mirror of
https://we.phorge.it/source/phorge.git
synced 2025-01-25 22:18:19 +01:00
Update remaining Phortune merchant views to use Merchant Authority
Summary: See discussion in D11945. This finishes the rest of the merchant views to respect/use merchant authority in order to interact with objects. Test Plan: - As a merchant: accepted, refunded, updated, browsed orders. - As a non-merchant: couldn't do any of that stuff for orders I don't own. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Differential Revision: https://secure.phabricator.com/D11950
This commit is contained in:
parent
ab4743b216
commit
2d9206a904
8 changed files with 81 additions and 57 deletions
|
@ -63,7 +63,6 @@ final class PhabricatorPhortuneApplication extends PhabricatorApplication {
|
||||||
'checkout/' => 'PhortuneCartCheckoutController',
|
'checkout/' => 'PhortuneCartCheckoutController',
|
||||||
'(?P<action>cancel|refund)/' => 'PhortuneCartCancelController',
|
'(?P<action>cancel|refund)/' => 'PhortuneCartCancelController',
|
||||||
'update/' => 'PhortuneCartUpdateController',
|
'update/' => 'PhortuneCartUpdateController',
|
||||||
'accept/' => 'PhortuneCartAcceptController',
|
|
||||||
),
|
),
|
||||||
'account/' => array(
|
'account/' => array(
|
||||||
'' => 'PhortuneAccountListController',
|
'' => 'PhortuneAccountListController',
|
||||||
|
|
|
@ -13,22 +13,23 @@ final class PhortuneCartAcceptController
|
||||||
$request = $this->getRequest();
|
$request = $this->getRequest();
|
||||||
$viewer = $request->getUser();
|
$viewer = $request->getUser();
|
||||||
|
|
||||||
|
// You must control the merchant to accept orders.
|
||||||
|
$authority = $this->loadMerchantAuthority();
|
||||||
|
if (!$authority) {
|
||||||
|
return new Aphront404Response();
|
||||||
|
}
|
||||||
|
|
||||||
$cart = id(new PhortuneCartQuery())
|
$cart = id(new PhortuneCartQuery())
|
||||||
->setViewer($viewer)
|
->setViewer($viewer)
|
||||||
->withIDs(array($this->id))
|
->withIDs(array($this->id))
|
||||||
|
->withMerchantPHIDs(array($authority->getPHID()))
|
||||||
->needPurchases(true)
|
->needPurchases(true)
|
||||||
->executeOne();
|
->executeOne();
|
||||||
if (!$cart) {
|
if (!$cart) {
|
||||||
return new Aphront404Response();
|
return new Aphront404Response();
|
||||||
}
|
}
|
||||||
|
|
||||||
// You must control the merchant to accept orders.
|
$cancel_uri = $cart->getDetailURI($authority);
|
||||||
PhabricatorPolicyFilter::requireCapability(
|
|
||||||
$viewer,
|
|
||||||
$cart->getMerchant(),
|
|
||||||
PhabricatorPolicyCapability::CAN_EDIT);
|
|
||||||
|
|
||||||
$cancel_uri = $cart->getDetailURI();
|
|
||||||
|
|
||||||
if ($cart->getStatus() !== PhortuneCart::STATUS_REVIEW) {
|
if ($cart->getStatus() !== PhortuneCart::STATUS_REVIEW) {
|
||||||
return $this->newDialog()
|
return $this->newDialog()
|
||||||
|
|
|
@ -15,11 +15,18 @@ final class PhortuneCartCancelController
|
||||||
