mirror of
https://we.phorge.it/source/phorge.git
synced 2024-09-20 01:08:50 +02:00
Update remaining Phortune merchant views to use Merchant Authority
Summary: See discussion in D11945. This finishes the rest of the merchant views to respect/use merchant authority in order to interact with objects. Test Plan: - As a merchant: accepted, refunded, updated, browsed orders. - As a non-merchant: couldn't do any of that stuff for orders I don't own. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Differential Revision: https://secure.phabricator.com/D11950
This commit is contained in:
epriestley
parent
ab4743b216
commit
2d9206a904
8 changed files with 81 additions and 57 deletions
|
|
@ -63,7 +63,6 @@ final class PhabricatorPhortuneApplication extends PhabricatorApplication {
|
|||
'checkout/' => 'PhortuneCartCheckoutController',
|
||||
'(?P<action>cancel|refund)/' => 'PhortuneCartCancelController',
|
||||
'update/' => 'PhortuneCartUpdateController',
|
||||
'accept/' => 'PhortuneCartAcceptController',
|
||||
),
|
||||
'account/' => array(
|
||||
'' => 'PhortuneAccountListController',
|
||||
|
|
|
|||
|
|
@ -13,22 +13,23 @@ final class PhortuneCartAcceptController
|
|||
$request = $this->getRequest();
|
||||
$viewer = $request->getUser();
|
||||
|
||||
// You must control the merchant to accept orders.
|
||||
$authority = $this->loadMerchantAuthority();
|
||||
if (!$authority) {
|
||||
return new Aphront404Response();
|
||||
}
|
||||
|
||||
$cart = id(new PhortuneCartQuery())
|
||||
->setViewer($viewer)
|
||||
->withIDs(array($this->id))
|
||||
->withMerchantPHIDs(array($authority->getPHID()))
|
||||
->needPurchases(true)
|
||||
->executeOne();
|
||||
if (!$cart) {
|
||||
return new Aphront404Response();
|
||||
}
|
||||
|
||||
// You must control the merchant to accept orders.
|
||||
PhabricatorPolicyFilter::requireCapability(
|
||||
$viewer,
|
||||
$cart->getMerchant(),
|
||||
PhabricatorPolicyCapability::CAN_EDIT);
|
||||
|
||||
$cancel_uri = $cart->getDetailURI();
|
||||
$cancel_uri = $cart->getDetailURI($authority);
|
||||
|
||||
if ($cart->getStatus() !== PhortuneCart::STATUS_REVIEW) {
|
||||
return $this->newDialog()
|
||||
|
|
|
|||
|
|
@ -15,11 +15,18 @@ final class PhortuneCartCancelController
|
|||
$request = $this->getRequest();
|
||||
$viewer = $request->getUser();
|
||||
|
||||
$cart = id(new PhortuneCartQuery())
|
||||
$authority = $this->loadMerchantAuthority();
|
||||
|
||||
$cart_query = id(new PhortuneCartQuery())
|
||||
->setViewer($viewer)
|
||||
->withIDs(array($this->id))
|
||||
->needPurchases(true)
|
||||
->executeOne();
|
||||
->needPurchases(true);
|
||||
|
||||
if ($authority) {
|
||||
$cart_query->withMerchantPHIDs(array($authority->getPHID()));
|
||||
}
|
||||
|
||||
$cart = $cart_query->executeOne();
|
||||
if (!$cart) {
|
||||
return new Aphront404Response();
|
||||
}
|
||||
|
|
@ -45,7 +52,7 @@ final class PhortuneCartCancelController
|
|||
return new Aphront404Response();
|
||||
}
|
||||
|
||||
$cancel_uri = $cart->getDetailURI();
|
||||
$cancel_uri = $cart->getDetailURI($authority);
|
||||
$merchant = $cart->getMerchant();
|
||||
|
||||
try {
|
||||
|
|
|
|||
|
|
@ -16,18 +16,6 @@ final class PhortuneCartListController
|
|||
|
||||
$engine = new PhortuneCartSearchEngine();
|
||||
|
||||
if ($subscription_id) {
|
||||
$subscription = id(new PhortuneSubscriptionQuery())
|
||||
->setViewer($viewer)
|
||||
->withIDs(array($subscription_id))
|
||||
->executeOne();
|
||||
if (!$subscription) {
|
||||
return new Aphront404Response();
|
||||
}
|
||||
$this->subscription = $subscription;
|
||||
$engine->setSubscription($subscription);
|
||||
}
|
||||
|
||||
if ($merchant_id) {
|
||||
$merchant = id(new PhortuneMerchantQuery())
|
||||
->setViewer($viewer)
|
||||
|
|
@ -63,6 +51,20 @@ final class PhortuneCartListController
|
|||
return new Aphront404Response();
|
||||
}
|
||||
|
||||
// NOTE: We must process this after processing the merchant authority, so
|
||||
// it becomes visible in merchant contexts.
