feature(Requisition Request)

- Restoring the Activate the restriction of distribution depots option
- For the management of requisitions, you can only make a requisition for a deposit for which you have the right to manage
- when the restrict distribution option is activated, the requisition request can only be made to a structure that is authorized to distribute to the requesting depot
- Cancel the supplier depot selection if the user changes the requesting
  depot
- Restrict the display of the requisition register to depots managed by the user either as a requestor or as a supplier
- Added the ability to select a parent repository without selecting child repositories

closes #6875

client/src/i18n/en/stock.json

@@ -72,6 +72,7 @@
     "TRACK_CONSUMPTION":"Track consumption",
     "TRACK_EXPIRATION":"Track expiration",
     "ERRORS" : {
+      "DEPOT_NOT_ALLOWED_DISTRIBUTE": "ERROR! <b>'{{ depot }}'</b> depot is not allowed to distribute to any depot",
       "EXCESSIVE_QUANTITY": "Excessive Quantity",
       "INVALID_GLOBAL_QUANTITY" : "Invalid Global Lot's Quantity",
       "INVALID_LOT_EXPIRATION" : "Invalid Lot Expiration Date",

client/src/i18n/fr/stock.json

@@ -72,6 +72,7 @@
     "TRACK_CONSUMPTION":"Suivre la consommation",
     "TRACK_EXPIRATION":"Suivre l'expiration",
     "ERRORS" : {
+      "DEPOT_NOT_ALLOWED_DISTRIBUTE": "ERREUR ! <strong>'{{ depot }}'</strong> n'est pas autorisé à distribuer vers aucun dépôt",
       "EXCESSIVE_QUANTITY": "Quantité excessive",
       "INVALID_GLOBAL_QUANTITY" : "Quantité globale des lots invalide",
       "INVALID_LOT_EXPIRATION" : "Date d'expiration invalide",

client/src/js/components/bhDepotSelect/bhDepotSelect.js

@@ -6,9 +6,11 @@ angular.module('bhima.components')
     bindings    : {
       depotUuid        : '<',
       filterByUserPermission  : '@?',
+      filterAuthorizedDepotForDistribution : '@?',
       onSelectCallback : '&',
       label            : '@?',
       required         : '<?',
+      disabled         : '<?',
       exception        : '<?', // uuid string or an array of uuids
     },
   });
@@ -62,6 +64,10 @@ function DepotSelectController(Depots, Notify) {
       options.only_user = true;
     }
 
+    if ($ctrl.filterAuthorizedDepotForDistribution) {
+      options.only_distributor = true;
+    }
+
     return Depots.searchByName(options);
   };
 

client/src/js/components/bhDepotSelect/bhDepotSelect.tmpl.html

@@ -22,6 +22,7 @@
       typeahead-min-length="0"
       autocomplete="off"
       translate-attr="{ 'placeholder': 'FORM.SELECT.DEPOT' }"
+      ng-disabled="$ctrl.disabled"
       ng-required="$ctrl.required">
 
     <span ng-show="$ctrl.$loading" class="glyphicon glyphicon-hourglass form-control-feedback"></span>

client/src/js/components/bhServiceOrDepot/bhServiceOrDepot.html

@@ -42,6 +42,7 @@
   <div ng-if="$ctrl.requestorType.type_key === 'depot'">
     <bh-depot-select
       depot-uuid="$ctrl.uuid"
+      filter-by-user-permission="true"
       label="REQUISITION.DEPOT_REQUESTOR"
       on-select-callback="$ctrl.onSelectRequestor(depot)"
       required="true">

client/src/modules/depots/modals/depot.modal.html

@@ -185,6 +185,7 @@
               <input type="checkbox" id="{{depot.uuid}}" ng-model="depot._checked" ng-change="DepotModalCtrl.setNodeValue(depot.children, depot)" />
               <span translate>{{depot.text}}</span>
             </label>
+            <span class="fa fa-arrow-left" role="button" ng-click="DepotModalCtrl.setRootValue(depot)"></span>
           </div>
         </div>
       </div>

client/src/modules/depots/modals/depot.modal.js

@@ -148,6 +148,11 @@ function DepotModalController($state, Depots, Notify, Session, params, FormatTre
   }
   vm.setNodeValue = setNodeValue;
 
+  function setRootValue(depot) {
+    depot._checked = !depot._checked;
+  }
+  vm.setRootValue = setRootValue;
+
   function setAllNodeValue(depots, allStatus) {
     depots.forEach(depot => {
       depot._checked = allStatus;

client/src/modules/stock/exit/modals/findDepot.modal.js

@@ -25,41 +25,37 @@ function StockFindDepotModalController(
   vm.submit = submit;
   vm.cancel = cancel;
 