$request = $this->getRequest();
|
$request = $this->getRequest();
|
||||||
$viewer = $request->getUser();
|
$viewer = $request->getUser();
|
||||||
|
|
||||||
$cart = id(new PhortuneCartQuery())
|
$authority = $this->loadMerchantAuthority();
|
||||||
|
|
||||||
|
$cart_query = id(new PhortuneCartQuery())
|
||||||
->setViewer($viewer)
|
->setViewer($viewer)
|
||||||
->withIDs(array($this->id))
|
->withIDs(array($this->id))
|
||||||
->needPurchases(true)
|
->needPurchases(true);
|
||||||
->executeOne();
|
|
||||||
|
if ($authority) {
|
||||||
|
$cart_query->withMerchantPHIDs(array($authority->getPHID()));
|
||||||
|
}
|
||||||
|
|
||||||
|
$cart = $cart_query->executeOne();
|
||||||
if (!$cart) {
|
if (!$cart) {
|
||||||
return new Aphront404Response();
|
return new Aphront404Response();
|
||||||
}
|
}
|
||||||
|
@ -45,7 +52,7 @@ final class PhortuneCartCancelController
|
||||||
return new Aphront404Response();
|
return new Aphront404Response();
|
||||||
}
|
}
|
||||||
|
|
||||||
$cancel_uri = $cart->getDetailURI();
|
$cancel_uri = $cart->getDetailURI($authority);
|
||||||
$merchant = $cart->getMerchant();
|
$merchant = $cart->getMerchant();
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|
|
@ -16,18 +16,6 @@ final class PhortuneCartListController
|
||||||
|
|
||||||
$engine = new PhortuneCartSearchEngine();
|
$engine = new PhortuneCartSearchEngine();
|
||||||
|
|
||||||
if ($subscription_id) {
|
|
||||||
$subscription = id(new PhortuneSubscriptionQuery())
|
|
||||||
->setViewer($viewer)
|
|
||||||
->withIDs(array($subscription_id))
|
|
||||||
->executeOne();
|
|
||||||
if (!$subscription) {
|
|
||||||
return new Aphront404Response();
|
|
||||||
}
|
|
||||||
$this->subscription = $subscription;
|
|
||||||
$engine->setSubscription($subscription);
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($merchant_id) {
|
if ($merchant_id) {
|
||||||
$merchant = id(new PhortuneMerchantQuery())
|
$merchant = id(new PhortuneMerchantQuery())
|
||||||
->setViewer($viewer)
|
->setViewer($viewer)
|
||||||
|
@ -63,6 +51,20 @@ final class PhortuneCartListController
|
||||||
return new Aphront404Response();
|
return new Aphront404Response();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// NOTE: We must process this after processing the merchant authority, so
|
||||||
|
// it becomes visible in merchant contexts.
|
||||||
|
if ($subscription_id) {
|
||||||
|
$subscription = id(new PhortuneSubscriptionQuery())
|
||||||
|
->setViewer($viewer)
|
||||||
|
->withIDs(array($subscription_id))
|
||||||
|
->executeOne();
|
||||||
|
if (!$subscription) {
|
||||||
|
return new Aphront404Response();
|
||||||
|
}
|
||||||
|
$this->subscription = $subscription;
|
||||||
|
$engine->setSubscription($subscription);
|
||||||
|
}
|
||||||
|
|
||||||
$controller = id(new PhabricatorApplicationSearchController())
|
$controller = id(new PhabricatorApplicationSearchController())
|
||||||
