-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
refactor #11964 [API][AddressBook] Protect addresses with new firewal…
…l (AdamKasp) This PR was merged into the 1.9-dev branch. Discussion ---------- | Q | A | --------------- | ----- | Branch? | master | Bug fix? | no | New feature? | yes | BC breaks? | no | License | MIT <!-- - Bug fixes must be submitted against the 1.7 or 1.8 branch (the lowest possible) - Features and deprecations must be submitted against the master branch - Make sure that the correct base branch is set To be sure you are not breaking any Backward Compatibilities, check the documentation: https://docs.sylius.com/en/latest/book/organization/backward-compatibility-promise.html --> Commits ------- 977e073 [API][AddressBook] protect addressbook with new firewall df3ad6e [Api][Address] fix addresItemProvider and and missing scenarios 787d7e4 [Api][Address] Add missing behats scenario
- Loading branch information
Showing
12 changed files
with
118 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
# UPGRADE FROM `v1.8.X` TO `v1.9.0` | ||
|
||
1. Add new parameters, new access control configuration and reorder it: | ||
|
||
```diff | ||
parameters: | ||
+ sylius.security.new_api_user_account_route: "%sylius.security.new_api_shop_route%/account" | ||
+ sylius.security.new_api_user_account_regex: "^%sylius.security.new_api_user_account_route%" | ||
|
||
security: | ||
access_control: | ||
+ - { path: "%sylius.security.new_api_user_account_regex%/.*", role: ROLE_USER } | ||
- - { path: "%sylius.security.new_api_shop_regex%/.*", role: IS_AUTHENTICATED_ANONYMOUSLY } | ||
- { path: "%sylius.security.new_api_route%/shop/authentication-token", role: IS_AUTHENTICATED_ANONYMOUSLY } | ||
+ - { path: "%sylius.security.new_api_shop_regex%/.*", role: IS_AUTHENTICATED_ANONYMOUSLY } | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
27 changes: 27 additions & 0 deletions
27
...r_account/address_book/preventing_not_logged_user_from_operations_on_address_book.feature
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
@address_book | ||
Feature: Preventing not logged user from operations on the address book | ||
In order to protect address book from unauthorised operation | ||
As a Visitor | ||
I want not to be able to operate on address book | ||
|
||
Background: | ||
Given the store operates on a single channel in "United States" | ||
And there is a customer "John Doe" identified by an email "doe@example.com" and a password "banana" | ||
And this customer has an address "John Doe", "Banana Street", "90232", "New York", "United States", "Kansas" in their address book | ||
|
||
@api | ||
Scenario: Trying to add new address as a Visitor | ||
When I want to add a new address to my address book | ||
And I specify the address as "Lucifer Morningstar", "Seaside Fwy", "90802", "Los Angeles", "United States", "Arkansas" | ||
And I try to add it | ||
Then I should not be able to add it | ||
|
||
@api | ||
Scenario: Trying to view address as a Visitor | ||
When I try to view details of address belongs to "John Doe" | ||
Then I should not see any details of address | ||
|
||
@api | ||
Scenario: Trying to delete address as a Visitor | ||
When I try to delete address belongs to "John Doe" | ||
Then I should not be able to delete it |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
14 changes: 14 additions & 0 deletions
14
features/account/customer_account/address_book/viewing_empty_address_book.feature
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
@address_book | ||
Feature: Viewing empty address book | ||
In order to see only added addresses | ||
As a Customer | ||
I want to be able to see empty address book | ||
|
||
Background: | ||
Given the store operates on a single channel in "United States" | ||
And I am a logged in customer with name "Lucifer Morningstar" | ||
|
||
@ui @api | ||
Scenario: Viewing an empty address book | ||
When I browse my address book | ||
Then there should be no addresses |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters