Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-6292-4qpg-hvfg
Make sure the user is able to change the configuration in the dashboard only if he has the right to do it
  • Loading branch information
PierreRambaud committed Jul 7, 2020
2 parents 9c6725b + 02a081c commit f0799c1
Show file tree
Hide file tree
Showing 2 changed files with 160 additions and 116 deletions.
42 changes: 41 additions & 1 deletion dashproducts.php
Expand Up @@ -72,7 +72,7 @@ public function hookDashboardZoneTwo($params)
'DASHPRODUCT_NBR_SHOW_TOP_SEARCH' => Configuration::get('DASHPRODUCT_NBR_SHOW_TOP_SEARCH'),
'date_from' => Tools::displayDate($params['date_from']),
'date_to' => Tools::displayDate($params['date_to']),
'dashproducts_config_form' => $this->renderConfigForm(),
'dashproducts_config_form' => $this->getPermission('configure') ? $this->renderConfigForm() : null,
)
);

Expand Down Expand Up @@ -617,4 +617,44 @@ public function hookActionSearch($params)
{
Tools::changeFileMTime($this->push_filename);
}

/**
* Validate dashboard configuration
*
* @param array $config
*
* @return array
*/
public function validateDashConfig(array $config)
{
$errors = [];
$possibleValues = [5, 10, 20, 50];
foreach (array_keys($this->getConfigFieldsValues()) as $fieldName) {
if (!isset($config[$fieldName]) || !in_array($config[$fieldName], $possibleValues)) {
$errors[$fieldName] = $this->trans('The %s field is invalid.', [$fieldName], 'Modules.Dashproducts.Admin');
}
}

return $errors;
}

/**
* Save dashboard configuration
*
* @param array $config
*
* @return bool determines if there are errors or not
*/
public function saveDashConfig(array $config)
{
if (!$this->getPermission('configure')) {
return true;
}

foreach (array_keys($this->getConfigFieldsValues()) as $fieldName) {
Configuration::updateValue($fieldName, (int) $config[$fieldName]);
}

return false;
}
}
234 changes: 119 additions & 115 deletions views/templates/hook/dashboard_zone_two.tpl
@@ -1,123 +1,127 @@
{*
* 2007-2018 PrestaShop
*
* NOTICE OF LICENSE
*
* This source file is subject to the Academic Free License (AFL 3.0)
* that is bundled with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://opensource.org/licenses/afl-3.0.php
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@prestashop.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade PrestaShop to newer
* versions in the future. If you wish to customize PrestaShop for your
* needs please refer to http://www.prestashop.com for more information.
*
* @author PrestaShop SA <contact@prestashop.com>
* @copyright 2007-2018 PrestaShop SA
* @license http://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0)
* International Registered Trademark & Property of PrestaShop SA
*}
* 2007-2018 PrestaShop
*
* NOTICE OF LICENSE
*
* This source file is subject to the Academic Free License (AFL 3.0)
* that is bundled with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://opensource.org/licenses/afl-3.0.php
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@prestashop.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade PrestaShop to newer
* versions in the future. If you wish to customize PrestaShop for your
* needs please refer to http://www.prestashop.com for more information.
*
* @author PrestaShop SA <contact@prestashop.com>
* @copyright 2007-2018 PrestaShop SA
* @license http://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0)
* International Registered Trademark & Property of PrestaShop SA
*}

<section id="dashproducts" class="panel widget {if $allow_push} allow_push{/if}">
<header class="panel-heading">
<i class="icon-bar-chart"></i> {l s='Products and Sales' d='Modules.Dashproducts.Admin'}
<span class="panel-heading-action">
<a class="list-toolbar-btn" href="#" onclick="toggleDashConfig('dashproducts'); return false;" title="{l s='Configure' d='Admin.Actions'}">
<i class="process-icon-configure"></i>
</a>
<a class="list-toolbar-btn" href="#" onclick="refreshDashboard('dashproducts'); return false;" title="{l s='Refresh' d='Admin.Actions'}">
<i class="process-icon-refresh"></i>
</a>
</span>
</header>
<header class="panel-heading">
<i class="icon-bar-chart"></i> {l s='Products and Sales' d='Modules.Dashproducts.Admin'}
<span class="panel-heading-action">
{if !empty($dashproducts_config_form)}
<a class="list-toolbar-btn" href="#" onclick="toggleDashConfig('dashproducts'); return false;" title="{l s='Configure' d='Admin.Actions'}">
<i class="process-icon-configure"></i>
</a>
{/if}
<a class="list-toolbar-btn" href="#" onclick="refreshDashboard('dashproducts'); return false;" title="{l s='Refresh' d='Admin.Actions'}">
<i class="process-icon-refresh"></i>
</a>
</span>
</header>

<section id="dashproducts_config" class="dash_config hide">
<header><i class="icon-wrench"></i> {l s='Configuration' d='Admin.Global'}</header>
{$dashproducts_config_form}
</section>
{if !empty($dashproducts_config_form)}
<section id="dashproducts_config" class="dash_config hide">
<header><i class="icon-wrench"></i> {l s='Configuration' d='Admin.Global'}</header>
{$dashproducts_config_form}
</section>
{/if}

<section>
<nav>
<ul class="nav nav-pills">
<li class="active">
<a href="#dash_recent_orders" data-toggle="tab">
<i class="icon-fire"></i>
<span class="hidden-inline-xs">{l s='Recent Orders' d='Modules.Dashproducts.Admin'}</span>
</a>
</li>
<li>
<a href="#dash_best_sellers" data-toggle="tab">
<i class="icon-trophy"></i>
<span class="hidden-inline-xs">{l s='Best Sellers' d='Modules.Dashproducts.Admin'}</span>
</a>
</li>
<li>
<a href="#dash_most_viewed" data-toggle="tab">
<i class="icon-eye-open"></i>
<span class="hidden-inline-xs">{l s='Most Viewed' d='Modules.Dashproducts.Admin'}</span>
</a>
</li>
<li>
<a href="#dash_top_search" data-toggle="tab">
<i class="icon-search"></i>
<span class="hidden-inline-xs">{l s='Top Searches' d='Modules.Dashproducts.Admin'}</span>
</a>
</li>
</ul>
</nav>
<section>
<nav>
<ul class="nav nav-pills">
<li class="active">
<a href="#dash_recent_orders" data-toggle="tab">
<i class="icon-fire"></i>
<span class="hidden-inline-xs">{l s='Recent Orders' d='Modules.Dashproducts.Admin'}</span>
</a>
</li>
<li>
<a href="#dash_best_sellers" data-toggle="tab">
<i class="icon-trophy"></i>
<span class="hidden-inline-xs">{l s='Best Sellers' d='Modules.Dashproducts.Admin'}</span>
</a>
</li>
<li>
<a href="#dash_most_viewed" data-toggle="tab">
<i class="icon-eye-open"></i>
<span class="hidden-inline-xs">{l s='Most Viewed' d='Modules.Dashproducts.Admin'}</span>
</a>
</li>
<li>
<a href="#dash_top_search" data-toggle="tab">
<i class="icon-search"></i>
<span class="hidden-inline-xs">{l s='Top Searches' d='Modules.Dashproducts.Admin'}</span>
</a>
</li>
</ul>
</nav>

<div class="tab-content panel">
<div class="tab-pane active" id="dash_recent_orders">
<h3>{l s='Last %d orders' sprintf=$DASHPRODUCT_NBR_SHOW_LAST_ORDER|intval d='Modules.Dashproducts.Admin'}</h3>
<div class="table-responsive">
<table class="table data_table" id="table_recent_orders">
<thead></thead>
<tbody></tbody>
</table>
</div>
</div>
<div class="tab-pane" id="dash_best_sellers">
<h3>
{l s='Top %d products' sprintf=$DASHPRODUCT_NBR_SHOW_BEST_SELLER|intval d='Modules.Dashproducts.Admin'}
<span>{l s="From" d='Modules.Dashproducts.Admin'} {$date_from|escape:'htmlall':'UTF-8'} {l s="to" d='Modules.Dashproducts.Admin'} {$date_to|escape:'htmlall':'UTF-8'}</span>
</h3>
<div class="table-responsive">
<table class="table data_table" id="table_best_sellers">
<thead></thead>
<tbody></tbody>
</table>
</div>
</div>
<div class="tab-pane" id="dash_most_viewed">
<h3>
{l s="Most Viewed" d='Modules.Dashproducts.Admin'}
<span>{l s="From" d='Modules.Dashproducts.Admin'} {$date_from|escape:'htmlall':'UTF-8'} {l s="to" d='Modules.Dashproducts.Admin'} {$date_to|escape:'htmlall':'UTF-8'}</span>
</h3>
<div class="table-responsive">
<table class="table data_table" id="table_most_viewed">
<thead></thead>
<tbody></tbody>
</table>
</div>
</div>
<div class="tab-pane" id="dash_top_search">
<h3>
{l s='Top %d most search terms' sprintf=$DASHPRODUCT_NBR_SHOW_TOP_SEARCH|intval d='Modules.Dashproducts.Admin'}
<span>{l s="From" d='Modules.Dashproducts.Admin'} {$date_from|escape:'htmlall':'UTF-8'} {l s="to" d='Modules.Dashproducts.Admin'} {$date_to|escape:'htmlall':'UTF-8'}</span>
</h3>
<div class="table-responsive">
<table class="table data_table" id="table_top_10_most_search">
<thead></thead>
<tbody></tbody>
</table>
</div>
</div>
</div>
<div class="tab-content panel">
<div class="tab-pane active" id="dash_recent_orders">
<h3>{l s='Last %d orders' sprintf=$DASHPRODUCT_NBR_SHOW_LAST_ORDER|intval d='Modules.Dashproducts.Admin'}</h3>
<div class="table-responsive">
<table class="table data_table" id="table_recent_orders">
<thead></thead>
<tbody></tbody>
</table>
</div>
</div>
<div class="tab-pane" id="dash_best_sellers">
<h3>
{l s='Top %d products' sprintf=$DASHPRODUCT_NBR_SHOW_BEST_SELLER|intval d='Modules.Dashproducts.Admin'}
<span>{l s="From" d='Modules.Dashproducts.Admin'} {$date_from|escape:'htmlall':'UTF-8'} {l s="to" d='Modules.Dashproducts.Admin'} {$date_to|escape:'htmlall':'UTF-8'}</span>
</h3>
<div class="table-responsive">
<table class="table data_table" id="table_best_sellers">
<thead></thead>
<tbody></tbody>
</table>
</div>
</div>
<div class="tab-pane" id="dash_most_viewed">
<h3>
{l s="Most Viewed" d='Modules.Dashproducts.Admin'}
<span>{l s="From" d='Modules.Dashproducts.Admin'} {$date_from|escape:'htmlall':'UTF-8'} {l s="to" d='Modules.Dashproducts.Admin'} {$date_to|escape:'htmlall':'UTF-8'}</span>
</h3>
<div class="table-responsive">
<table class="table data_table" id="table_most_viewed">
<thead></thead>
<tbody></tbody>
</table>
</div>
</div>
<div class="tab-pane" id="dash_top_search">
<h3>
{l s='Top %d most search terms' sprintf=$DASHPRODUCT_NBR_SHOW_TOP_SEARCH|intval d='Modules.Dashproducts.Admin'}
<span>{l s="From" d='Modules.Dashproducts.Admin'} {$date_from|escape:'htmlall':'UTF-8'} {l s="to" d='Modules.Dashproducts.Admin'} {$date_to|escape:'htmlall':'UTF-8'}</span>
</h3>
<div class="table-responsive">
<table class="table data_table" id="table_top_10_most_search">
<thead></thead>
<tbody></tbody>
</table>
</div>
</div>
</div>

</section>
</section>
</section>

0 comments on commit f0799c1

Please sign in to comment.