-  // Make sure this user has permissions to exit from this depot
+  // Make sure this depot is Allowed to distribute to destination depots
   if (enableStrictDepotDistribution) {
-    Depot.read(Data.depot.uuid, { only_user : true })
-      .then(originDepot => {
-        if (!originDepot) {
+    Depot.read(Data.depot.uuid)
+      .then(depot => {
+        // forbid to distribute to the same depot
+        vm.depots = extractDepotFromCollection(Data.depot.uuid, depot.distribution_depots);
+
+        if (!vm.depots.length) {
           Instance.close();
-          const errMsg = $translate.instant('STOCK.ERRORS.NO_PERMISSION_ORIGIN_DEPOT',
+          const errMsg = $translate.instant('STOCK.ERRORS.DEPOT_NOT_ALLOWED_DISTRIBUTE',
             { depot : vm.depot.text });
           Modal.alert(errMsg);
         }
-      });
+      })
+      .catch(Notify.handleError);
+  } else {
+    Depot.read()
+      .then(depots => {
+        // set defined the previous selected depot
+        if (Data.entity_uuid) {
+          const currentDepot = depots.find(item => item.uuid === Data.entity_uuid);
+          vm.selected = currentDepot || {};
+        }
+
+        // forbid to distribute to the same depot
+        vm.depots = extractDepotFromCollection(Data.depot.uuid, depots);
+      })
+      .catch(Notify.handleError);
   }
 
-  // Load the depots
-  Depot.read()
-    .then(depots => {
-      // NOTE: We do not care about the 'enableStrictDepotDistribution' flag for the
-      //       the destination depot since the user doing the stock exit (here) does
-      //       not necessarily need permission to access the destination depot.
-
-      // set the previous selected depot (if given)
-      if (Data.entity_uuid) {
-        const currentDepot = depots.find(item => item.uuid === Data.entity_uuid);
-        vm.selected = currentDepot || {};
-      }
-
-      // Prevent distribution to the same depot
-      vm.depots = removeDepotFromCollection(Data.depot.uuid, depots);
-    })
-    .finally(() => {
-      vm.loading = false;
-    })
-    .catch(Notify.handleError);
-
-  function removeDepotFromCollection(depotUuid, collection) {
+  function extractDepotFromCollection(depotUuid, collection) {
     return collection.filter(depot => depot.uuid !== depotUuid);
   }
 

client/src/modules/stock/requisition/modals/action.modal.html

@@ -32,10 +32,11 @@
     <div id="depot-supplier" class="form-group">
       <bh-depot-select
         depot-uuid="$ctrl.model.depot_uuid"
-        filter-by-user-permission="true"
         label="REQUISITION.DEPOT_SUPPLIER"
+        filter-authorized-depot-for-distribution="true"
         required="true"
         exception="$ctrl.model.requestor_uuid"
+        disabled="!$ctrl.model.requestor_uuid"
         on-select-callback="$ctrl.onSelectDepot(depot)">
       </bh-depot-select>
     </div>

server/controllers/inventory/depots/index.js

@@ -435,6 +435,12 @@ function searchByName(req, res, next) {
     options.user_id = req.session.user.id;
   }
 
+  // When the enable_strict_depot_distribution option is activated, you can only make
+  // a requisition request if the supplier depot is configured to distribute to the beneficiary depot
+  if (req.query.only_distributor && req.session.stock_settings.enable_strict_depot_distribution) {
+    options.only_distributor_for = req.query.exception;
+  }
+
   options.exception = req.query.exception;
   options.limit = req.query.limit || 10;
   options.enterprise_id = req.session.enterprise.id;
@@ -443,7 +449,7 @@ function searchByName(req, res, next) {
     return next(new BadRequest('text attribute must be specified for a name search'));
   }
 
-  db.convert(options, ['exception']);
+  db.convert(options, ['exception', 'only_distributor_for']);
 
   const filters = new FilterParser(options, { tableAlias : 'd' });
 
@@ -470,6 +476,11 @@ function searchByName(req, res, next) {
     'd.uuid IN (SELECT depot_permission.depot_uuid FROM depot_permission WHERE depot_permission.user_id = ?)',
   );
 
+  filters.custom(
+    'only_distributor_for',
+    'd.uuid IN (SELECT dp.depot_uuid FROM depot_distribution_permission AS dp WHERE dp.distribution_depot_uuid = ?)',
+  );
+
   filters.fullText('text', 'text', 'd');
   filters.equals('enterprise_id', 'enterprise_id', 'd');
   filters.setOrder('ORDER BY d.text');

server/controllers/stock/requisition/requisition.js

@@ -134,6 +134,14 @@ function getStockRequisition(params) {
   filters.custom('status', 'sr.status_id IN (?)', [params.status]);
   filters.setOrder('ORDER BY sr.date DESC');
 
+  // depot permission check
+  filters.custom(
+    'check_user_id',
+    `((d.uuid IN (SELECT depot_uuid FROM depot_permission WHERE user_id = ?))
+     OR (dd.uuid IN (SELECT depot_uuid FROM depot_permission WHERE user_id = ?)))`,
+    [params.check_user_id, params.check_user_id],
+  );
+
   const query = filters.applyQuery(SELECT_QUERY);
   const queryParameters = filters.parameters();
   return { query, queryParameters };
@@ -154,6 +162,11 @@ exports.details = async (req, res, next) => {
 exports.list = async (req, res, next) => {
   try {
     const params = binarize(req.query);
+
+    if (req.session.stock_settings.enable_strict_depot_permission) {
+      params.check_user_id = req.session.user.id;
+    }
+
     const sr = getStockRequisition(params);
     const result = await db.exec(sr.query, sr.queryParameters);
     res.status(200).json(result);