1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-10 08:52:39 +01:00

Update remaining Phortune merchant views to use Merchant Authority

Summary: See discussion in D11945. This finishes the rest of the merchant views to respect/use merchant authority in order to interact with objects.

Test Plan:
  - As a merchant: accepted, refunded, updated, browsed orders.
  - As a non-merchant: couldn't do any of that stuff for orders I don't own.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11950
This commit is contained in:
epriestley 2015-03-03 10:38:47 -08:00
parent ab4743b216
commit 2d9206a904
8 changed files with 81 additions and 57 deletions

View file

@ -63,7 +63,6 @@ final class PhabricatorPhortuneApplication extends PhabricatorApplication {
'checkout/' => 'PhortuneCartCheckoutController', 'checkout/' => 'PhortuneCartCheckoutController',
'(?P<action>cancel|refund)/' => 'PhortuneCartCancelController', '(?P<action>cancel|refund)/' => 'PhortuneCartCancelController',
'update/' => 'PhortuneCartUpdateController', 'update/' => 'PhortuneCartUpdateController',
'accept/' => 'PhortuneCartAcceptController',
), ),
'account/' => array( 'account/' => array(
'' => 'PhortuneAccountListController', '' => 'PhortuneAccountListController',

View file

@ -13,22 +13,23 @@ final class PhortuneCartAcceptController
$request = $this->getRequest(); $request = $this->getRequest();
$viewer = $request->getUser(); $viewer = $request->getUser();
// You must control the merchant to accept orders.
$authority = $this->loadMerchantAuthority();
if (!$authority) {
return new Aphront404Response();
}
$cart = id(new PhortuneCartQuery()) $cart = id(new PhortuneCartQuery())
->setViewer($viewer) ->setViewer($viewer)
->withIDs(array($this->id)) ->withIDs(array($this->id))
->withMerchantPHIDs(array($authority->getPHID()))
->needPurchases(true) ->needPurchases(true)
->executeOne(); ->executeOne();
if (!$cart) { if (!$cart) {
return new Aphront404Response(); return new Aphront404Response();
} }
// You must control the merchant to accept orders. $cancel_uri = $cart->getDetailURI($authority);
PhabricatorPolicyFilter::requireCapability(
$viewer,
$cart->getMerchant(),
PhabricatorPolicyCapability::CAN_EDIT);
$cancel_uri = $cart->getDetailURI();
if ($cart->getStatus() !== PhortuneCart::STATUS_REVIEW) { if ($cart->getStatus() !== PhortuneCart::STATUS_REVIEW) {
return $this->newDialog() return $this->newDialog()

View file

@ -15,11 +15,18 @@ final class PhortuneCartCancelController
$request = $this->getRequest(); $request = $this->getRequest();
$viewer = $request->getUser(); $viewer = $request->getUser();
$cart = id(new PhortuneCartQuery()) $authority = $this->loadMerchantAuthority();
$cart_query = id(new PhortuneCartQuery())
->setViewer($viewer) ->setViewer($viewer)
->withIDs(array($this->id)) ->withIDs(array($this->id))
->needPurchases(true) ->needPurchases(true);
->executeOne();
if ($authority) {
$cart_query->withMerchantPHIDs(array($authority->getPHID()));
}
$cart = $cart_query->executeOne();
if (!$cart) { if (!$cart) {
return new Aphront404Response(); return new Aphront404Response();
} }
@ -45,7 +52,7 @@ final class PhortuneCartCancelController
return new Aphront404Response(); return new Aphront404Response();
} }
$cancel_uri = $cart->getDetailURI(); $cancel_uri = $cart->getDetailURI($authority);
$merchant = $cart->getMerchant(); $merchant = $cart->getMerchant();
try { try {

View file

@ -16,18 +16,6 @@ final class PhortuneCartListController
$engine = new PhortuneCartSearchEngine(); $engine = new PhortuneCartSearchEngine();
if ($subscription_id) {
$subscription = id(new PhortuneSubscriptionQuery())
->setViewer($viewer)
->withIDs(array($subscription_id))
->executeOne();
if (!$subscription) {
return new Aphront404Response();
}
$this->subscription = $subscription;
$engine->setSubscription($subscription);
}
if ($merchant_id) { if ($merchant_id) {
$merchant = id(new PhortuneMerchantQuery()) $merchant = id(new PhortuneMerchantQuery())
->setViewer($viewer) ->setViewer($viewer)
@ -63,6 +51,20 @@ final class PhortuneCartListController
return new Aphront404Response(); return new Aphront404Response();
} }
// NOTE: We must process this after processing the merchant authority, so
// it becomes visible in merchant contexts.
if ($subscription_id) {
$subscription = id(new PhortuneSubscriptionQuery())
->setViewer($viewer)
->withIDs(array($subscription_id))
->executeOne();
if (!$subscription) {
return new Aphront404Response();
}
$this->subscription = $subscription;
$engine->setSubscription($subscription);
}
$controller = id(new PhabricatorApplicationSearchController()) $controller = id(new PhabricatorApplicationSearchController())
->setQueryKey($request->getURIData('queryKey')) ->setQueryKey($request->getURIData('queryKey'))
->setSearchEngine($engine) ->setSearchEngine($engine)

View file

@ -13,11 +13,18 @@ final class PhortuneCartUpdateController
$request = $this->getRequest(); $request = $this->getRequest();
$viewer = $request->getUser(); $viewer = $request->getUser();
$cart = id(new PhortuneCartQuery()) $authority = $this->loadMerchantAuthority();
$cart_query = id(new PhortuneCartQuery())
->setViewer($viewer) ->setViewer($viewer)
->withIDs(array($this->id)) ->withIDs(array($this->id))
->needPurchases(true) ->needPurchases(true);
->executeOne();
if ($authority) {
$cart_query->withMerchantPHIDs(array($authority->getPHID()));
}
$cart = $cart_query->executeOne();
if (!$cart) { if (!$cart) {
return new Aphront404Response(); return new Aphront404Response();
} }
@ -59,7 +66,7 @@ final class PhortuneCartUpdateController
} }
return id(new AphrontRedirectResponse()) return id(new AphrontRedirectResponse())
->setURI($cart->getDetailURI()); ->setURI($cart->getDetailURI($authority));
} }
} }

View file

@ -15,9 +15,6 @@ final class PhortuneCartViewController
$authority = $this->loadMerchantAuthority(); $authority = $this->loadMerchantAuthority();
// TODO: This (and the rest of the Cart controllers) need to be updated
// to use merchant URIs and merchant authority.
$cart = id(new PhortuneCartQuery()) $cart = id(new PhortuneCartQuery())
->setViewer($viewer) ->setViewer($viewer)
->withIDs(array($this->id)) ->withIDs(array($this->id))
@ -27,11 +24,6 @@ final class PhortuneCartViewController
return new Aphront404Response(); return new Aphront404Response();
} }
$can_admin = PhabricatorPolicyFilter::hasCapability(
$viewer,
$cart->getMerchant(),
PhabricatorPolicyCapability::CAN_EDIT);
$cart_table = $this->buildCartContentTable($cart); $cart_table = $this->buildCartContentTable($cart);
$can_edit = PhabricatorPolicyFilter::hasCapability( $can_edit = PhabricatorPolicyFilter::hasCapability(
@ -78,7 +70,7 @@ final class PhortuneCartViewController
} }
break; break;
case PhortuneCart::STATUS_REVIEW: case PhortuneCart::STATUS_REVIEW:
if ($can_admin) { if ($authority) {
$errors[] = pht( $errors[] = pht(
'This order has been flagged for manual review. Review the order '. 'This order has been flagged for manual review. Review the order '.
'and choose %s to accept it or %s to reject it.', 'and choose %s to accept it or %s to reject it.',
@ -102,7 +94,7 @@ final class PhortuneCartViewController
$actions = $this->buildActionListView( $actions = $this->buildActionListView(
$cart, $cart,
$can_edit, $can_edit,
$can_admin, $authority,
$resume_uri); $resume_uri);
$properties->setActionList($actions); $properties->setActionList($actions);
@ -228,7 +220,7 @@ final class PhortuneCartViewController
private function buildActionListView( private function buildActionListView(
PhortuneCart $cart, PhortuneCart $cart,
$can_edit, $can_edit,
$can_admin, $authority,
$resume_uri) { $resume_uri) {
$viewer = $this->getRequest()->getUser(); $viewer = $this->getRequest()->getUser();
@ -240,10 +232,16 @@ final class PhortuneCartViewController
$can_cancel = ($can_edit && $cart->canCancelOrder()); $can_cancel = ($can_edit && $cart->canCancelOrder());
$cancel_uri = $this->getApplicationURI("cart/{$id}/cancel/"); if ($authority) {
$refund_uri = $this->getApplicationURI("cart/{$id}/refund/"); $prefix = 'merchant/'.$authority->getID().'/';
$update_uri = $this->getApplicationURI("cart/{$id}/update/"); } else {
$accept_uri = $this->getApplicationURI("cart/{$id}/accept/"); $prefix = '';
}
$cancel_uri = $this->getApplicationURI("{$prefix}cart/{$id}/cancel/");
$refund_uri = $this->getApplicationURI("{$prefix}cart/{$id}/refund/");
$update_uri = $this->getApplicationURI("{$prefix}cart/{$id}/update/");
$accept_uri = $this->getApplicationURI("{$prefix}cart/{$id}/accept/");
$view->addAction( $view->addAction(
id(new PhabricatorActionView()) id(new PhabricatorActionView())
@ -253,7 +251,7 @@ final class PhortuneCartViewController
->setWorkflow(true) ->setWorkflow(true)
->setHref($cancel_uri)); ->setHref($cancel_uri));
if ($can_admin) { if ($authority) {
if ($cart->getStatus() == PhortuneCart::STATUS_REVIEW) { if ($cart->getStatus() == PhortuneCart::STATUS_REVIEW) {
$view->addAction( $view->addAction(
id(new PhabricatorActionView()) id(new PhabricatorActionView())

