diff --git a/odataorganizer/service.xsodata b/odataorganizer/service.xsodata index 85d44b2..85486d7 100644 --- a/odataorganizer/service.xsodata +++ b/odataorganizer/service.xsodata @@ -46,6 +46,7 @@ service { dependent "EventChangeable"("EventID") multiplicity "1"; "com.sap.sapmentors.sitreg.odataorganizer.procedures::ParticipantsRead" as "Participants" key ("ID") + navigates ("Participant_Ticket" as "Ticket" ) create forbidden update forbidden delete forbidden; @@ -69,4 +70,13 @@ service { association "Event_PrePostEveningEventNumbers" principal "Events"("ID") multiplicity "1" dependent "PrePostEveningEventNumbers"("EventID") multiplicity "1"; + + // Read Ticket from View to restrict fields that can be read + "com.sap.sapmentors.sitreg.odatareceptionist.procedures::TicketRead" as "Ticket" key ("ParticipantID") + create forbidden + update forbidden + delete forbidden; + + association "Participant_Ticket" principal "Participants"("ID") multiplicity "1" + dependent "Ticket"("ParticipantID") multiplicity "1"; } \ No newline at end of file diff --git a/odatareceptionist/service.xsodata b/odatareceptionist/service.xsodata index 77bc596..690cd93 100644 --- a/odatareceptionist/service.xsodata +++ b/odatareceptionist/service.xsodata @@ -18,7 +18,7 @@ service { "com.sap.sapmentors.sitreg.odataparticipant.procedures::EventsRead" as "Events" key ("ID") - navigates ("Event_Ticket" as "Ticket", + navigates ("Event_Ticket" as "Tickets", "Event_Participants" as "Participants", "Event_RegistrationNumbers" as "RegistrationNumbers") create forbidden @@ -27,7 +27,7 @@ service { // Read Participants from View to restrict fields that can be read "com.sap.sapmentors.sitreg.odataparticipant.procedures::ParticipantsRead" as "Participants" key ("ID") - navigates ("Participant_Ticket" as "EventTicket" ) + navigates ("Participant_Ticket" as "Ticket" ) create forbidden update forbidden delete forbidden; @@ -45,7 +45,7 @@ service { delete forbidden; association "Event_Ticket" principal "Events"("ID") multiplicity "1" - dependent "Ticket"("EventID") multiplicity "1"; + dependent "Ticket"("EventID") multiplicity "*"; association "Event_Participants" principal "Events"("ID") multiplicity "1" dependent "Participants"("EventID") multiplicity "*"; association "Event_RegistrationNumbers" principal "Events"("ID") multiplicity "1" diff --git a/roles/organizer.hdbrole b/roles/organizer.hdbrole index 975bc6d..1006541 100644 --- a/roles/organizer.hdbrole +++ b/roles/organizer.hdbrole @@ -5,6 +5,7 @@ role com.sap.sapmentors.sitreg.roles::organizer { sql object com.sap.sapmentors.sitreg.odataparticipant.procedures::RegistrationNumbersRead: SELECT; sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::PrePostEveningEventNumbersRead: SELECT; sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::ParticipantsRead: SELECT; + sql object com.sap.sapmentors.sitreg.odatareceptionist.procedures::TicketRead: SELECT; sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::EventChangeableRead: SELECT; sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::CoOrganizerCreate: //Objecttype: PROCEDURE EXECUTE; diff --git a/test/spec/CoOrganizerReadParticipants.js b/test/spec/CoOrganizerReadParticipants.js index 64a7547..e7a0c5f 100644 --- a/test/spec/CoOrganizerReadParticipants.js +++ b/test/spec/CoOrganizerReadParticipants.js @@ -24,13 +24,14 @@ describe("Login COORGANIZER", function() { describe("Read participant details of event 1", function() { it("should return participant details", function() { - var participantUri = eventUri + "/Participants"; + var participantUri = eventUri + "/Participants?$expand=Ticket"; var xhr = prepareRequest("GET", participantUri); xhr.send(); expect(xhr.status).toBe(200); var body = xhr.responseText ? JSON.parse(xhr.responseText) : ""; expect(body.d.results.length).toBe(1); expect(body.d.results[0].EMail).toBe(EMail); + expect(body.d.results[0].Ticket.TicketUsed).toBe("N"); }); });