Add group privilege checking to the Shipping Drivers
This commit is contained in:
Colin Kuskie
parent
0a004d72a0
commit
a85924d07b
9 changed files with 166 additions and 20 deletions
|
|
@ -14,7 +14,8 @@
|
|||
- fixed: In the Asset Manager, only display a Select All button if there is more than one asset.
|
||||
- fixed: Add a progress indicator for long running functions so the user knows something is happening.
|
||||
- fixed: In the Asset Manager, if you pasted an package or prototype if returned you to the page instead the manager.
|
||||
- fixed: #10551: paypal (link to section of paypal website to enter in WebGUI information)
|
||||
- fixed #10551: paypal (link to section of paypal website to enter in WebGUI information)
|
||||
- fixed #10550: shipping plugins have no privileges
|
||||
|
||||
7.7.10
|
||||
- Made a change to LDAP auth that adds an OR to that query so that it also searches for a row with fieldData REGEXP '^uid=(value-from-ldap-directory-server),'. (Wes Morgan)
|
||||
|
|
|
|||
|
|
@ -22,6 +22,8 @@ use Getopt::Long;
|
|||
use WebGUI::Session;
|
||||
use WebGUI::Storage;
|
||||
use WebGUI::Asset;
|
||||
use WebGUI::Shop::Ship;
|
||||
use WebGUI::Shop::ShipDriver;
|
||||
|
||||
|
||||
my $toVersion = '7.7.11';
|
||||
|
|
@ -33,6 +35,7 @@ my $session = start(); # this line required
|
|||
# upgrade functions go here
|
||||
setDefaultIcalInterval($session);
|
||||
makeSurveyResponsesVersionAware($session);
|
||||
addShipperGroupToUse($session);
|
||||
|
||||
finish($session); # this line required
|
||||
|
||||
|
|
@ -56,9 +59,25 @@ sub setDefaultIcalInterval {
|
|||
print "DONE!\n" unless $quiet;
|
||||
}
|
||||
|
||||
#----------------------------------------------------------------------------
|
||||
sub addShipperGroupToUse {
|
||||
my $session = shift;
|
||||
print "\tAdd Group to Use for all existing shipping drivers... " unless $quiet;
|
||||
my $ship = WebGUI::Shop::Ship->new($session);
|
||||
my $shippers = $ship->getShippers($session);
|
||||
foreach my $shipper (@{ $shippers }) {
|
||||
my $options = $shipper->get();
|
||||
$options->{groupToUse} = 7;
|
||||
$shipper->update($options);
|
||||
}
|
||||
# and here's our code
|
||||
print "DONE!\n" unless $quiet;
|
||||
}
|
||||
|
||||
#----------------------------------------------------------------------------
|
||||
sub makeSurveyResponsesVersionAware {
|
||||
my $session = shift;
|
||||
print "\tAdding revisionDate column to Survey_response table... " unless $quiet;
|
||||
print "\tAdding revisionDate column to Survey_response table...\n" unless $quiet;
|
||||
$session->db->write("alter table Survey_response add column revisionDate bigint(20) not null default 0");
|
||||
|
||||
print "\tDefaulting revisionDate on existing responses to current latest revision... " unless $quiet;
|
||||
|
|
|
|||
|
|
@ -125,7 +125,8 @@ sub canUse {
|
|||
}
|
||||
return $userObject->isInGroup($self->get('groupToUse'));
|
||||
}
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 className ( )
|
||||
|
||||
|
|
|
|||
|
|
@ -104,6 +104,7 @@ sub getOptions {
|
|||
$self->session->log->warn($e->error);
|
||||
next SHIPPER;
|
||||
}
|
||||
next SHIPPER unless $shipper->canUse;
|
||||
$options{$shipper->getId} = {
|
||||
label => $shipper->get("label"),
|
||||
price => $price,
|
||||
|
|
@ -151,8 +152,10 @@ sub getShippers {
|
|||
my @drivers = ();
|
||||
my $sth = $self->session->db->prepare('select shipperId from shipper');
|
||||
$sth->execute();
|
||||
while (my $driver = $sth->hashRef()) {
|
||||
push @drivers, $self->getShipper($driver->{shipperId});
|
||||
SHIPPER: while (my $driver = $sth->hashRef()) {
|
||||
my $shipper = $self->getShipper($driver->{shipperId});
|
||||
next SHIPPER unless $shipper->canUse;
|
||||
push @drivers, $shipper;
|
||||
}
|
||||
$sth->finish;
|
||||
return \@drivers;
|
||||
|
|
|
|||
|
|
@ -50,6 +50,49 @@ sub calculate {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 canUse ( user )
|
||||
|
||||
Checks to see if the user can use this Payment Driver.