View file

@ -5,13 +5,18 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
public function handleRequest(AphrontRequest $request) { public function handleRequest(AphrontRequest $request) {
$viewer = $this->getViewer(); $viewer = $this->getViewer();
$is_merchant = (bool)$this->loadMerchantAuthority(); $authority = $this->loadMerchantAuthority();
$subscription = id(new PhortuneSubscriptionQuery()) $subscription_query = id(new PhortuneSubscriptionQuery())
->setViewer($viewer) ->setViewer($viewer)
->withIDs(array($request->getURIData('id'))) ->withIDs(array($request->getURIData('id')))
->needTriggers(true) ->needTriggers(true);
->executeOne();
if ($authority) {
$subscription_query->withMerchantPHIDs(array($authority->getPHID()));
}
$subscription = $subscription_query->executeOne();
if (!$subscription) { if (!$subscription) {
return new Aphront404Response(); return new Aphront404Response();
} }
@ -48,7 +53,7 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
$crumbs = $this->buildApplicationCrumbs(); $crumbs = $this->buildApplicationCrumbs();
if ($is_merchant) { if ($authority) {
$this->addMerchantCrumb($crumbs, $merchant); $this->addMerchantCrumb($crumbs, $merchant);
} else { } else {
$this->addAccountCrumb($crumbs, $account); $this->addAccountCrumb($crumbs, $account);
@ -83,8 +88,8 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
->setHeader($header) ->setHeader($header)
->addPropertyList($properties); ->addPropertyList($properties);
$due_box = $this->buildDueInvoices($subscription, $is_merchant); $due_box = $this->buildDueInvoices($subscription, $authority);
$invoice_box = $this->buildPastInvoices($subscription, $is_merchant); $invoice_box = $this->buildPastInvoices($subscription, $authority);
return $this->buildApplicationPage( return $this->buildApplicationPage(
array( array(
@ -100,7 +105,7 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
private function buildDueInvoices( private function buildDueInvoices(
PhortuneSubscription $subscription, PhortuneSubscription $subscription,
$is_merchant) { $authority) {
$viewer = $this->getViewer(); $viewer = $this->getViewer();
$invoices = id(new PhortuneCartQuery()) $invoices = id(new PhortuneCartQuery())
@ -124,7 +129,7 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
->setUser($viewer) ->setUser($viewer)
->setCarts($invoices) ->setCarts($invoices)
->setIsInvoices(true) ->setIsInvoices(true)
->setIsMerchantView($is_merchant) ->setIsMerchantView((bool)$authority)
->setHandles($handles); ->setHandles($handles);
$invoice_header = id(new PHUIHeaderView()) $invoice_header = id(new PHUIHeaderView())
@ -137,7 +142,7 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
private function buildPastInvoices( private function buildPastInvoices(
PhortuneSubscription $subscription, PhortuneSubscription $subscription,
$is_merchant) { $authority) {
$viewer = $this->getViewer(); $viewer = $this->getViewer();
$invoices = id(new PhortuneCartQuery()) $invoices = id(new PhortuneCartQuery())
@ -176,7 +181,7 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
$merchant_id = $merchant->getID(); $merchant_id = $merchant->getID();
$subscription_id = $subscription->getID(); $subscription_id = $subscription->getID();
if ($is_merchant) { if ($authority) {
$invoices_uri = $this->getApplicationURI( $invoices_uri = $this->getApplicationURI(
"merchant/{$merchant_id}/subscription/order/{$subscription_id}/"); "merchant/{$merchant_id}/subscription/order/{$subscription_id}/");
} else { } else {

View file

@ -453,8 +453,13 @@ final class PhortuneCart extends PhortuneDAO
return $this->getImplementation()->getCancelURI($this); return $this->getImplementation()->getCancelURI($this);
} }
public function getDetailURI() { public function getDetailURI(PhortuneMerchant $authority = null) {
return '/phortune/cart/'.$this->getID().'/'; if ($authority) {
$prefix = 'merchant/'.$authority->getID().'/';
} else {
$prefix = '';
}
return '/phortune/'.$prefix.'cart/'.$this->getID().'/';
} }
public function getCheckoutURI() { public function getCheckoutURI() {