Archived
2

only allowed latest template version and allowed admin to set sample number

This commit is contained in:
VLE2FE
2020-06-02 10:24:22 +02:00
parent 0fcb902499
commit 74080d0902
10 changed files with 194 additions and 29 deletions

View File

@ -90,7 +90,7 @@ router.put('/sample/' + IdValidate.parameter(), (req, res, next) => {
}
if (sample.hasOwnProperty('condition') && !(_.isEmpty(sample.condition) && _.isEmpty(sampleData.condition))) { // do not execute check if condition is and was empty
if (!await conditionCheck(sample.condition, 'change', res, next)) return;
if (!await conditionCheck(sample.condition, 'change', res, next, sampleData.condition.condition_template.toString() !== sample.condition.condition_template)) return;
}
if (sample.hasOwnProperty('notes')) {
@ -217,7 +217,7 @@ router.post('/sample/new', async (req, res, next) => {
req.body.condition = {};
}
const {error, value: sample} = SampleValidate.input(req.body, 'new');
const {error, value: sample} = SampleValidate.input(req.body, 'new' + (req.authDetails.level === 'admin' ? '-admin' : ''));
if (error) return res400(error, res);
if (!await materialCheck(sample, res, next)) return;
@ -232,7 +232,12 @@ router.post('/sample/new', async (req, res, next) => {
}
sample.status = globals.status.new; // set status to new
sample.number = await numberGenerate(sample, req, res, next);
if (sample.hasOwnProperty('number')) {
if (!await numberCheck(sample, res, next)) return;
}
else {
sample.number = await numberGenerate(sample, req, res, next);
}
if (!sample.number) return;
await new NoteModel(sample.notes).save((err, data) => { // save notes
@ -272,6 +277,15 @@ async function numberGenerate (sample, req, res, next) { // generate number in
return req.authDetails.location + (sampleData ? Number(sampleData.number.replace(/[^0-9]+/g, '')) + 1 : 1);
}
async function numberCheck(sample, res, next) {
const sampleData = await SampleModel.findOne({number: sample.number}).lean().exec().catch(err => {next(err); return false;});
if (sampleData) { // found entry with sample number
res.status(400).json({status: 'Sample number already taken'});
return false
}
return true;
}
async function materialCheck (sample, res, next, id = sample.material_id) { // validate material_id and color, returns false if invalid
const materialData = await MaterialModel.findById(id).lean().exec().catch(err => next(err)) as any;
if (materialData instanceof Error) return false;
@ -286,7 +300,7 @@ async function materialCheck (sample, res, next, id = sample.material_id) { //
return true;
}
async function conditionCheck (condition, param, res, next) { // validate treatment template, returns false if invalid, otherwise template data
async function conditionCheck (condition, param, res, next, checkVersion = true) { // validate treatment template, returns false if invalid, otherwise template data
if (!condition.condition_template || !IdValidate.valid(condition.condition_template)) { // template id not found
res.status(400).json({status: 'Condition template not available'});
return false;
@ -298,6 +312,16 @@ async function conditionCheck (condition, param, res, next) { // validate treat
return false;
}
if (checkVersion) {
// get all template versions and check if given is latest
const conditionVersions = await ConditionTemplateModel.find({first_id: conditionData.first_id}).sort({version: -1}).lean().exec().catch(err => next(err)) as any;
if (conditionVersions instanceof Error) return false;
if (condition.condition_template !== conditionVersions[0]._id.toString()) { // template not latest
res.status(400).json({status: 'Old template version not allowed'});
return false;
}
}
// validate parameters
const {error, value: ignore} = ParametersValidate.input(_.omit(condition, 'condition_template'), conditionData.parameters, param);
if (error) {res400(error, res); return false;}