Skip to content

Commit

Permalink
Implemented Device table, odata access, new roles and tests #25
Browse files Browse the repository at this point in the history
  • Loading branch information
gregorwolf committed Oct 4, 2016
1 parent e8f4497 commit c679fef
Show file tree
Hide file tree
Showing 6 changed files with 201 additions and 10 deletions.
9 changes: 8 additions & 1 deletion data/SITreg.hdbdd
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ context SITreg {
type TicketUsedT : String(1) enum{ YES = 'Y'; NO = 'N'; };
type HashT : Binary(32);
type RegisterAsOrganizerStatus : String(1) enum{ ACCEPTED = 'A'; REJECTED = 'R'; PENDING = 'P'; };

type DeviceT : String(36);

type HistoryT {
CreatedBy : UserT;
Expand Down Expand Up @@ -71,6 +71,13 @@ context SITreg {
Active : String(1); // Y = Yes / N = No
};

entity Device {
key EventID : BusinessKey;
key DeviceID : DeviceT;
History : HistoryT;
Active : String(1); // Y = Yes / N = No
};

entity RelationToSAP {
key RelationToSAP : RelationToSAPT;
key Language : String(2);
Expand Down
74 changes: 74 additions & 0 deletions odataorganizer/procedures/DeviceCreate.hdbprocedure
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
--
-- Copyright 2016 SAP Mentors
--
-- Licensed under the Apache License, Version 2.0 (the "License");
-- you may not use this file except in compliance with the License.
-- You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
--
-- Unless required by applicable law or agreed to in writing, software
-- distributed under the License is distributed on an "AS IS" BASIS,
-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-- See the License for the specific language governing permissions and
-- limitations under the License.
--

PROCEDURE "SITREG"."com.sap.sapmentors.sitreg.odataorganizer.procedures::DeviceCreate" (
IN inrow "SITREG"."com.sap.sapmentors.sitreg.data::SITreg.Device",
OUT error "SITREG"."com.sap.sapmentors.sitreg.data::SITreg.error"
)
LANGUAGE SQLSCRIPT
SQL SECURITY INVOKER
DEFAULT SCHEMA SITREG
AS
BEGIN

DECLARE lv_Count INT;
DECLARE lv_EventID string;
DECLARE lv_DeviceID string;
DECLARE lv_Active string;
DECLARE lv_CreatedBy string;
DECLARE lv_CreatedAt string;
DECLARE lv_ChangedBy string;
DECLARE lv_ChangedAt string;

SELECT * INTO lv_EventID
, lv_DeviceID
, lv_CreatedBy
, lv_CreatedAt
, lv_ChangedBy
, lv_ChangedAt
, lv_Active
FROM :inrow;

-- Don't trust the provided Username. we read it from the current user
SELECT CURRENT_USER
INTO lv_CreatedBy
FROM DUMMY;

-- Check if provided Event ID belongs to the User
SELECT COUNT(ID) INTO lv_Count
FROM "com.sap.sapmentors.sitreg.data::SITreg.Event"
WHERE "ID" = lv_EventID
AND "History.CreatedBy" = lv_CreatedBy;

IF lv_Count = 1 THEN
INSERT INTO "com.sap.sapmentors.sitreg.data::SITreg.Device"
VALUES(
lv_EventID
, lv_DeviceID
, lv_CreatedBy
, CURRENT_TIMESTAMP
, lv_CreatedBy
, CURRENT_TIMESTAMP
, lv_Active
);
ELSE
error = SELECT 400 AS http_status_code,
'Event does not belong to you' AS error_message,
'' AS detail
FROM dummy;
END IF;

END;
82 changes: 82 additions & 0 deletions odataorganizer/procedures/DeviceUpdate.hdbprocedure
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
--
-- Copyright 2016 SAP Mentors
--
-- Licensed under the Apache License, Version 2.0 (the "License");
-- you may not use this file except in compliance with the License.
-- You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
--
-- Unless required by applicable law or agreed to in writing, software
-- distributed under the License is distributed on an "AS IS" BASIS,
-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-- See the License for the specific language governing permissions and
-- limitations under the License.
--

PROCEDURE "SITREG"."com.sap.sapmentors.sitreg.odataorganizer.procedures::DeviceUpdate" (
IN inrow "SITREG"."com.sap.sapmentors.sitreg.data::SITreg.Device",
IN oldrow "SITREG"."com.sap.sapmentors.sitreg.data::SITreg.Device",
OUT error "SITREG"."com.sap.sapmentors.sitreg.data::SITreg.error"
)
LANGUAGE SQLSCRIPT
SQL SECURITY INVOKER
DEFAULT SCHEMA SITREG
AS
BEGIN

DECLARE lv_Count INT;
DECLARE lv_EventID string;
DECLARE lv_DeviceID string;
DECLARE lv_Active string;
DECLARE lv_CreatedBy string;
DECLARE lv_CreatedAt string;
DECLARE lv_ChangedBy string;
DECLARE lv_ChangedAt string;

DECLARE lv_Active_tmp string;

SELECT * INTO lv_EventID
, lv_DeviceID
, lv_CreatedBy
, lv_CreatedAt
, lv_ChangedBy
, lv_ChangedAt
, lv_Active
FROM :inrow;

-- Don't trust the provided Username. We read it from the current user
SELECT CURRENT_USER INTO lv_ChangedBy FROM DUMMY;
-- Check if provided Event ID belongs to the User
SELECT COUNT(ID) INTO lv_Count
FROM "com.sap.sapmentors.sitreg.data::SITreg.Event"
WHERE "ID" = lv_EventID AND "History.CreatedBy" = lv_ChangedBy;

