include authorization
This commit is contained in:
D065023
@@ -7,6 +7,7 @@
|
|||||||
"@sap/cds": "latest",
|
"@sap/cds": "latest",
|
||||||
"@sap/xb-msg-amqp-v100": "^0.9.31-SNAPSHOT",
|
"@sap/xb-msg-amqp-v100": "^0.9.31-SNAPSHOT",
|
||||||
"express": "*",
|
"express": "*",
|
||||||
|
"passport": "^0.4.0",
|
||||||
"sqlite3": "^4.1.0"
|
"sqlite3": "^4.1.0"
|
||||||
},
|
},
|
||||||
"scripts": {
|
"scripts": {
|
||||||
@@ -21,6 +22,12 @@
|
|||||||
"messaging": {
|
"messaging": {
|
||||||
"kind": "enterprise-messaging"
|
"kind": "enterprise-messaging"
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
"auth": {
|
||||||
|
"passport": {
|
||||||
|
"strategy": "mock",
|
||||||
|
"users": { "alice": { "roles": [ "admin" ], "password": "secret", "ID": "ALICE" } }
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
using { sap.capire.bookshop as my } from '../db/schema';
|
using { sap.capire.bookshop as my } from '../db/schema';
|
||||||
|
|
||||||
service AdminService @(_requires:'authenticated-user') {
|
service AdminService @(requires:'admin') {
|
||||||
entity Books as projection on my.Books;
|
entity Books as projection on my.Books;
|
||||||
entity Authors as projection on my.Authors;
|
entity Authors as projection on my.Authors;
|
||||||
entity Orders as select from my.Orders;
|
entity Orders as select from my.Orders;
|
||||||
|
|||||||
@@ -59,6 +59,9 @@ module.exports = cds.service.impl(function () {
|
|||||||
|
|
||||||
async function _readAddresses (req) {
|
async function _readAddresses (req) {
|
||||||
const businessPartner = req.user.id
|
const businessPartner = req.user.id
|
||||||
|
if (!businessPartner) {
|
||||||
|
return req.reject('You need to be authorized.')
|
||||||
|
}
|
||||||
const tx = bupaSrv.transaction(req)
|
const tx = bupaSrv.transaction(req)
|
||||||
const ql = SELECT.from('API_BUSINESS_PARTNER.A_BusinessPartnerAddress').where(
|
const ql = SELECT.from('API_BUSINESS_PARTNER.A_BusinessPartnerAddress').where(
|
||||||
{ BusinessPartner: businessPartner.toUpperCase() }
|
{ BusinessPartner: businessPartner.toUpperCase() }
|
||||||
@@ -80,6 +83,9 @@ async function _readAddresses (req) {
|
|||||||
async function _fillAddress (req) {
|
async function _fillAddress (req) {
|
||||||
if (req.data.shippingAddress_AddressID) {
|
if (req.data.shippingAddress_AddressID) {
|
||||||
const businessPartner = req.user.id
|
const businessPartner = req.user.id
|
||||||
|
if (!businessPartner) {
|
||||||
|
return req.reject('You need to be authorized.')
|
||||||
|
}
|
||||||
const tx = bupaSrv.transaction(req)
|
const tx = bupaSrv.transaction(req)
|
||||||
const response = await tx.run(
|
const response = await tx.run(
|
||||||
SELECT.from('API_BUSINESS_PARTNER.A_BusinessPartnerAddress')
|
SELECT.from('API_BUSINESS_PARTNER.A_BusinessPartnerAddress')
|
||||||
|
|||||||
@@ -23,6 +23,24 @@ module.exports = db => {
|
|||||||
StreetName: 'SAP-Allee',
|
StreetName: 'SAP-Allee',
|
||||||
HouseNumber: '25'
|
HouseNumber: '25'
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
BusinessPartner: 'ALICE',
|
||||||
|
AddressID: '62640',
|
||||||
|
CityName: 'Walldorf',
|
||||||
|
PostalCode: '69190',
|
||||||
|
Country: 'Germany',
|
||||||
|
StreetName: 'Dietmar-Hopp-Allee',
|
||||||
|
HouseNumber: '16'
|
||||||
|
},
|
||||||
|
{
|
||||||
|
BusinessPartner: 'ALICE',
|
||||||
|
AddressID: '22222',
|
||||||
|
CityName: 'St. Leon-Rot',
|
||||||
|
PostalCode: '68789',
|
||||||
|
Country: 'Germany',
|
||||||
|
StreetName: 'SAP-Allee',
|
||||||
|
HouseNumber: '25'
|
||||||
|
},
|
||||||
{
|
{
|
||||||
BusinessPartner: '1003765',
|
BusinessPartner: '1003765',
|
||||||
AddressID: '28241',
|
AddressID: '28241',
|
||||||
|
|||||||
Reference in New Issue
Block a user