|
||||
|
||||
=head3 user
|
||||
|
||||
A hashref containing user information. The user referenced will be checked
|
||||
to see if they can use the Shipping Driver. If missing, then $session->user
|
||||
will be used.
|
||||
|
||||
=head4 userId
|
||||
|
||||
A userId used to build a user object.
|
||||
|
||||
=head4 user
|
||||
|
||||
A user object that will be used directly.
|
||||
|
||||
=cut
|
||||
|
||||
sub canUse {
|
||||
my $self = shift;
|
||||
my $user = shift;
|
||||
my $userObject;
|
||||
if (!defined $user or ref($user) ne 'HASH') {
|
||||
$userObject = $self->session->user;
|
||||
}
|
||||
else {
|
||||
if (exists $user->{user}) {
|
||||
$userObject = $user->{user};
|
||||
}
|
||||
elsif (exists $user->{userId}) {
|
||||
$userObject = WebGUI::User->new($self->session, $user->{userId});
|
||||
}
|
||||
else {
|
||||
WebGUI::Error::InvalidParam->throw(error => q{Must provide user information})
|
||||
}
|
||||
}
|
||||
return $userObject->isInGroup($self->get('groupToUse'));
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 create ( $session, $options )
|
||||
|
||||
Constructor for new WebGUI::Shop::ShipperDriver objects. Returns a WebGUI::Shop::ShipperDriver object.
|
||||
|
|
@ -114,6 +157,12 @@ sub definition {
|
|||
hoverHelp => $i18n->get('enabled help'),
|
||||
defaultValue => 1,
|
||||
},
|
||||
groupToUse => {
|
||||
fieldType => 'group',
|
||||
label => $i18n->get('who can use'),
|
||||
hoverHelp => $i18n->get('who can use help'),
|
||||
defaultValue => 7,
|
||||
},
|
||||
);
|
||||
my %properties = (
|
||||
name => 'Shipper Driver',
|
||||
|
|
@ -295,7 +344,8 @@ Accessor for the session object. Returns the session object.
|
|||
|
||||
=head2 update ( $options )
|
||||
|
||||
Setter for user configurable options in the ship objects.
|
||||
Setter for user configurable options in the ship objects. It does not support updating subsets
|
||||
of the options. If a currently set option is missing from the set of passed in options, it will be lost.
|
||||
|
||||
=head4 $options
|
||||
|
||||
|
|
|
|||
|
|
@ -26,6 +26,18 @@ our $I18N = {
|
|||
lastUpdated => 1203569582,
|
||||
},
|
||||
|
||||
'who can use' => {
|
||||
message => q|Group to use this shipping driver|,
|
||||
lastUpdate => 0,
|
||||
context => q|Label for the group to use option.|,
|
||||
},
|
||||
|
||||
'who can use help' => {
|
||||
message => q|Specifies which group is allowed to use this shipping driver.|,
|
||||
lastUpdated => 0,
|
||||
context => q|Hover help for the group to use option.|,
|
||||
},
|
||||
|
||||
};
|
||||
|
||||
1;
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ use Test::More;
|
|||
use Test::Deep;
|
||||
use JSON;
|
||||
use HTML::Form;
|
||||
use Data::Dumper;
|
||||
|
||||
use WebGUI::Test; # Must use this before any other WebGUI modules
|
||||
use WebGUI::Session;
|
||||
|
|
@ -149,7 +150,7 @@ cmp_deeply(
|
|||
'addShipper croaks without options to build a object with',
|
||||
);
|
||||
|
||||
$driver = $ship->addShipper('WebGUI::Shop::ShipDriver::FlatRate', { enabled=>1, label=>q{Jake's Jailbird Airmail}});
|
||||
$driver = $ship->addShipper('WebGUI::Shop::ShipDriver::FlatRate', { enabled=>1, label=>q{Jake's Jailbird Airmail}, groupToUse=>7});