IF lv_Count = 1 THEN
SELECT "Active"
INTO lv_Active_tmp
FROM "com.sap.sapmentors.sitreg.data::SITreg.Device"
WHERE "EventID" = lv_EventID AND "DeviceID" = lv_DeviceID;
-- OData call can also contain just single attributes. We have to preserve the data
if lv_Active = '' then
lv_Active = lv_Active_tmp;
end if;

UPDATE "com.sap.sapmentors.sitreg.data::SITreg.Device"
SET "Active" = lv_Active
, "History.ChangedBy" = lv_ChangedBy
, "History.ChangedAt" = CURRENT_TIMESTAMP
WHERE "EventID" = lv_EventID AND "DeviceID" = lv_DeviceID;

if 1 = 2 then
error = select 400 as http_status_code,
'Update failed' error_message,
'' detail from dummy;
end if;
else
error = select 400 as http_status_code,
'Event does not exist' error_message,
'' detail from dummy;
end if;

END;
9 changes: 9 additions & 0 deletions odataorganizer/service.xsodata
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ service {
navigates (
"Events_Participants" as "Participants",
"Events_CoOrganizers" as "CoOrganizers",
"Events_Devices" as "Devices",
"Event_Changeable" as "EventChangeable",
"Event_RegistrationNumbers" as "RegistrationNumbers",
"Event_PrePostEveningEventNumbers" as "PrePostEveningEventNumbers"
Expand All @@ -37,6 +38,14 @@ service {
association "Events_CoOrganizers" principal "Events"("ID") multiplicity "1"
dependent "CoOrganizers"("EventID") multiplicity "*";

"com.sap.sapmentors.sitreg.data::SITreg.Device" as "Devices"
create using "com.sap.sapmentors.sitreg.odataorganizer.procedures::DeviceCreate"
update using "com.sap.sapmentors.sitreg.odataorganizer.procedures::DeviceUpdate"
delete forbidden;

association "Events_Devices" principal "Events"("ID") multiplicity "1"
dependent "Devices"("EventID") multiplicity "*";

"com.sap.sapmentors.sitreg.odataorganizer.procedures::EventChangeableRead" as "EventChangeable" key ("EventID")
create forbidden
update forbidden
Expand Down
17 changes: 8 additions & 9 deletions roles/organizer.hdbrole
Original file line number Diff line number Diff line change
@@ -1,21 +1,20 @@
role com.sap.sapmentors.sitreg.roles::organizer {
// catalog schema "SITREG": SELECT;
sql object com.sap.sapmentors.sitreg.data::SITreg.Event: SELECT, INSERT, UPDATE;
sql object com.sap.sapmentors.sitreg.data::SITreg.CoOrganizer: SELECT, INSERT, UPDATE;
sql object com.sap.sapmentors.sitreg.data::SITreg.Device: SELECT, INSERT, UPDATE;
sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::DeviceCreate: EXECUTE;
sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::DeviceUpdate: EXECUTE;
sql object com.sap.sapmentors.sitreg.odataparticipant.procedures::RegistrationNumbersRead: SELECT;
sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::PrePostEveningEventNumbersRead: SELECT;
sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::ParticipantsRead: SELECT;
sql object com.sap.sapmentors.sitreg.odatareceptionist.procedures::TicketRead: SELECT;
sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::EventChangeableRead: SELECT;
sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::CoOrganizerCreate: //Objecttype: PROCEDURE
EXECUTE;
sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::CoOrganizerUpdate: //Objecttype: PROCEDURE
EXECUTE;
sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::EventCreate: //Objecttype: PROCEDURE
EXECUTE;
sql object com.sap.sapmentors.sitreg.data::SITreg.CoOrganizer: SELECT, INSERT, UPDATE;
sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::CoOrganizerCreate: EXECUTE;
sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::CoOrganizerUpdate: EXECUTE;
sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::EventCreate: EXECUTE;
sql object com.sap.sapmentors.sitreg.data::eventId: SELECT;
sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::EventUpdate: //Objecttype: PROCEDURE
EXECUTE;
sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::EventUpdate: EXECUTE;
sql object com.sap.sapmentors.sitreg.odataorganizer.procedures::UpdateWaitingList: EXECUTE;

application privilege: "com.sap.sapmentors.sitreg.odataorganizer::organizer";
Expand Down
20 changes: 20 additions & 0 deletions test/spec/Organizer.js
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,26 @@ describe("Read COORGANIZER's of event", function() {
});
});

describe("Add device to event", function() {
it("should add a new device to event", function() {
var xhr = addDevice(eventID, deviceID);
expect(xhr.status).toBe(201);
expect(xhr.statusText).toBe("Created");
});
});

describe("Read device of event", function() {
it("should read list of device's of an event", function() {
var uri = eventUri + "/Devices";
var xhr = prepareRequest("GET", uri);
xhr.send();
body = xhr.responseText ? JSON.parse(xhr.responseText) : "";
expect(body.d.results[0].EventID).toBe(eventID);
expect(body.d.results[0].DeviceID).toBe(deviceID);
expect(body.d.results[0].Active).toBe("Y");
});
});

describe("Logout ORGANIZER", function() {
it("should logout ORGANIZER", function() {
logout(csrfToken);
Expand Down

0 comments on commit c679fef

Please sign in to comment.