Only admins can add inventory

2021-07-21 22:04:13 -05:00 · 2021-07-21 22:04:13 -05:00 · 8a615144a6
parent 227204abec
commit 8a615144a6
6 changed files with 43 additions and 2 deletions
--- a/source/app/controllers/main.py
+++ b/source/app/controllers/main.py
@ -697,3 +697,14 @@ class AppInventoryEntries(object):
        req.context['result'] = self._db.inventory_entries_post(values, user)
        resp.status = falcon.HTTP_200

+
+class AppUsers(object):
+
+    def __init__(self, db):
+        self._db = db
+
+    def on_get(self, req, resp):
+        values = req.params
+        user = req.env['beaker.session']['userobj']
+        req.context['result'] = self._db.users_get(values, user)
+        resp.status = falcon.HTTP_200
--- a/source/app/main.py
+++ b/source/app/main.py
@ -20,6 +20,7 @@ from controllers.main import (AppEmpresas,
    AppSATFormaPago, AppSATLeyendaFiscales, AppCert, AppSucursales,
    AppPartnerProducts,
    AppInventoryEntries,
+    AppUsers,
 )


@ -68,6 +69,7 @@ api.add_route('/cert', AppCert(db))
 api.add_route('/sucursales', AppSucursales(db))
 api.add_route('/partnerproducts', AppPartnerProducts(db))
 api.add_route('/inventoryentries', AppInventoryEntries(db))
+api.add_route('/users', AppUsers(db))


 session_options = {
--- a/source/app/models/db.py
+++ b/source/app/models/db.py
@ -487,6 +487,9 @@ class StorageEngine(object):
    def inventory_entries_post(self, filters, user):
        return main.InventoryEntries.post(filters, user)

+    def users_get(self, filters, user):
+        return main.Usuarios.get_data(filters, user)
+
    # Companies only in MV
    def _get_empresas(self, values):
        return main.companies_get()
--- a/source/app/models/main.py
+++ b/source/app/models/main.py
@ -942,6 +942,14 @@ class Usuarios(BaseModel):
    class Meta:
        order_by = ('nombre', 'apellidos')

+    def _get_is_admin(self, filters, user):
+        return {'is_admin': user.es_admin}
+
+    @classmethod
+    def get_data(cls, filters, user):
+        method = f"_get_{filters['opt']}"
+        return getattr(cls, method)(cls, filters, user)
+
    @classmethod
    def add(cls, values):
        values['contraseña'] = values.pop('contra')
--- a/source/static/js/controller/products.js
+++ b/source/static/js/controller/products.js
@ -19,8 +19,25 @@ function products_default_config(){
                $$('grid_products').showColumn('existencia')
            }
            show('cant_by_packing', values.chk_use_packing)
+
+
        }
    })
+
+    webix.ajax().get('/users', {'opt': 'is_admin'}, {
+        error: function(text, data, xhr) {
+            msg = 'Error al consultar'
+            msg_error(msg)
+        },
+        success: function(text, data, xhr) {
+            var values = data.json()
+            if(values.is_admin){
+                $$('cmd_add_inventory').show()
+                $$('cmd_products_add').show()
+            }
+        }
+    })
+
 }


--- a/source/static/js/ui/products.js
+++ b/source/static/js/ui/products.js
@ -10,9 +10,9 @@ var toolbar_products = [
    {},
    {view: 'button', id: 'cmd_import_products', label: 'Importar',
        type: 'iconButton', autowidth: true, icon: 'upload'},
-    {view: "button", id: "cmd_add_inventory", label: "Altas",
+    {view: "button", id: "cmd_add_inventory", label: "Altas", hidden: true,
        type: "iconButton", autowidth: true, icon: "plus"},
-    {view: "button", id: "cmd_products_add", label: "Altas CFDI",
+    {view: "button", id: "cmd_products_add", label: "Altas CFDI", hidden: true,
        type: "iconButton", autowidth: true, icon: "plus"},
 ]