From 0faf886d98497e4d1ad2b7dae170f13a2f341d2d Mon Sep 17 00:00:00 2001 From: sapmentors Date: Tue, 4 Oct 2016 22:08:07 +0200 Subject: [PATCH] Implemented Device table, odata access, new roles and tests #25 --- data/SITreg.hdbdd | 9 +- .../procedures/DeviceCreate.hdbprocedure | 74 +++++++++++++++++ .../procedures/DeviceUpdate.hdbprocedure | 82 +++++++++++++++++++ odataorganizer/service.xsodata | 9 ++ roles/organizer.hdbrole | 17 ++-- test/spec/Organizer.js | 20 +++++ 6 files changed, 201 insertions(+), 10 deletions(-) create mode 100644 odataorganizer/procedures/DeviceCreate.hdbprocedure create mode 100644 odataorganizer/procedures/DeviceUpdate.hdbprocedure diff --git a/data/SITreg.hdbdd b/data/SITreg.hdbdd index 9a6038b..dd1dc42 100644 --- a/data/SITreg.hdbdd +++ b/data/SITreg.hdbdd @@ -33,7 +33,7 @@ context SITreg { type TicketUsedT : String(1) enum{ YES = 'Y'; NO = 'N'; }; type HashT : Binary(32); type RegisterAsOrganizerStatus : String(1) enum{ ACCEPTED = 'A'; REJECTED = 'R'; PENDING = 'P'; }; - + type DeviceT : String(36); type HistoryT { CreatedBy : UserT; @@ -71,6 +71,13 @@ context SITreg { Active : String(1); // Y = Yes / N = No }; + entity Device { + key EventID : BusinessKey; + key DeviceID : DeviceT; + History : HistoryT; + Active : String(1); // Y = Yes / N = No + }; + entity RelationToSAP { key RelationToSAP : RelationToSAPT; key Language : String(2); diff --git a/odataorganizer/procedures/DeviceCreate.hdbprocedure b/odataorganizer/procedures/DeviceCreate.hdbprocedure new file mode 100644 index 0000000..029ffaf --- /dev/null +++ b/odataorganizer/procedures/DeviceCreate.hdbprocedure @@ -0,0 +1,74 @@ +-- +-- Copyright 2016 SAP Mentors +-- +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. +-- You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- + +PROCEDURE "SITREG"."com.sap.sapmentors.sitreg.odataorganizer.procedures::DeviceCreate" ( + IN inrow "SITREG"."com.sap.sapmentors.sitreg.data::SITreg.Device", + OUT error "SITREG"."com.sap.sapmentors.sitreg.data::SITreg.error" +) + LANGUAGE SQLSCRIPT + SQL SECURITY INVOKER + DEFAULT SCHEMA SITREG + AS +BEGIN + + DECLARE lv_Count INT; + DECLARE lv_EventID string; + DECLARE lv_DeviceID string; + DECLARE lv_Active string; + DECLARE lv_CreatedBy string; + DECLARE lv_CreatedAt string; + DECLARE lv_ChangedBy string; + DECLARE lv_ChangedAt string; + + SELECT * INTO lv_EventID + , lv_DeviceID + , lv_CreatedBy + , lv_CreatedAt + , lv_ChangedBy + , lv_ChangedAt + , lv_Active + FROM :inrow; + + -- Don't trust the provided Username. we read it from the current user + SELECT CURRENT_USER + INTO lv_CreatedBy + FROM DUMMY; + + -- Check if provided Event ID belongs to the User + SELECT COUNT(ID) INTO lv_Count + FROM "com.sap.sapmentors.sitreg.data::SITreg.Event" + WHERE "ID" = lv_EventID + AND "History.CreatedBy" = lv_CreatedBy; + + IF lv_Count = 1 THEN + INSERT INTO "com.sap.sapmentors.sitreg.data::SITreg.Device" + VALUES( + lv_EventID + , lv_DeviceID + , lv_CreatedBy + , CURRENT_TIMESTAMP + , lv_CreatedBy + , CURRENT_TIMESTAMP + , lv_Active + ); + ELSE + error = SELECT 400 AS http_status_code, + 'Event does not belong to you' AS error_message, + '' AS detail + FROM dummy; + END IF; + +END; \ No newline at end of file diff --git a/odataorganizer/procedures/DeviceUpdate.hdbprocedure b/odataorganizer/procedures/DeviceUpdate.hdbprocedure