->setQueryKey($request->getURIData('queryKey'))
|
->setQueryKey($request->getURIData('queryKey'))
|
||||||
->setSearchEngine($engine)
|
->setSearchEngine($engine)
|
||||||
|
|
|
@ -13,11 +13,18 @@ final class PhortuneCartUpdateController
|
||||||
$request = $this->getRequest();
|
$request = $this->getRequest();
|
||||||
$viewer = $request->getUser();
|
$viewer = $request->getUser();
|
||||||
|
|
||||||
$cart = id(new PhortuneCartQuery())
|
$authority = $this->loadMerchantAuthority();
|
||||||
|
|
||||||
|
$cart_query = id(new PhortuneCartQuery())
|
||||||
->setViewer($viewer)
|
->setViewer($viewer)
|
||||||
->withIDs(array($this->id))
|
->withIDs(array($this->id))
|
||||||
->needPurchases(true)
|
->needPurchases(true);
|
||||||
->executeOne();
|
|
||||||
|
if ($authority) {
|
||||||
|
$cart_query->withMerchantPHIDs(array($authority->getPHID()));
|
||||||
|
}
|
||||||
|
|
||||||
|
$cart = $cart_query->executeOne();
|
||||||
if (!$cart) {
|
if (!$cart) {
|
||||||
return new Aphront404Response();
|
return new Aphront404Response();
|
||||||
}
|
}
|
||||||
|
@ -59,7 +66,7 @@ final class PhortuneCartUpdateController
|
||||||
}
|
}
|
||||||
|
|
||||||
return id(new AphrontRedirectResponse())
|
return id(new AphrontRedirectResponse())
|
||||||
->setURI($cart->getDetailURI());
|
->setURI($cart->getDetailURI($authority));
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,9 +15,6 @@ final class PhortuneCartViewController
|
||||||
|
|
||||||
$authority = $this->loadMerchantAuthority();
|
$authority = $this->loadMerchantAuthority();
|
||||||
|
|
||||||
// TODO: This (and the rest of the Cart controllers) need to be updated
|
|
||||||
// to use merchant URIs and merchant authority.
|
|
||||||
|
|
||||||
$cart = id(new PhortuneCartQuery())
|
$cart = id(new PhortuneCartQuery())
|
||||||
->setViewer($viewer)
|
->setViewer($viewer)
|
||||||
->withIDs(array($this->id))
|
->withIDs(array($this->id))
|
||||||
|
@ -27,11 +24,6 @@ final class PhortuneCartViewController
|
||||||
return new Aphront404Response();
|
return new Aphront404Response();
|
||||||
}
|
}
|
||||||
|
|
||||||
$can_admin = PhabricatorPolicyFilter::hasCapability(
|
|
||||||
$viewer,
|
|
||||||
$cart->getMerchant(),
|
|
||||||
PhabricatorPolicyCapability::CAN_EDIT);
|
|
||||||
|
|
||||||
$cart_table = $this->buildCartContentTable($cart);
|
$cart_table = $this->buildCartContentTable($cart);
|
||||||
|
|
||||||
$can_edit = PhabricatorPolicyFilter::hasCapability(
|
$can_edit = PhabricatorPolicyFilter::hasCapability(
|
||||||
|
@ -78,7 +70,7 @@ final class PhortuneCartViewController
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case PhortuneCart::STATUS_REVIEW:
|
case PhortuneCart::STATUS_REVIEW:
|
||||||
if ($can_admin) {
|
if ($authority) {
|
||||||
$errors[] = pht(
|
$errors[] = pht(
|
||||||
'This order has been flagged for manual review. Review the order '.
|
'This order has been flagged for manual review. Review the order '.
|
||||||
'and choose %s to accept it or %s to reject it.',
|
'and choose %s to accept it or %s to reject it.',
|
||||||
|
@ -102,7 +94,7 @@ final class PhortuneCartViewController
|
||||||
$actions = $this->buildActionListView(
|
$actions = $this->buildActionListView(
|
||||||
$cart,
|
$cart,
|
||||||
$can_edit,
|
$can_edit,
|
||||||
$can_admin,
|
$authority,
|
||||||
$resume_uri);
|
$resume_uri);
|
||||||
$properties->setActionList($actions);
|
$properties->setActionList($actions);
|
||||||
|
|
||||||
|
@ -228,7 +220,7 @@ final class PhortuneCartViewController
|
||||||
private function buildActionListView(
|
private function buildActionListView(
|
||||||
PhortuneCart $cart,
|
PhortuneCart $cart,
|
||||||
$can_edit,
|
$can_edit,
|
||||||
$can_admin,
|
$authority,
|
||||||
$resume_uri) {
|
$resume_uri) {
|
||||||
|
|
||||||
$viewer = $this->getRequest()->getUser();
|
$viewer = $this->getRequest()->getUser();
|
||||||
|
@ -240,10 +232,16 @@ final class PhortuneCartViewController
|
||||||
|
|
||||||
$can_cancel = ($can_edit && $cart->canCancelOrder());
|
$can_cancel = ($can_edit && $cart->canCancelOrder());
|
||||||
|
|
||||||
$cancel_uri = $this->getApplicationURI("cart/{$id}/cancel/");
|
if ($authority) {
|
||||||
$refund_uri = $this->getApplicationURI("cart/{$id}/refund/");
|
$prefix = 'merchant/'.$authority->getID().'/';
|
||||||
$update_uri = $this->getApplicationURI("cart/{$id}/update/");
|
} else {
|
||||||
$accept_uri = $this->getApplicationURI("cart/{$id}/accept/");
|
$prefix = '';
|
||||||
|
}
|
||||||
|
|
||||||
|
$cancel_uri = $this->getApplicationURI("{$prefix}cart/{$id}/cancel/");
|
||||||
|
$refund_uri = $this->getApplicationURI("{$prefix}cart/{$id}/refund/");
|
||||||
|
$update_uri = $this->getApplicationURI("{$prefix}cart/{$id}/update/");
|
||||||
|
$accept_uri = $this->getApplicationURI("{$prefix}cart/{$id}/accept/");
|
||||||
|
|
||||||
$view->addAction(
|
$view->addAction(
|
||||||
id(new PhabricatorActionView())
|
id(new PhabricatorActionView())
|
||||||
|
@ -253,7 +251,7 @@ final class PhortuneCartViewController
|
||||||
->setWorkflow(true)
|
->setWorkflow(true)
|
||||||
->setHref($cancel_uri));
|
->setHref($cancel_uri));
|
||||||
|
|
||||||
if ($can_admin) {
|
if ($authority) {
|
||||||
if ($cart->getStatus() == PhortuneCart::STATUS_REVIEW) {
|
if ($cart->getStatus() == PhortuneCart::STATUS_REVIEW) {
|
||||||
$view->addAction(
|
$view->addAction(
|
||||||
id(new PhabricatorActionView())
|
id(new PhabricatorActionView())
|
||||||
|
|
|
@ -5,13 +5,18 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
|
||||||
public function handleRequest(AphrontRequest $request) {
|
public function handleRequest(AphrontRequest $request) {
|
||||||
$viewer = $this->getViewer();
|
$viewer = $this->getViewer();
|
||||||
|
|
||||||
$is_merchant = (bool)$this->loadMerchantAuthority();
|
$authority = $this->loadMerchantAuthority();
|
||||||
|
|
||||||
$subscription = id(new PhortuneSubscriptionQuery())
|
$subscription_query = id(new PhortuneSubscriptionQuery())
|
||||||
->setViewer($viewer)
|
->setViewer($viewer)
|
||||||
->withIDs(array($request->getURIData('id')))
|
->withIDs(array($request->getURIData('id')))
|
||||||
->needTriggers(true)
|
->needTriggers(true);
|
||||||
->executeOne();
|
|
||||||
|
if ($authority) {
|
||||||
|
$subscription_query->withMerchantPHIDs(array($authority->getPHID()));
|
||||||
|
}
|
||||||
|
|
||||||
|
$subscription = $subscription_query->executeOne();
|
||||||
if (!$subscription) {
|
if (!$subscription) {
|
||||||
return new Aphront404Response();
|
return new Aphront404Response();
|
||||||
}
|
}
|
||||||
|
@ -48,7 +53,7 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
|
||||||
|
|
||||||
|
|
||||||
$crumbs = $this->buildApplicationCrumbs();
