diff --git a/frontend/src/App.svelte b/frontend/src/App.svelte index 8629e24e..c41f7589 100644 --- a/frontend/src/App.svelte +++ b/frontend/src/App.svelte @@ -103,7 +103,8 @@ - + + diff --git a/frontend/src/routes/stock/Index.svelte b/frontend/src/routes/stock/Index.svelte index 0ab9d87a..7e59ef82 100644 --- a/frontend/src/routes/stock/Index.svelte +++ b/frontend/src/routes/stock/Index.svelte @@ -17,7 +17,7 @@ let location = $state(null); let draggedItem = $state(null) let draggedLocation = $state(null) - let { item_id, location_id, owner, owner_id } = $props(); + let { item_id, location_id, owner, owner_id, owner_number } = $props(); let skip_location = false; // disable effect on setting location within loadItem() $effect(() => { @@ -98,8 +98,8 @@ } async function loadItem(){ - if (!item_id) return; - const url = api(`stock/${owner}/${owner_id}/item/${item_id}`); + if (!item_id && !owner_number) return; + const url = item_id ? api(`stock/item/${item_id}`) : api(`stock/${owner}/${owner_id}/item/${owner_number}`); const res = await get(url); if (res.ok){ yikes(); @@ -116,7 +116,7 @@ } } for (let i of json.items){ - if (i.owner_number == +item_id) item = i; + if (i.owner_number == +owner_number) item = i; } } else { error(res); diff --git a/frontend/src/routes/stock/ItemProps.svelte b/frontend/src/routes/stock/ItemProps.svelte index a808eaf9..8347432b 100644 --- a/frontend/src/routes/stock/ItemProps.svelte +++ b/frontend/src/routes/stock/ItemProps.svelte @@ -74,6 +74,15 @@ Code: patc + + + + + {#each item.properties.toSorted(byName) as prop}
+ {t('ID')} + + {item.id} +
diff --git a/stock/src/main/java/de/srsoftware/umbrella/stock/StockModule.java b/stock/src/main/java/de/srsoftware/umbrella/stock/StockModule.java index bd8d574d..c8b3130e 100644 --- a/stock/src/main/java/de/srsoftware/umbrella/stock/StockModule.java +++ b/stock/src/main/java/de/srsoftware/umbrella/stock/StockModule.java @@ -27,6 +27,7 @@ import de.srsoftware.umbrella.core.api.Owner; import de.srsoftware.umbrella.core.api.StockService; import de.srsoftware.umbrella.core.constants.Field; import de.srsoftware.umbrella.core.constants.Path; +import de.srsoftware.umbrella.core.constants.Text; import de.srsoftware.umbrella.core.exceptions.UmbrellaException; import de.srsoftware.umbrella.core.model.*; import de.srsoftware.umbrella.core.model.Location; @@ -113,6 +114,7 @@ public class StockModule extends BaseHandler implements StockService { yield super.doGet(path,ex); } } + case Path.ITEM -> getItemById(user.get(),path,ex); case Path.LOCATION -> { try { var location = Location.of(Long.parseLong(path.pop())); @@ -155,6 +157,22 @@ public class StockModule extends BaseHandler implements StockService { } } + private boolean getItemById(UmbrellaUser user, de.srsoftware.tools.Path path, HttpExchange ex) throws IOException { + var head = path.pop(); + if (head == null) throw missingField(Field.ID); + try { + var itemId = Long.parseLong(head); + var item = stockDb.loadItem(itemId); + var owner = item.location().resolve().owner().resolve(); + boolean allowed = owner instanceof UmbrellaUser u && user.equals(u); + allowed = allowed || owner instanceof Company c && companyService().membership(c.id(),user.id()); + if (!allowed) throw forbidden("You are not allowed to access item {id}",ID,itemId); + return sendContent(ex,item); + } catch (NumberFormatException e) { + throw invalidField(Field.ID, Text.NUMBER); + } + } + @Override public boolean doPatch(de.srsoftware.tools.Path path, HttpExchange ex) throws IOException { addCors(ex);