From a85924d07b1a4137856e97c0a05c9ef40a088e30 Mon Sep 17 00:00:00 2001 From: Colin Kuskie Date: Thu, 18 Jun 2009 23:24:33 +0000 Subject: [PATCH] Add group privilege checking to the Shipping Drivers --- docs/changelog/7.x.x.txt | 3 +- docs/upgrades/upgrade_7.7.10-7.7.11.pl | 21 +++++++- lib/WebGUI/Shop/PayDriver.pm | 3 +- lib/WebGUI/Shop/Ship.pm | 7 ++- lib/WebGUI/Shop/ShipDriver.pm | 52 +++++++++++++++++++- lib/WebGUI/i18n/English/ShipDriver.pm | 12 +++++ t/Shop/Ship.t | 6 ++- t/Shop/ShipDriver.t | 66 +++++++++++++++++++++----- t/Shop/ShipDriver/FlatRate.t | 16 ++++++- 9 files changed, 166 insertions(+), 20 deletions(-) diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt index 064381aaa..b688112cd 100644 --- a/docs/changelog/7.x.x.txt +++ b/docs/changelog/7.x.x.txt @@ -14,7 +14,8 @@ - fixed: In the Asset Manager, only display a Select All button if there is more than one asset. - fixed: Add a progress indicator for long running functions so the user knows something is happening. - fixed: In the Asset Manager, if you pasted an package or prototype if returned you to the page instead the manager. - - fixed: #10551: paypal (link to section of paypal website to enter in WebGUI information) + - fixed #10551: paypal (link to section of paypal website to enter in WebGUI information) + - fixed #10550: shipping plugins have no privileges 7.7.10 - Made a change to LDAP auth that adds an OR to that query so that it also searches for a row with fieldData REGEXP '^uid=(value-from-ldap-directory-server),'. (Wes Morgan) diff --git a/docs/upgrades/upgrade_7.7.10-7.7.11.pl b/docs/upgrades/upgrade_7.7.10-7.7.11.pl index d95096d86..5ce570993 100644 --- a/docs/upgrades/upgrade_7.7.10-7.7.11.pl +++ b/docs/upgrades/upgrade_7.7.10-7.7.11.pl @@ -22,6 +22,8 @@ use Getopt::Long; use WebGUI::Session; use WebGUI::Storage; use WebGUI::Asset; +use WebGUI::Shop::Ship; +use WebGUI::Shop::ShipDriver; my $toVersion = '7.7.11'; @@ -33,6 +35,7 @@ my $session = start(); # this line required # upgrade functions go here setDefaultIcalInterval($session); makeSurveyResponsesVersionAware($session); +addShipperGroupToUse($session); finish($session); # this line required @@ -56,9 +59,25 @@ sub setDefaultIcalInterval { print "DONE!\n" unless $quiet; } +#---------------------------------------------------------------------------- +sub addShipperGroupToUse { + my $session = shift; + print "\tAdd Group to Use for all existing shipping drivers... " unless $quiet; + my $ship = WebGUI::Shop::Ship->new($session); + my $shippers = $ship->getShippers($session); + foreach my $shipper (@{ $shippers }) { + my $options = $shipper->get(); + $options->{groupToUse} = 7; + $shipper->update($options); + } + # and here's our code + print "DONE!\n" unless $quiet; +} + +#---------------------------------------------------------------------------- sub makeSurveyResponsesVersionAware { my $session = shift; - print "\tAdding revisionDate column to Survey_response table... " unless $quiet; + print "\tAdding revisionDate column to Survey_response table...\n" unless $quiet; $session->db->write("alter table Survey_response add column revisionDate bigint(20) not null default 0"); print "\tDefaulting revisionDate on existing responses to current latest revision... " unless $quiet; diff --git a/lib/WebGUI/Shop/PayDriver.pm b/lib/WebGUI/Shop/PayDriver.pm index a0b4ca2ab..5c772c45f 100644 --- a/lib/WebGUI/Shop/PayDriver.pm +++ b/lib/WebGUI/Shop/PayDriver.pm @@ -125,7 +125,8 @@ sub canUse { } return $userObject->isInGroup($self->get('groupToUse')); } - #------------------------------------------------------------------- + +#------------------------------------------------------------------- =head2 className ( ) diff --git a/lib/WebGUI/Shop/Ship.pm b/lib/WebGUI/Shop/Ship.pm index 7a1e4627c..0e25eacc4 100644 --- a/lib/WebGUI/Shop/Ship.pm +++ b/lib/WebGUI/Shop/Ship.pm @@ -104,6 +104,7 @@ sub getOptions { $self->session->log->warn($e->error); next SHIPPER; } + next SHIPPER unless $shipper->canUse; $options{$shipper->getId} = { label => $shipper->get("label"), price => $price, @@ -151,8 +152,10 @@ sub getShippers { my @drivers = (); my $sth = $self->session->db->prepare('select shipperId from shipper'); $sth->execute(); - while (my $driver = $sth->hashRef()) { - push @drivers, $self->getShipper($driver->{shipperId}); + SHIPPER: while (my $driver = $sth->hashRef()) { + my $shipper = $self->getShipper($driver->{shipperId}); + next SHIPPER unless $shipper->canUse; + push @drivers, $shipper; } $sth->finish; return \@drivers; diff --git a/lib/WebGUI/Shop/ShipDriver.pm b/lib/WebGUI/Shop/ShipDriver.pm index 7fe08e75a..dce9d0917 100644 --- a/lib/WebGUI/Shop/ShipDriver.pm +++ b/lib/WebGUI/Shop/ShipDriver.pm @@ -50,6 +50,49 @@ sub calculate { #------------------------------------------------------------------- +=head2 canUse ( user ) + +Checks to see if the user can use this Payment Driver. + +=head3 user + +A hashref containing user information. The user referenced will be checked +to see if they can use the Shipping Driver. If missing, then $session->user +will be used. + +=head4 userId + +A userId used to build a user object. + +=head4 user + +A user object that will be used directly. + +=cut + +sub canUse { + my $self = shift; + my $user = shift; + my $userObject; + if (!defined $user or ref($user) ne 'HASH') { + $userObject = $self->session->user; + } + else { + if (exists $user->{user}) { + $userObject = $user->{user}; + } + elsif (exists $user->{userId}) { + $userObject = WebGUI::User->new($self->session, $user->{userId}); + } + else { + WebGUI::Error::InvalidParam->throw(error => q{Must provide user information}) + } + } + return $userObject->isInGroup($self->get('groupToUse')); +} + +#------------------------------------------------------------------- + =head2 create ( $session, $options ) Constructor for new WebGUI::Shop::ShipperDriver objects. Returns a WebGUI::Shop::ShipperDriver object. @@ -114,6 +157,12 @@ sub definition { hoverHelp => $i18n->get('enabled help'), defaultValue => 1, }, + groupToUse => { + fieldType => 'group', + label => $i18n->get('who can use'), + hoverHelp => $i18n->get('who can use help'), + defaultValue => 7, + }, ); my %properties = ( name => 'Shipper Driver', @@ -295,7 +344,8 @@ Accessor for the session object. Returns the session object. =head2 update ( $options ) -Setter for user configurable options in the ship objects. +Setter for user configurable options in the ship objects. It does not support updating subsets +of the options. If a currently set option is missing from the set of passed in options, it will be lost. =head4 $options diff --git a/lib/WebGUI/i18n/English/ShipDriver.pm b/lib/WebGUI/i18n/English/ShipDriver.pm index d5aa44be8..0f437321c 100644 --- a/lib/WebGUI/i18n/English/ShipDriver.pm +++ b/lib/WebGUI/i18n/English/ShipDriver.pm @@ -26,6 +26,18 @@ our $I18N = { lastUpdated => 1203569582, }, + 'who can use' => { + message => q|Group to use this shipping driver|, + lastUpdate => 0, + context => q|Label for the group to use option.|, + }, + + 'who can use help' => { + message => q|Specifies which group is allowed to use this shipping driver.|, + lastUpdated => 0, + context => q|Hover help for the group to use option.|, + }, + }; 1; diff --git a/t/Shop/Ship.t b/t/Shop/Ship.t index 83e2ef962..3db92dce6 100644 --- a/t/Shop/Ship.t +++ b/t/Shop/Ship.t @@ -20,6 +20,7 @@ use Test::More; use Test::Deep; use JSON; use HTML::Form; +use Data::Dumper; use WebGUI::Test; # Must use this before any other WebGUI modules use WebGUI::Session; @@ -149,7 +150,7 @@ cmp_deeply( 'addShipper croaks without options to build a object with', ); -$driver = $ship->addShipper('WebGUI::Shop::ShipDriver::FlatRate', { enabled=>1, label=>q{Jake's Jailbird Airmail}}); +$driver = $ship->addShipper('WebGUI::Shop::ShipDriver::FlatRate', { enabled=>1, label=>q{Jake's Jailbird Airmail}, groupToUse=>7}); isa_ok($driver, 'WebGUI::Shop::ShipDriver::FlatRate', 'added a new, configured FlatRate driver'); ####################################################################### @@ -159,9 +160,10 @@ isa_ok($driver, 'WebGUI::Shop::ShipDriver::FlatRate', 'added a new, configured F ####################################################################### my $shippers; -$driver2 = $ship->addShipper('WebGUI::Shop::ShipDriver::FlatRate', { enabled=>0, label=>q{Tommy's cut-rate shipping}}); +$driver2 = $ship->addShipper('WebGUI::Shop::ShipDriver::FlatRate', { enabled=>0, label=>q{Tommy's cut-rate shipping}, groupToUse=>7}); $shippers = $ship->getShippers(); + is(scalar @{$shippers}, 3, 'getShippers: got both shippers, even though one is not enabled'); my @shipperNames = map { $_->get("label") } @{ $shippers }; diff --git a/t/Shop/ShipDriver.t b/t/Shop/ShipDriver.t index 5658394ed..75fd33e29 100644 --- a/t/Shop/ShipDriver.t +++ b/t/Shop/ShipDriver.t @@ -31,7 +31,7 @@ my $session = WebGUI::Test->session; #---------------------------------------------------------------------------- # Tests -my $tests = 37; +my $tests = 44; plan tests => 1 + $tests; #---------------------------------------------------------------------------- @@ -84,7 +84,13 @@ cmp_deeply( label => ignore(), hoverHelp => ignore(), defaultValue => 1, - } + }, + groupToUse => { + fieldType => 'group', + label => ignore(), + hoverHelp => ignore(), + defaultValue => 7, + }, } } ], , @@ -151,8 +157,9 @@ cmp_deeply( ); my $options = { - label => 'Slow and dangerous', - enabled => 1, + label => 'Slow and dangerous', + enabled => 1, + groupToUse => 7, }; $driver = WebGUI::Shop::ShipDriver->create( $session, $options ); @@ -174,7 +181,7 @@ cmp_deeply( { shipperId => $driver->getId, className => ref($driver), - options => q|{"label":"Slow and dangerous","enabled":1}|, + options => q|{"groupToUse":7,"label":"Slow and dangerous","enabled":1}|, }, 'Correct data written to the db', ); @@ -216,7 +223,7 @@ my @forms = HTML::Form->parse($html, 'http://www.webgui.org'); is (scalar @forms, 1, 'getEditForm generates just 1 form'); my @inputs = $forms[0]->inputs; -is (scalar @inputs, 7, 'getEditForm: the form has 7 controls'); +is (scalar @inputs, 9, 'getEditForm: the form has 9 controls'); my @interestingFeatures; foreach my $input (@inputs) { @@ -256,6 +263,14 @@ cmp_deeply( name => 'enabled', type => 'radio', }, + { + name => 'groupToUse', + type => 'option', + }, + { + name => '__groupToUse_isIn', + type => 'hidden', + }, ], 'getEditForm made the correct form with all the elements' @@ -306,12 +321,10 @@ cmp_deeply( my $driverCopy = WebGUI::Shop::ShipDriver->new($session, $driver->getId); -is($driver->getId, $driverCopy->getId, 'same id'); -is(ref $driver, ref $driverCopy, 'same className'); +is($driver->getId, $driverCopy->getId, 'same id'); +is(ref $driver, ref $driverCopy, 'same className'); cmp_deeply($driver->get, $driverCopy->get, 'same options'); - - ####################################################################### # # calculate @@ -323,7 +336,7 @@ like ($@, qr/^You must override the calculate method/, 'calculate croaks to forc ####################################################################### # -# update +# update, get # ####################################################################### @@ -338,6 +351,37 @@ cmp_deeply( 'update takes exception to not giving it a hashref of options', ); +isa_ok( $driver->get(), 'HASH', 'get returns a hashref if called with no param'); + +use Data::Dumper; +diag Dumper $driver->get(); + +is($driver->get('groupToUse'), 7, '... default group is 7'); + +$options = $driver->get(); +$options->{groupToUse} = 3; + +is($driver->get('groupToUse'), 7, '... get returns a safe hashref'); + +$driver->update($options); +is($driver->get('groupToUse'), 3, '... update groupToUse to 3'); + +####################################################################### +# +# canUse +# +####################################################################### + +$session->user({userId => 1}); +ok(! $driver->canUse, 'canUse, Visitor cannot use this driver since it is set to Admin'); +$session->user({userId => 3}); +ok( $driver->canUse, '... Admin can use this driver'); + +$options = $driver->get(); +$options->{groupToUse} = 7; +$session->user({userId => 1}); +ok(! $driver->canUse, '... reset to group Everyone, and Visitor can use it'); + ####################################################################### # # delete diff --git a/t/Shop/ShipDriver/FlatRate.t b/t/Shop/ShipDriver/FlatRate.t index 8bb5a0667..a8322403e 100644 --- a/t/Shop/ShipDriver/FlatRate.t +++ b/t/Shop/ShipDriver/FlatRate.t @@ -116,6 +116,12 @@ cmp_deeply( hoverHelp => ignore(), defaultValue => 1, }, + groupToUse => { + fieldType => 'group', + label => ignore(), + hoverHelp => ignore(), + defaultValue => 7, + }, } } ], 'Definition returns an array of hashrefs', @@ -167,7 +173,7 @@ my @forms = HTML::Form->parse($html, 'http://www.webgui.org'); is (scalar @forms, 1, 'getEditForm generates just 1 form'); my @inputs = $forms[0]->inputs; -is (scalar @inputs, 11, 'getEditForm: the form has 11 controls'); +is (scalar @inputs, 13, 'getEditForm: the form has 13 controls'); my @interestingFeatures; foreach my $input (@inputs) { @@ -207,6 +213,14 @@ cmp_deeply( name => 'enabled', type => 'radio', }, + { + name => 'groupToUse', + type => 'option', + }, + { + name => '__groupToUse_isIn', + type => 'hidden', + }, { name => 'flatFee', type => 'text',