|
$crumbs = $this->buildApplicationCrumbs();
|
||||||
if ($is_merchant) {
|
if ($authority) {
|
||||||
$this->addMerchantCrumb($crumbs, $merchant);
|
$this->addMerchantCrumb($crumbs, $merchant);
|
||||||
} else {
|
} else {
|
||||||
$this->addAccountCrumb($crumbs, $account);
|
$this->addAccountCrumb($crumbs, $account);
|
||||||
|
@ -83,8 +88,8 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
|
||||||
->setHeader($header)
|
->setHeader($header)
|
||||||
->addPropertyList($properties);
|
->addPropertyList($properties);
|
||||||
|
|
||||||
$due_box = $this->buildDueInvoices($subscription, $is_merchant);
|
$due_box = $this->buildDueInvoices($subscription, $authority);
|
||||||
$invoice_box = $this->buildPastInvoices($subscription, $is_merchant);
|
$invoice_box = $this->buildPastInvoices($subscription, $authority);
|
||||||
|
|
||||||
return $this->buildApplicationPage(
|
return $this->buildApplicationPage(
|
||||||
array(
|
array(
|
||||||
|
@ -100,7 +105,7 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
|
||||||
|
|
||||||
private function buildDueInvoices(
|
private function buildDueInvoices(
|
||||||
PhortuneSubscription $subscription,
|
PhortuneSubscription $subscription,
|
||||||
$is_merchant) {
|
$authority) {
|
||||||
$viewer = $this->getViewer();
|
$viewer = $this->getViewer();
|
||||||
|
|
||||||
$invoices = id(new PhortuneCartQuery())
|
$invoices = id(new PhortuneCartQuery())
|
||||||
|
@ -124,7 +129,7 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
|
||||||
->setUser($viewer)
|
->setUser($viewer)
|
||||||
->setCarts($invoices)
|
->setCarts($invoices)
|
||||||
->setIsInvoices(true)
|
->setIsInvoices(true)
|
||||||
->setIsMerchantView($is_merchant)
|
->setIsMerchantView((bool)$authority)
|
||||||
->setHandles($handles);
|
->setHandles($handles);
|
||||||
|
|
||||||
$invoice_header = id(new PHUIHeaderView())
|
$invoice_header = id(new PHUIHeaderView())
|
||||||
|
@ -137,7 +142,7 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
|
||||||
|
|
||||||
private function buildPastInvoices(
|
private function buildPastInvoices(
|
||||||
PhortuneSubscription $subscription,
|
PhortuneSubscription $subscription,
|
||||||
$is_merchant) {
|
$authority) {
|
||||||
$viewer = $this->getViewer();
|
$viewer = $this->getViewer();
|
||||||
|
|
||||||
$invoices = id(new PhortuneCartQuery())
|
$invoices = id(new PhortuneCartQuery())
|
||||||
|
@ -176,7 +181,7 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
|
||||||
$merchant_id = $merchant->getID();
|
$merchant_id = $merchant->getID();
|
||||||
$subscription_id = $subscription->getID();
|
$subscription_id = $subscription->getID();
|
||||||
|
|
||||||
if ($is_merchant) {
|
if ($authority) {
|
||||||
$invoices_uri = $this->getApplicationURI(
|
$invoices_uri = $this->getApplicationURI(
|
||||||
"merchant/{$merchant_id}/subscription/order/{$subscription_id}/");
|
"merchant/{$merchant_id}/subscription/order/{$subscription_id}/");
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -453,8 +453,13 @@ final class PhortuneCart extends PhortuneDAO
|
||||||
return $this->getImplementation()->getCancelURI($this);
|
return $this->getImplementation()->getCancelURI($this);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getDetailURI() {
|
public function getDetailURI(PhortuneMerchant $authority = null) {
|
||||||
return '/phortune/cart/'.$this->getID().'/';
|
if ($authority) {
|
||||||
|
$prefix = 'merchant/'.$authority->getID().'/';
|
||||||
|
} else {
|
||||||
|
$prefix = '';
|
||||||
|
}
|
||||||
|
return '/phortune/'.$prefix.'cart/'.$this->getID().'/';
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getCheckoutURI() {
|
public function getCheckoutURI() {
|
||||||
|
|
Loading…
Add table
Reference in a new issue