
     validation: [
       param('category_id').toInt(),

server/src/http/controllers/Items.js

@@ -1,21 +1,30 @@
 import express from 'express';
 import { check, validationResult } from 'express-validator';
 import moment from 'moment';
-import asyncMiddleware from '../middleware/asyncMiddleware';
+import { difference } from 'lodash';
+import asyncMiddleware from '@/http/middleware/asyncMiddleware';
+import jwtAuth from '@/http/middleware/jwtAuth';
 import Item from '@/models/Item';
 import Account from '@/models/Account';
 import ItemCategory from '@/models/ItemCategory';
+import Resource from '@/models/Resource';
+import ResourceField from '@/models/ResourceField';
+import Authorization from '@/http/middleware/authorization';
 
 export default {
 
   router() {
     const router = express.Router();
+    const permit = Authorization('items');
+
+    router.use(jwtAuth);
 
     // router.post('/:id',
     //   this.editItem.validation,
     //   asyncMiddleware(this.editCategory.handler));
 
     router.post('/',
+      permit('create'),
       this.newItem.validation,
       asyncMiddleware(this.newItem.handler));
 
@@ -46,6 +55,11 @@ export default {
       check('cost_account_id').exists().isInt(),
       check('sell_account_id').exists().isInt(),
       check('category_id').optional().isInt(),
+
+      check('custom_fields').isArray({ min: 1 }),
+      check('custom_fields.*.key').exists().isNumeric().toInt(),
+      check('custom_fields.*.value').exists(),
+
       check('note').optional(),
     ],
     async handler(req, res) {
@@ -58,19 +72,38 @@ export default {
       }
 
       const { sell_account_id: sellAccountId, cost_account_id: costAccountId } = req.body;
-      const { category_id: categoryId } = req.body;
+      const { category_id: categoryId, custom_fields: customFields } = req.body;
+      const errorReasons = [];
 
       const costAccountPromise = Account.where('id', costAccountId).fetch();
       const sellAccountPromise = Account.where('id', sellAccountId).fetch();
       const itemCategoryPromise = (categoryId)
         ? ItemCategory.where('id', categoryId).fetch() : null;
 
+      // Validate the custom fields key and value type.
+      if (customFields.length > 0) {
+        const customFieldsKeys = customFields.map((field) => field.key);
+
+        // Get resource id than get all resource fields.
+        const resource = await Resource.where('name', 'items').fetch();
+        const fields = await ResourceField.query((query) => {
+          query.where('resource_id', resource.id);
+          query.whereIn('key', customFieldsKeys);
+        }).fetchAll();
+
+        const storedFieldsKey = fields.map((f) => f.attributes.key);
+
+        // Get all not defined resource fields.
+        const notFoundFields = difference(customFieldsKeys, storedFieldsKey);
+
+        if (notFoundFields.length > 0) {
+          errorReasons.push({ type: 'FIELD_KEY_NOT_FOUND', code: 150, fields: notFoundFields });
+        }
+      }
+
       const [costAccount, sellAccount, itemCategory] = await Promise.all([
         costAccountPromise, sellAccountPromise, itemCategoryPromise,
       ]);
-
-      const errorReasons = [];
-
       if (!costAccount) {
         errorReasons.push({ type: 'COST_ACCOUNT_NOT_FOUND', code: 100 });
       }
@@ -92,7 +125,6 @@ export default {
         currency_code: req.body.currency_code,
         note: req.body.note,
       });
-
       await item.save();
 
       return res.status(200).send();

server/src/http/controllers/Users.js

@@ -2,6 +2,8 @@ import express from 'express';
 import { check, validationResult } from 'express-validator';
 import User from '@/models/User';
 import asyncMiddleware from '@/http/middleware/asyncMiddleware';
+import jwtAuth from '@/http/middleware/jwtAuth';
+import Authorization from '@/http/middleware/authorization';
 
 export default {
 
@@ -10,24 +12,32 @@ export default {
    */
   router() {
     const router = express.Router();
+    const permit = Authorization('users');
+
+    router.use(jwtAuth);
 
     router.post('/',
+      permit('create'),
       this.newUser.validation,
       asyncMiddleware(this.newUser.handler));
 
     router.post('/:id',
+      permit('create', 'edit'),
       this.editUser.validation,
       asyncMiddleware(this.editUser.handler));
 
-    // router.get('/',
-    //   this.listUsers.validation,
-    //   asyncMiddleware(this.listUsers.handler));
+    router.get('/',
+      permit('view'),
+      this.listUsers.validation,
+      asyncMiddleware(this.listUsers.handler));
 
-    // router.get('/:id',
-    //   this.getUser.validation,
-    //   asyncMiddleware(this.getUser.handler));
+    router.get('/:id',
+      permit('view'),
+      this.getUser.validation,
+      asyncMiddleware(this.getUser.handler));
 
     router.delete('/:id',
+      permit('create', 'edit', 'delete'),
       this.deleteUser.validation,
       asyncMiddleware(this.deleteUser.handler));