|
||||
if ($subscription_id) {
|
||||
$subscription = id(new PhortuneSubscriptionQuery())
|
||||
->setViewer($viewer)
|
||||
->withIDs(array($subscription_id))
|
||||
->executeOne();
|
||||
if (!$subscription) {
|
||||
return new Aphront404Response();
|
||||
}
|
||||
$this->subscription = $subscription;
|
||||
$engine->setSubscription($subscription);
|
||||
}
|
||||
|
||||
$controller = id(new PhabricatorApplicationSearchController())
|
||||
->setQueryKey($request->getURIData('queryKey'))
|
||||
->setSearchEngine($engine)
|
||||
|
|
|
|||
|
|
@ -13,11 +13,18 @@ final class PhortuneCartUpdateController
|
|||
$request = $this->getRequest();
|
||||
$viewer = $request->getUser();
|
||||
|
||||
$cart = id(new PhortuneCartQuery())
|
||||
$authority = $this->loadMerchantAuthority();
|
||||
|
||||
$cart_query = id(new PhortuneCartQuery())
|
||||
->setViewer($viewer)
|
||||
->withIDs(array($this->id))
|
||||
->needPurchases(true)
|
||||
->executeOne();
|
||||
->needPurchases(true);
|
||||
|
||||
if ($authority) {
|
||||
$cart_query->withMerchantPHIDs(array($authority->getPHID()));
|
||||
}
|
||||
|
||||
$cart = $cart_query->executeOne();
|
||||
if (!$cart) {
|
||||
return new Aphront404Response();
|
||||
}
|
||||
|
|
@ -59,7 +66,7 @@ final class PhortuneCartUpdateController
|
|||
}
|
||||
|
||||
return id(new AphrontRedirectResponse())
|
||||
->setURI($cart->getDetailURI());
|
||||
->setURI($cart->getDetailURI($authority));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,9 +15,6 @@ final class PhortuneCartViewController
|
|||
|
||||
$authority = $this->loadMerchantAuthority();
|
||||
|
||||
// TODO: This (and the rest of the Cart controllers) need to be updated
|
||||
// to use merchant URIs and merchant authority.
|
||||
|
||||
$cart = id(new PhortuneCartQuery())
|
||||
->setViewer($viewer)
|
||||
->withIDs(array($this->id))
|
||||
|
|
@ -27,11 +24,6 @@ final class PhortuneCartViewController
|
|||
return new Aphront404Response();
|
||||
}
|
||||
|
||||
$can_admin = PhabricatorPolicyFilter::hasCapability(
|
||||
$viewer,
|
||||
$cart->getMerchant(),
|
||||
PhabricatorPolicyCapability::CAN_EDIT);
|
||||
|
||||
$cart_table = $this->buildCartContentTable($cart);
|
||||
|
||||
$can_edit = PhabricatorPolicyFilter::hasCapability(
|
||||
|
|
@ -78,7 +70,7 @@ final class PhortuneCartViewController
|
|||
}
|
||||
break;
|
||||
case PhortuneCart::STATUS_REVIEW:
|
||||
if ($can_admin) {
|
||||
if ($authority) {
|
||||
$errors[] = pht(
|
||||
'This order has been flagged for manual review. Review the order '.
|
||||
'and choose %s to accept it or %s to reject it.',
|
||||
|
|
@ -102,7 +94,7 @@ final class PhortuneCartViewController
|
|||
$actions = $this->buildActionListView(
|
||||
$cart,
|
||||
$can_edit,
|
||||
$can_admin,
|
||||
$authority,
|
||||
$resume_uri);
|
||||
$properties->setActionList($actions);
|
||||
|
||||
|
|
@ -228,7 +220,7 @@ final class PhortuneCartViewController
|
|||
private function buildActionListView(
|
||||
PhortuneCart $cart,
|
||||
$can_edit,
|
||||
$can_admin,
|
||||
$authority,
|
||||
$resume_uri) {
|
||||
|
||||
$viewer = $this->getRequest()->getUser();
|
||||
|
|
@ -240,10 +232,16 @@ final class PhortuneCartViewController
|
|||
|
||||
$can_cancel = ($can_edit && $cart->canCancelOrder());
|
||||
|
||||
$cancel_uri = $this->getApplicationURI("cart/{$id}/cancel/");
|
||||
$refund_uri = $this->getApplicationURI("cart/{$id}/refund/");
|
||||
$update_uri = $this->getApplicationURI("cart/{$id}/update/");
|
||||
$accept_uri = $this->getApplicationURI("cart/{$id}/accept/");
|
||||
if ($authority) {
|
||||
$prefix = 'merchant/'.$authority->getID().'/';
|
||||
} else {
|
||||
$prefix = '';
|
||||
}
|
||||
|
||||
$cancel_uri = $this->getApplicationURI("{$prefix}cart/{$id}/cancel/");
|
||||
$refund_uri = $this->getApplicationURI("{$prefix}cart/{$id}/refund/");
|
||||
$update_uri = $this->getApplicationURI("{$prefix}cart/{$id}/update/");
|
||||
$accept_uri = $this->getApplicationURI("{$prefix}cart/{$id}/accept/");
|
||||
|
||||
$view->addAction(
|
||||
id(new PhabricatorActionView())
|
||||
|
|
@ -253,7 +251,7 @@ final class PhortuneCartViewController
|
|||
->setWorkflow(true)
|
||||
->setHref($cancel_uri));
|
||||
|
||||
if ($can_admin) {
|
||||
if ($authority) {
|
||||
if ($cart->getStatus() == PhortuneCart::STATUS_REVIEW) {
|
||||
$view->addAction(
|
||||
id(new PhabricatorActionView())
|
||||
|
|
|
|||
|
|
@ -5,13 +5,18 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
|
|||
public function handleRequest(AphrontRequest $request) {
|
||||
$viewer = $this->getViewer();
|
||||
|
||||
$is_merchant = (bool)$this->loadMerchantAuthority();
|
||||
$authority = $this->loadMerchantAuthority();
|
||||
|
||||
$subscription = id(new PhortuneSubscriptionQuery())
|
||||
$subscription_query = id(new PhortuneSubscriptionQuery())
|
||||
->setViewer($viewer)
|
||||
->withIDs(array($request->getURIData('id')))
|
||||
->needTriggers(true)
|
||||
->executeOne();
|
||||
->needTriggers(true);
|
||||
|
||||
if ($authority) {
|
||||
$subscription_query->withMerchantPHIDs(array($authority->getPHID()));
|
||||
}
|
||||
|
||||
$subscription = $subscription_query->executeOne();
|
||||
if (!$subscription) {
|
||||
return new Aphront404Response();
|
||||
}
|
||||
|
|
@ -48,7 +53,7 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
|
|||
|
||||
|
||||
$crumbs = $this->buildApplicationCrumbs();
|
||||
if ($is_merchant) {
|
||||
if ($authority) {
|
||||
$this->addMerchantCrumb($crumbs, $merchant);
|
||||
} else {
|
||||
$this->addAccountCrumb($crumbs, $account);
|
||||
|
|
@ -83,8 +88,8 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
|
|||
->setHeader($header)
|
||||
->addPropertyList($properties);
|
||||
|
||||
$due_box = $this->buildDueInvoices($subscription, $is_merchant);
|
||||
$invoice_box = $this->buildPastInvoices($subscription, $is_merchant);
|
||||
$due_box = $this->buildDueInvoices($subscription, $authority);
|
||||
$invoice_box = $this->buildPastInvoices($subscription, $authority);
|
||||
|
||||
return $this->buildApplicationPage(
|
||||
array(
|
||||
|
|
@ -100,7 +105,7 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
|
|||
|
||||
private function buildDueInvoices(
|
||||
PhortuneSubscription $subscription,
|
||||
$is_merchant) {
|
||||
$authority) {
|
||||
$viewer = $this->getViewer();
|
||||
|
||||
$invoices = id(new PhortuneCartQuery())
|
||||
|
|
@ -124,7 +129,7 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
|
|||
->setUser($viewer)
|
||||
->setCarts($invoices)
|
||||
->setIsInvoices(true)
|
||||
->setIsMerchantView($is_merchant)
|
||||
->setIsMerchantView((bool)$authority)
|
||||
->setHandles($handles);
|
||||
|
||||
$invoice_header = id(new PHUIHeaderView())
|
||||
|
|
@ -137,7 +142,7 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
|
|||
|
||||
private function buildPastInvoices(
|
||||
PhortuneSubscription $subscription,
|
||||
$is_merchant) {
|
||||
$authority) {
|
||||
$viewer = $this->getViewer();
|
||||
|
||||
$invoices = id(new PhortuneCartQuery())
|
||||
|
|
@ -176,7 +181,7 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
|
|||
$merchant_id = $merchant->getID();
|
||||
$subscription_id = $subscription->getID();
|
||||
|
||||
if ($is_merchant) {
|
||||
if ($authority) {
|
||||
$invoices_uri = $this->getApplicationURI(
|
||||
"merchant/{$merchant_id}/subscription/order/{$subscription_id}/");
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -453,8 +453,13 @@ final class PhortuneCart extends PhortuneDAO
|
|||
return $this->getImplementation()->getCancelURI($this);
|
||||
}
|
||||
|
||||
public function getDetailURI() {
|
||||
return '/phortune/cart/'.$this->getID().'/';
|
||||
public function getDetailURI(PhortuneMerchant $authority = null) {
|
||||
if ($authority) {
|
||||
$prefix = 'merchant/'.$authority->getID().'/';
|
||||
} else {
|
||||
$prefix = '';
|
||||
}
|
||||
return '/phortune/'.$prefix.'cart/'.$this->getID().'/';
|
||||
}
|
||||
|
||||
public function getCheckoutURI() {
|
||||
|
|
|
|||
Loading…
Reference in a new issue