From 34acef85b6e6c3b36089ad4c387aba2512aff770 Mon Sep 17 00:00:00 2001 From: "Dzmitry_Tamashevich@epam.com" Date: Thu, 5 Nov 2020 00:19:23 +0300 Subject: [PATCH] refactoring requests --- media-store/.vscode/settings.json | 3 ++- media-store/db/schema.cds | 4 +--- media-store/srv/auth.js | 3 ++- media-store/srv/browse-invoices-service.js | 6 ------ media-store/srv/browse-tracks-service.cds | 10 ++-------- media-store/srv/browse-tracks-service.js | 6 ------ 6 files changed, 7 insertions(+), 25 deletions(-) diff --git a/media-store/.vscode/settings.json b/media-store/.vscode/settings.json index 9fefa082..65496b53 100644 --- a/media-store/.vscode/settings.json +++ b/media-store/.vscode/settings.json @@ -3,5 +3,6 @@ "**/.gitignore": true, "**/.git": true, "**/.vscode": true - } + }, + "files.watcherExclude": {} } diff --git a/media-store/db/schema.cds b/media-store/db/schema.cds index 3b4cfb08..d7bc0763 100644 --- a/media-store/db/schema.cds +++ b/media-store/db/schema.cds @@ -1,5 +1,3 @@ -using {managed} from '@sap/cds/common'; - namespace sap.capire.media.store; aspect Named { @@ -90,7 +88,7 @@ entity InvoiceItems { quantity : Integer default 1; } -entity Tracks : managed { +entity Tracks { key ID : Integer; name : String(200); album : Association to Albums; diff --git a/media-store/srv/auth.js b/media-store/srv/auth.js index 3ab95e32..dc33032b 100644 --- a/media-store/srv/auth.js +++ b/media-store/srv/auth.js @@ -4,7 +4,7 @@ const jwt = require("jsonwebtoken"); const { ACCESS_TOKEN_SECRET } = cds.env; class MyUser extends cds.User { constructor(attr, roles, id) { - super({ attr, _roles: roles, id }); + super({ attr, _roles: [...roles, "authenticated-user"], id }); } } @@ -23,6 +23,7 @@ module.exports = (req, res, next) => { decodedUser.email ); } catch (error) { + req.user = new MyUser({}, ["anonymous"], ""); } finally { next(); } diff --git a/media-store/srv/browse-invoices-service.js b/media-store/srv/browse-invoices-service.js index f9478ac5..756f6821 100644 --- a/media-store/srv/browse-invoices-service.js +++ b/media-store/srv/browse-invoices-service.js @@ -16,12 +16,6 @@ module.exports = async function () { const db = await cds.connect.to("db"); // connect to database service const { Invoices, InvoiceItems } = db.entities; - // this.before("*", (req) => { - // if (!req.user.is("customer")) { - // req.reject(403); - // } - // }); - this.on("READ", "Invoices", async (req) => { return await db.run(req.query.where({ customer_ID: req.user.attr.ID })); }); diff --git a/media-store/srv/browse-tracks-service.cds b/media-store/srv/browse-tracks-service.cds index e51c55f4..868338cb 100644 --- a/media-store/srv/browse-tracks-service.cds +++ b/media-store/srv/browse-tracks-service.cds @@ -7,16 +7,10 @@ service BrowseTracks { }; @readonly - entity MarkedTracks @(restrict : [ - { + entity MarkedTracks @(restrict : [{ grant : ['*', ], to : 'customer' - }, - { - grant : '*', - to : 'employee' - }, - ]) as projection on my.Tracks; + }]) as projection on my.Tracks; /* Below entities exposed diff --git a/media-store/srv/browse-tracks-service.js b/media-store/srv/browse-tracks-service.js index b864519c..d547243e 100644 --- a/media-store/srv/browse-tracks-service.js +++ b/media-store/srv/browse-tracks-service.js @@ -16,12 +16,6 @@ const selectTracksByEmail = (email) => ` module.exports = async function () { const db = await cds.connect.to("db"); // connect to database service - // this.before("READ", "MarkedTracks", (req) => { - // if (!req.user.is("customer")) { - // req.reject(403); - // } - // }); - this.on("READ", "MarkedTracks", async (req) => { const myTrackIds = (await db.run(selectTracksByEmail(req.user.id))).map( ({ ID }) => ID