|
||||
isa_ok($driver, 'WebGUI::Shop::ShipDriver::FlatRate', 'added a new, configured FlatRate driver');
|
||||
|
||||
#######################################################################
|
||||
|
|
@ -159,9 +160,10 @@ isa_ok($driver, 'WebGUI::Shop::ShipDriver::FlatRate', 'added a new, configured F
|
|||
#######################################################################
|
||||
|
||||
my $shippers;
|
||||
$driver2 = $ship->addShipper('WebGUI::Shop::ShipDriver::FlatRate', { enabled=>0, label=>q{Tommy's cut-rate shipping}});
|
||||
$driver2 = $ship->addShipper('WebGUI::Shop::ShipDriver::FlatRate', { enabled=>0, label=>q{Tommy's cut-rate shipping}, groupToUse=>7});
|
||||
|
||||
$shippers = $ship->getShippers();
|
||||
|
||||
is(scalar @{$shippers}, 3, 'getShippers: got both shippers, even though one is not enabled');
|
||||
|
||||
my @shipperNames = map { $_->get("label") } @{ $shippers };
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ my $session = WebGUI::Test->session;
|
|||
#----------------------------------------------------------------------------
|
||||
# Tests
|
||||
|
||||
my $tests = 37;
|
||||
my $tests = 44;
|
||||
plan tests => 1 + $tests;
|
||||
|
||||
#----------------------------------------------------------------------------
|
||||
|
|
@ -84,7 +84,13 @@ cmp_deeply(
|
|||
label => ignore(),
|
||||
hoverHelp => ignore(),
|
||||
defaultValue => 1,
|
||||
}
|
||||
},
|
||||
groupToUse => {
|
||||
fieldType => 'group',
|
||||
label => ignore(),
|
||||
hoverHelp => ignore(),
|
||||
defaultValue => 7,
|
||||
},
|
||||
}
|
||||
} ],
|
||||
,
|
||||
|
|
@ -151,8 +157,9 @@ cmp_deeply(
|
|||
);
|
||||
|
||||
my $options = {
|
||||
label => 'Slow and dangerous',
|
||||
enabled => 1,
|
||||
label => 'Slow and dangerous',
|
||||
enabled => 1,
|
||||
groupToUse => 7,
|
||||
};
|
||||
|
||||
$driver = WebGUI::Shop::ShipDriver->create( $session, $options );
|
||||
|
|
@ -174,7 +181,7 @@ cmp_deeply(
|
|||
{
|
||||
shipperId => $driver->getId,
|
||||
className => ref($driver),
|
||||
options => q|{"label":"Slow and dangerous","enabled":1}|,
|
||||
options => q|{"groupToUse":7,"label":"Slow and dangerous","enabled":1}|,
|
||||
},
|
||||
'Correct data written to the db',
|
||||
);
|
||||
|
|
@ -216,7 +223,7 @@ my @forms = HTML::Form->parse($html, 'http://www.webgui.org');
|
|||
is (scalar @forms, 1, 'getEditForm generates just 1 form');
|
||||
|
||||
my @inputs = $forms[0]->inputs;
|
||||
is (scalar @inputs, 7, 'getEditForm: the form has 7 controls');
|
||||
is (scalar @inputs, 9, 'getEditForm: the form has 9 controls');
|
||||
|
||||
my @interestingFeatures;
|
||||
foreach my $input (@inputs) {
|
||||
|
|
@ -256,6 +263,14 @@ cmp_deeply(
|
|||
name => 'enabled',
|
||||
type => 'radio',
|
||||
},
|
||||
{
|
||||
name => 'groupToUse',
|
||||
type => 'option',
|
||||
},
|
||||
{
|
||||
name => '__groupToUse_isIn',
|
||||
type => 'hidden',
|
||||
},
|
||||
],
|
||||
'getEditForm made the correct form with all the elements'
|
||||
|
||||
|
|
@ -306,12 +321,10 @@ cmp_deeply(
|
|||
|
||||
my $driverCopy = WebGUI::Shop::ShipDriver->new($session, $driver->getId);
|
||||
|
||||
is($driver->getId, $driverCopy->getId, 'same id');
|
||||