new file mode 100644 index 0000000..16c4564 --- /dev/null +++ b/odataorganizer/procedures/DeviceUpdate.hdbprocedure @@ -0,0 +1,82 @@ +-- +-- Copyright 2016 SAP Mentors +-- +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. +-- You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- + +PROCEDURE "SITREG"."com.sap.sapmentors.sitreg.odataorganizer.procedures::DeviceUpdate" ( + IN inrow "SITREG"."com.sap.sapmentors.sitreg.data::SITreg.Device", + IN oldrow "SITREG"."com.sap.sapmentors.sitreg.data::SITreg.Device", + OUT error "SITREG"."com.sap.sapmentors.sitreg.data::SITreg.error" +) + LANGUAGE SQLSCRIPT + SQL SECURITY INVOKER + DEFAULT SCHEMA SITREG + AS +BEGIN + + DECLARE lv_Count INT; + DECLARE lv_EventID string; + DECLARE lv_DeviceID string; + DECLARE lv_Active string; + DECLARE lv_CreatedBy string; + DECLARE lv_CreatedAt string; + DECLARE lv_ChangedBy string; + DECLARE lv_ChangedAt string; + + DECLARE lv_Active_tmp string; + + SELECT * INTO lv_EventID + , lv_DeviceID + , lv_CreatedBy + , lv_CreatedAt + , lv_ChangedBy + , lv_ChangedAt + , lv_Active + FROM :inrow; + + -- Don't trust the provided Username. We read it from the current user + SELECT CURRENT_USER INTO lv_ChangedBy FROM DUMMY; + -- Check if provided Event ID belongs to the User + SELECT COUNT(ID) INTO lv_Count + FROM "com.sap.sapmentors.sitreg.data::SITreg.Event" + WHERE "ID" = lv_EventID AND "History.CreatedBy" = lv_ChangedBy; + + IF lv_Count = 1 THEN + SELECT "Active" + INTO lv_Active_tmp + FROM "com.sap.sapmentors.sitreg.data::SITreg.Device" + WHERE "EventID" = lv_EventID AND "DeviceID" = lv_DeviceID; + -- OData call can also contain just single attributes. We have to preserve the data + if lv_Active = '' then + lv_Active = lv_Active_tmp; + end if; + + UPDATE "com.sap.sapmentors.sitreg.data::SITreg.Device" + SET "Active" = lv_Active + , "History.ChangedBy" = lv_ChangedBy + , "History.ChangedAt" = CURRENT_TIMESTAMP + WHERE "EventID" = lv_EventID AND "DeviceID" = lv_DeviceID; + + if 1 = 2 then + error = select 400 as http_status_code, + 'Update failed' error_message, + '' detail from dummy; + end if; + else + error = select 400 as http_status_code, + 'Event does not exist' error_message, + '' detail from dummy; + end if; + +END; \ No newline at end of file diff --git a/odataorganizer/service.xsodata b/odataorganizer/service.xsodata index 85486d7..05ff13a 100644 --- a/odataorganizer/service.xsodata +++ b/odataorganizer/service.xsodata @@ -21,6 +21,7 @@ service { navigates ( "Events_Participants" as "Participants", "Events_CoOrganizers" as "CoOrganizers", + "Events_Devices" as "Devices", "Event_Changeable" as "EventChangeable", "Event_RegistrationNumbers" as "RegistrationNumbers", "Event_PrePostEveningEventNumbers" as "PrePostEveningEventNumbers" @@ -37,6 +38,14 @@ service { association "Events_CoOrganizers" principal "Events"("ID") multiplicity "1" dependent "CoOrganizers"("EventID") multiplicity "*"; + "com.sap.sapmentors.sitreg.data::SITreg.Device" as "Devices" + create using "com.sap.sapmentors.sitreg.odataorganizer.procedures::DeviceCreate" + update using "com.sap.sapmentors.sitreg.odataorganizer.procedures::DeviceUpdate" + delete forbidden; + + association "Events_Devices" principal "Events"("ID") multiplicity "1" + dependent "Devices"("EventID") multiplicity "*"; + "com.sap.sapmentors.sitreg.odataorganizer.procedures::EventChangeableRead" as "EventChangeable" key ("EventID") create forbidden update forbidden diff --git a/roles/organizer.hdbrole b/roles/organizer.hdbrole index 1006541..3678ebb 100644 --- a/roles/organizer.hdbrole +++ b/roles/organizer.hdbrole @@ -1,21 +1,20 @@ role com.sap.sapmentors.sitreg.roles::organizer { // catalog schema "SITREG": SELECT; sql object com.sap.sapmentors.sitreg.data::SITreg.Event: SELECT, INSERT, UPDATE; - sql object com.sap.sapmentors.sitreg.data::SITreg.CoOrganizer: SELECT, INSERT, UPDATE; + sql object com.sap.sapmentors.sitreg.data::SITreg.Device: SELECT, INSERT, UPDATE; + sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::DeviceCreate: EXECUTE; + sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::DeviceUpdate: EXECUTE; sql object com.sap.sapmentors.sitreg.odataparticipant.procedures::RegistrationNumbersRead: SELECT; sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::PrePostEveningEventNumbersRead: SELECT; sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::ParticipantsRead: SELECT; sql object com.sap.sapmentors.sitreg.odatareceptionist.procedures::TicketRead: SELECT; sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::EventChangeableRead: SELECT; - sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::CoOrganizerCreate: //Objecttype: PROCEDURE - EXECUTE; - sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::CoOrganizerUpdate: //Objecttype: PROCEDURE - EXECUTE; - sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::EventCreate: //Objecttype: PROCEDURE - EXECUTE; + sql object com.sap.sapmentors.sitreg.data::SITreg.CoOrganizer: SELECT, INSERT, UPDATE; + sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::CoOrganizerCreate: EXECUTE; + sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::CoOrganizerUpdate: EXECUTE; + sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::EventCreate: EXECUTE; sql object com.sap.sapmentors.sitreg.data::eventId: SELECT; - sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::EventUpdate: //Objecttype: PROCEDURE - EXECUTE; + sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::EventUpdate: EXECUTE; sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::UpdateWaitingList: EXECUTE; application privilege: "com.sap.sapmentors.sitreg.odataorganizer::organizer"; diff --git a/test/spec/Organizer.js b/test/spec/Organizer.js index 4797d46..910534f 100644 --- a/test/spec/Organizer.js +++ b/test/spec/Organizer.js @@ -111,6 +111,26 @@ describe("Read COORGANIZER's of event", function() { }); }); +describe("Add device to event", function() { + it("should add a new device to event", function() { + var xhr = addDevice(eventID, deviceID); + expect(xhr.status).toBe(201); + expect(xhr.statusText).toBe("Created"); + }); +}); + +describe("Read device of event", function() { + it("should read list of device's of an event", function() { + var uri = eventUri + "/Devices"; + var xhr = prepareRequest("GET", uri); + xhr.send(); + body = xhr.responseText ? JSON.parse(xhr.responseText) : ""; + expect(body.d.results[0].EventID).toBe(eventID); + expect(body.d.results[0].DeviceID).toBe(deviceID); + expect(body.d.results[0].Active).toBe("Y"); + }); +}); + describe("Logout ORGANIZER", function() { it("should logout ORGANIZER", function() { logout(csrfToken);