np-dms/lcbp3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

690329:2209 Fixing refactor Correspondence GPT-5.3-Codex #04
CI / CD Pipeline / build (push) Successful in 20m35s
Details
CI / CD Pipeline / deploy (push) Successful in 10m59s
Details

Browse Source
This commit is contained in:
admin
2026-03-29 22:09:40 +07:00
parent df3020012d
commit abbdebf2b9
21 changed files with 4426 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/src/modules/correspondence/correspondence.service.spec.ts
+78
View File
@@ -1,6 +1,7 @@
import { Test, TestingModule } from '@nestjs/testing';
import { getRepositoryToken } from '@nestjs/typeorm';
import { DataSource, Repository } from 'typeorm';
import { ForbiddenException } from '@nestjs/common';
import { CorrespondenceService } from './correspondence.service';
import { Correspondence } from './entities/correspondence.entity';
import { CorrespondenceRevision } from './entities/correspondence-revision.entity';
@@ -173,6 +174,83 @@ describe('CorrespondenceService', () => {
});
describe('update', () => {
it('should allow non-draft update for org-admin+ permissions', async () => {
const mockUser = {
user_id: 1,
primaryOrganizationId: 10,
} as unknown as User;
const mockRevision = {
id: 100,
correspondenceId: 1,
isCurrent: true,
statusId: 23,
};
jest
.spyOn(revisionRepo, 'findOne')
.mockResolvedValue(mockRevision as unknown as CorrespondenceRevision);
const statusRepo = testingModule.get<Repository<CorrespondenceStatus>>(
getRepositoryToken(CorrespondenceStatus)
);
(statusRepo.findOne as jest.Mock).mockResolvedValue({
id: 23,
statusCode: 'SUBOWN',
});
const userService = testingModule.get<UserService>(UserService);
(userService.getUserPermissions as jest.Mock).mockResolvedValue([
'correspondence.cancel',
]);
jest.spyOn(correspondenceRepo, 'findOne').mockResolvedValue({
id: 1,
publicId: 'corr-uuid-1',
correspondenceNumber: 'CORR-001',
projectId: 1,
createdAt: new Date(),
revisions: [],
} as unknown as Correspondence);
await expect(
service.update(1, { subject: 'Updated Subject' }, mockUser)
).resolves.toBeDefined();
});
it('should reject non-draft update for non-admin permissions', async () => {
const mockUser = {
user_id: 2,
primaryOrganizationId: 10,
} as unknown as User;
const mockRevision = {
id: 101,
correspondenceId: 2,
isCurrent: true,
statusId: 23,
};
jest
.spyOn(revisionRepo, 'findOne')
.mockResolvedValue(mockRevision as unknown as CorrespondenceRevision);
const statusRepo = testingModule.get<Repository<CorrespondenceStatus>>(
getRepositoryToken(CorrespondenceStatus)
);
(statusRepo.findOne as jest.Mock).mockResolvedValue({
id: 23,
statusCode: 'SUBOWN',
});
const userService = testingModule.get<UserService>(UserService);
(userService.getUserPermissions as jest.Mock).mockResolvedValue([
'correspondence.edit',
]);
await expect(
service.update(2, { subject: 'Should Fail' }, mockUser)
).rejects.toThrow(ForbiddenException);
});
it('should NOT regenerate number if critical fields unchanged', async () => {
const mockUser = { id: 1, primaryOrganizationId: 10 } as unknown as User;
const mockRevision = {
backend/src/modules/correspondence/correspondence.service.ts
+13 -1
View File
@@ -631,8 +631,20 @@ export class CorrespondenceService {
const status = await this.statusRepo.findOne({
where: { id: revision.statusId },
});
if (status && status.statusCode !== 'DRAFT') {
throw new BadRequestException('Only DRAFT documents can be updated');
const permissions = await this.userService.getUserPermissions(
user.user_id
);
const canEditSubmittedOrLater =
permissions.includes('correspondence.cancel') ||
permissions.includes('system.manage_all');
if (!canEditSubmittedOrLater) {
throw new ForbiddenException(
'Only Org Admin or Superadmin can edit non-draft correspondences'
);
}
}
}