is(ref $driver, ref $driverCopy, 'same className');
|
||||
is($driver->getId, $driverCopy->getId, 'same id');
|
||||
is(ref $driver, ref $driverCopy, 'same className');
|
||||
cmp_deeply($driver->get, $driverCopy->get, 'same options');
|
||||
|
||||
|
||||
|
||||
#######################################################################
|
||||
#
|
||||
# calculate
|
||||
|
|
@ -323,7 +336,7 @@ like ($@, qr/^You must override the calculate method/, 'calculate croaks to forc
|
|||
|
||||
#######################################################################
|
||||
#
|
||||
# update
|
||||
# update, get
|
||||
#
|
||||
#######################################################################
|
||||
|
||||
|
|
@ -338,6 +351,37 @@ cmp_deeply(
|
|||
'update takes exception to not giving it a hashref of options',
|
||||
);
|
||||
|
||||
isa_ok( $driver->get(), 'HASH', 'get returns a hashref if called with no param');
|
||||
|
||||
use Data::Dumper;
|
||||
diag Dumper $driver->get();
|
||||
|
||||
is($driver->get('groupToUse'), 7, '... default group is 7');
|
||||
|
||||
$options = $driver->get();
|
||||
$options->{groupToUse} = 3;
|
||||
|
||||
is($driver->get('groupToUse'), 7, '... get returns a safe hashref');
|
||||
|
||||
$driver->update($options);
|
||||
is($driver->get('groupToUse'), 3, '... update groupToUse to 3');
|
||||
|
||||
#######################################################################
|
||||
#
|
||||
# canUse
|
||||
#
|
||||
#######################################################################
|
||||
|
||||
$session->user({userId => 1});
|
||||
ok(! $driver->canUse, 'canUse, Visitor cannot use this driver since it is set to Admin');
|
||||
$session->user({userId => 3});
|
||||
ok( $driver->canUse, '... Admin can use this driver');
|
||||
|
||||
$options = $driver->get();
|
||||
$options->{groupToUse} = 7;
|
||||
$session->user({userId => 1});
|
||||
ok(! $driver->canUse, '... reset to group Everyone, and Visitor can use it');
|
||||
|
||||
#######################################################################
|
||||
#
|
||||
# delete
|
||||
|
|
|
|||
|
|
@ -116,6 +116,12 @@ cmp_deeply(
|
|||
hoverHelp => ignore(),
|
||||
defaultValue => 1,
|
||||
},
|
||||
groupToUse => {
|
||||
fieldType => 'group',
|
||||
label => ignore(),
|
||||
hoverHelp => ignore(),
|
||||
defaultValue => 7,
|
||||
},
|
||||
}
|
||||
} ],
|
||||
'Definition returns an array of hashrefs',
|
||||
|
|
@ -167,7 +173,7 @@ my @forms = HTML::Form->parse($html, 'http://www.webgui.org');
|
|||
is (scalar @forms, 1, 'getEditForm generates just 1 form');
|
||||
|
||||
my @inputs = $forms[0]->inputs;
|
||||
is (scalar @inputs, 11, 'getEditForm: the form has 11 controls');
|
||||
is (scalar @inputs, 13, 'getEditForm: the form has 13 controls');
|
||||
|
||||
my @interestingFeatures;
|
||||
foreach my $input (@inputs) {
|
||||
|
|
@ -207,6 +213,14 @@ cmp_deeply(
|
|||
name => 'enabled',
|
||||
type => 'radio',
|
||||
},
|
||||
{
|
||||
name => 'groupToUse',
|
||||
type => 'option',
|
||||
},
|
||||
{
|
||||
name => '__groupToUse_isIn',
|
||||
type => 'hidden',
|
||||
},
|
||||
{
|
||||
name => 'flatFee',
|
||||
type => 'text',
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue