1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-11 23:31:03 +01:00

Update remaining Phortune merchant views to use Merchant Authority

Summary: See discussion in D11945. This finishes the rest of the merchant views to respect/use merchant authority in order to interact with objects.

Test Plan:
  - As a merchant: accepted, refunded, updated, browsed orders.
  - As a non-merchant: couldn't do any of that stuff for orders I don't own.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11950
This commit is contained in:
epriestley 2015-03-03 10:38:47 -08:00
parent ab4743b216
commit 2d9206a904
8 changed files with 81 additions and 57 deletions

View file

@ -63,7 +63,6 @@ final class PhabricatorPhortuneApplication extends PhabricatorApplication {
'checkout/' => 'PhortuneCartCheckoutController',
'(?P<action>cancel|refund)/' => 'PhortuneCartCancelController',
'update/' => 'PhortuneCartUpdateController',
'accept/' => 'PhortuneCartAcceptController',
),
'account/' => array(
'' => 'PhortuneAccountListController',

View file

@ -13,22 +13,23 @@ final class PhortuneCartAcceptController
$request = $this->getRequest();
$viewer = $request->getUser();
// You must control the merchant to accept orders.
$authority = $this->loadMerchantAuthority();
if (!$authority) {
return new Aphront404Response();
}
$cart = id(new PhortuneCartQuery())
->setViewer($viewer)
->withIDs(array($this->id))
->withMerchantPHIDs(array($authority->getPHID()))
->needPurchases(true)
->executeOne();
if (!$cart) {
return new Aphront404Response();
}
// You must control the merchant to accept orders.
PhabricatorPolicyFilter::requireCapability(
$viewer,
$cart->getMerchant(),
PhabricatorPolicyCapability::CAN_EDIT);
$cancel_uri = $cart->getDetailURI();
$cancel_uri = $cart->getDetailURI($authority);
if ($cart->getStatus() !== PhortuneCart::STATUS_REVIEW) {
return $this->newDialog()

View file

@ -15,11 +15,18 @@ final class PhortuneCartCancelController
$request = $this->getRequest();
$viewer = $request->getUser();
$cart = id(new PhortuneCartQuery())
$authority = $this->loadMerchantAuthority();
$cart_query = id(new PhortuneCartQuery())
->setViewer($viewer)
->withIDs(array($this->id))
->needPurchases(true)
->executeOne();
->needPurchases(true);
if ($authority) {
$cart_query->withMerchantPHIDs(array($authority->getPHID()));
}
$cart = $cart_query->executeOne();
if (!$cart) {
return new Aphront404Response();
}
@ -45,7 +52,7 @@ final class PhortuneCartCancelController
return new Aphront404Response();
}
$cancel_uri = $cart->getDetailURI();
$cancel_uri = $cart->getDetailURI($authority);
$merchant = $cart->getMerchant();
try {

View file

@ -16,18 +16,6 @@ final class PhortuneCartListController
$engine = new PhortuneCartSearchEngine();
if ($subscription_id) {
$subscription = id(new PhortuneSubscriptionQuery())
->setViewer($viewer)
->withIDs(array($subscription_id))
->executeOne();
if (!$subscription) {
return new Aphront404Response();
}
$this->subscription = $subscription;
$engine->setSubscription($subscription);
}
if ($merchant_id) {
$merchant = id(new PhortuneMerchantQuery())
->setViewer($viewer)
@ -63,6 +51,20 @@ final class PhortuneCartListController
return new Aphront404Response();
}
// NOTE: We must process this after processing the merchant authority, so
// it becomes visible in merchant contexts.
if ($subscription_id) {
$subscription = id(new PhortuneSubscriptionQuery())
->setViewer($viewer)
->withIDs(array($subscription_id))
->executeOne();
if (!$subscription) {
return new Aphront404Response();
}
$this->subscription = $subscription;
$engine->setSubscription($subscription);
}
$controller = id(new PhabricatorApplicationSearchController())
->setQueryKey($request->getURIData('queryKey'))
->setSearchEngine($engine)

View file

@ -13,11 +13,18 @@ final class PhortuneCartUpdateController
$request = $this->getRequest();
$viewer = $request->getUser();
$cart = id(new PhortuneCartQuery())
$authority = $this->loadMerchantAuthority();
$cart_query = id(new PhortuneCartQuery())
->setViewer($viewer)
->withIDs(array($this->id))
->needPurchases(true)
->executeOne();
->needPurchases(true);
if ($authority) {
$cart_query->withMerchantPHIDs(array($authority->getPHID()));
}
$cart = $cart_query->executeOne();
if (!$cart) {
return new Aphront404Response();
}
@ -59,7 +66,7 @@ final class PhortuneCartUpdateController
}
return id(new AphrontRedirectResponse())
->setURI($cart->getDetailURI());
->setURI($cart->getDetailURI($authority));
}
}

View file

@ -15,9 +15,6 @@ final class PhortuneCartViewController
$authority = $this->loadMerchantAuthority();
// TODO: This (and the rest of the Cart controllers) need to be updated
// to use merchant URIs and merchant authority.
$cart = id(new PhortuneCartQuery())
->setViewer($viewer)
->withIDs(array($this->id))
@ -27,11 +24,6 @@ final class PhortuneCartViewController
return new Aphront404Response();
}
$can_admin = PhabricatorPolicyFilter::hasCapability(
$viewer,
$cart->getMerchant(),
PhabricatorPolicyCapability::CAN_EDIT);
$cart_table = $this->buildCartContentTable($cart);
$can_edit = PhabricatorPolicyFilter::hasCapability(
@ -78,7 +70,7 @@ final class PhortuneCartViewController
}
break;
case PhortuneCart::STATUS_REVIEW:
if ($can_admin) {
if ($authority) {
$errors[] = pht(
'This order has been flagged for manual review. Review the order '.
'and choose %s to accept it or %s to reject it.',
@ -102,7 +94,7 @@ final class PhortuneCartViewController
$actions = $this->buildActionListView(
$cart,
$can_edit,
$can_admin,
$authority,
$resume_uri);
$properties->setActionList($actions);
@ -228,7 +220,7 @@ final class PhortuneCartViewController
private function buildActionListView(
PhortuneCart $cart,
$can_edit,
$can_admin,
$authority,
$resume_uri) {
$viewer = $this->getRequest()->getUser();
@ -240,10 +232,16 @@ final class PhortuneCartViewController
$can_cancel = ($can_edit && $cart->canCancelOrder());
$cancel_uri = $this->getApplicationURI("cart/{$id}/cancel/");
$refund_uri = $this->getApplicationURI("cart/{$id}/refund/");
$update_uri = $this->getApplicationURI("cart/{$id}/update/");
$accept_uri = $this->getApplicationURI("cart/{$id}/accept/");
if ($authority) {
$prefix = 'merchant/'.$authority->getID().'/';
} else {
$prefix = '';
}
$cancel_uri = $this->getApplicationURI("{$prefix}cart/{$id}/cancel/");
$refund_uri = $this->getApplicationURI("{$prefix}cart/{$id}/refund/");
$update_uri = $this->getApplicationURI("{$prefix}cart/{$id}/update/");
$accept_uri = $this->getApplicationURI("{$prefix}cart/{$id}/accept/");
$view->addAction(
id(new PhabricatorActionView())
@ -253,7 +251,7 @@ final class PhortuneCartViewController
->setWorkflow(true)
->setHref($cancel_uri));
if ($can_admin) {
if ($authority) {
if ($cart->getStatus() == PhortuneCart::STATUS_REVIEW) {
$view->addAction(
id(new PhabricatorActionView())

View file

@ -5,13 +5,18 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
public function handleRequest(AphrontRequest $request) {
$viewer = $this->getViewer();
$is_merchant = (bool)$this->loadMerchantAuthority();
$authority = $this->loadMerchantAuthority();
$subscription = id(new PhortuneSubscriptionQuery())
$subscription_query = id(new PhortuneSubscriptionQuery())
->setViewer($viewer)
->withIDs(array($request->getURIData('id')))
->needTriggers(true)
->executeOne();
->needTriggers(true);
if ($authority) {
$subscription_query->withMerchantPHIDs(array($authority->getPHID()));
}
$subscription = $subscription_query->executeOne();
if (!$subscription) {
return new Aphront404Response();
}
@ -48,7 +53,7 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
$crumbs = $this->buildApplicationCrumbs();
if ($is_merchant) {
if ($authority) {
$this->addMerchantCrumb($crumbs, $merchant);
} else {
$this->addAccountCrumb($crumbs, $account);
@ -83,8 +88,8 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
->setHeader($header)
->addPropertyList($properties);
$due_box = $this->buildDueInvoices($subscription, $is_merchant);
$invoice_box = $this->buildPastInvoices($subscription, $is_merchant);
$due_box = $this->buildDueInvoices($subscription, $authority);
$invoice_box = $this->buildPastInvoices($subscription, $authority);
return $this->buildApplicationPage(
array(
@ -100,7 +105,7 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
private function buildDueInvoices(
PhortuneSubscription $subscription,
$is_merchant) {
$authority) {
$viewer = $this->getViewer();
$invoices = id(new PhortuneCartQuery())
@ -124,7 +129,7 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
->setUser($viewer)
->setCarts($invoices)
->setIsInvoices(true)
->setIsMerchantView($is_merchant)
->setIsMerchantView((bool)$authority)
->setHandles($handles);
$invoice_header = id(new PHUIHeaderView())
@ -137,7 +142,7 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
private function buildPastInvoices(
PhortuneSubscription $subscription,
$is_merchant) {
$authority) {
$viewer = $this->getViewer();
$invoices = id(new PhortuneCartQuery())
@ -176,7 +181,7 @@ final class PhortuneSubscriptionViewController extends PhortuneController {
$merchant_id = $merchant->getID();
$subscription_id = $subscription->getID();
if ($is_merchant) {
if ($authority) {
$invoices_uri = $this->getApplicationURI(
"merchant/{$merchant_id}/subscription/order/{$subscription_id}/");
} else {

View file

@ -453,8 +453,13 @@ final class PhortuneCart extends PhortuneDAO
return $this->getImplementation()->getCancelURI($this);
}
public function getDetailURI() {
return '/phortune/cart/'.$this->getID().'/';
public function getDetailURI(PhortuneMerchant $authority = null) {
if ($authority) {
$prefix = 'merchant/'.$authority->getID().'/';
} else {
$prefix = '';
}
return '/phortune/'.$prefix.'cart/'.$this->getID().'/';
}
public function getCheckoutURI() {