From 2ba6787673a02b0529daed805c3b378035ebb432 Mon Sep 17 00:00:00 2001
From: philc <phc@ndda.fr>
Date: Mon, 30 Sep 2024 15:49:09 +0200
Subject: [PATCH] fix access right for create

---
 models/Odmdb.js | 50 ++++++++++++++++++++++++++++---------------------
 1 file changed, 29 insertions(+), 21 deletions(-)

diff --git a/models/Odmdb.js b/models/Odmdb.js
index 3685897..ad072fb 100644
--- a/models/Odmdb.js
+++ b/models/Odmdb.js
@@ -420,7 +420,8 @@ Odmdb.search = (objectPathname, objsearch, role) => {
     //console.log(role);
     const accessright = Odmdb.accessright(
       getschema.data.schema.apxaccessrights,
-      role
+      role,
+      Object.keys(getschema.data.schema.properties)
     );
     //console.log(accessright);
     if (objsearch.fields == "all") {
@@ -486,7 +487,8 @@ Odmdb.r = (objectPathname, apxid, role) => {
   }
   const accessright = Odmdb.accessright(
     getschema.data.schema.apxaccessrights,
-    role
+    role,
+    Object.keys(getschema.data.schema.properties)
   );
   if (!accessright.R) {
     return {
@@ -516,27 +518,25 @@ Odmdb.r = (objectPathname, apxid, role) => {
  * @returns access right  to C create if present, to read (properties list or all if empty), to Update properties list or all if empty, D elete
  * example: {"C":[],"R":[properties list],"U":[properties ist],"D":[]}
  */
-Odmdb.accessright = (apxaccessrights, role) => {
+Odmdb.accessright = (apxaccessrights, role, properties) => {
   //if (log) console.log(currentmod,"apxaccessrights",apxaccessrights)
   //if (log) console.log(currentmod,"role",role)
+  //if (log) console.log(currentmod,"properties",properties)
   const accessright = {};
   console.log();
-  role.xprofils.forEach((p) => {
+  role.xprofils.forEach(p => {
     if (apxaccessrights[p]) {
-      Object.keys(apxaccessrights[p]).forEach((act) => {
+      Object.keys(apxaccessrights[p]).forEach(act => {
+        if (apxaccessrights[p][act].length===0) apxaccessrights[p][act]=properties;
         if (!accessright[act]) {
           accessright[act] = apxaccessrights[p][act];
         } else {
-          if (accessright[act].length != 0) {
-            //case where [] that mean all accessright on any properties
             accessright[act] = [
               ...new Set([...accessright[act], ...apxaccessrights[p][act]]),
             ];
-          }
         }
-        //if (log) console.log(currentmod,act,accessright[act])
-      });
-    }
+    })
+  }
   });
   return accessright;
 };
@@ -619,14 +619,13 @@ Odmdb.cud = (objectPathname, crud, itm, role, runindex = true) => {
   //get accessright {C:[],R:[],U:[],D:[]} if exist means authorize, if array contain properties (for R and U) right is only allowed on properties
   const accessright = Odmdb.accessright(
     getschema.data.schema.apxaccessrights,
-    role
+    role,
+    Object.keys(getschema.data.schema.properties)
   );
-
+  Object.keys(accessright).forEach(act=>{
+    if (accessright[act].length===0) accessright[act]=Object.keys(getschema.data.schema.properties)
+  })
   if (log) console.log(currentmod, "Accessright to: ", accessright);
-  if (getschema.data.schema.apxaccessrights.contextrules) {
-    //Need to check context to validate accessright
-    //require('../../')
-  }
   if (
     (crud == "C" && !accessright.C) ||
     (crud == "D" && !accessright.D) ||
@@ -653,7 +652,7 @@ Odmdb.cud = (objectPathname, crud, itm, role, runindex = true) => {
     );
   } else {
     // if Create Update erase old version
-    let itmtostore = itm;
+    let itmtostore={};
     if (crud == "U" && accessright.U.length > 0) {
       itmtostore = itmold;
       const keynotallow = Object.keys(itm).filter(
@@ -667,10 +666,20 @@ Odmdb.cud = (objectPathname, crud, itm, role, runindex = true) => {
       //console.log(accessright)
       accessright.U.forEach(async (p) => {
         // check this propertie exist in the requested update itm
-        if (itm[p] && itm[p] != "") itmtostore[p] = itm[p];
+        if (itm[p] && itm[p] !== "") itmtostore[p] = itm[p];
       });
       itmtostore.dt_update = dayjs().toISOString();
     }
+    if (crud == "C"){
+      const keynotallow = Object.keys(itm).filter(
+        (el) => !accessright.C.includes(el)
+      );
+      accessright.C.forEach(async (p) => {
+        // check this propertie exist in the requested update itm
+        if (itm[p] && itm[p] !== "") itmtostore[p] = itm[p];
+      });
+      itmtostore.dt_create = dayjs().toISOString();
+    }
     Object.keys(itmtostore).forEach((k) => {
       // remove empty itmtostore in case they are =>
       console.log(k, itmtostore[k], itmtostore[k] === "");
@@ -707,11 +716,10 @@ Odmdb.cud = (objectPathname, crud, itm, role, runindex = true) => {
           fs.writeFileSync(`${objectPathname}/${filenameimg}`, imgb64, {
             encoding: "base64",
           });
-          itmtostore[k] = "";
+          delete itmtostore[k];
         }
       }
     });
-    if (crud == "C") itmtostore.dt_create = dayjs().toISOString();
     // check consistency of datatostore
     //console.log("itmstostore::::::", itmtostore);
     const chkdata = Checkjson.schema.data(