Merge branch 'main' into SALEOR-6544-migrate-order-line-id-to-uuid

CHANGELOG.md

@@ -7,6 +7,19 @@ All notable, unreleased changes to this project will be documented in this file.
   - Changed the order line `id` from `int` to `UUID`, the old ids still can be used
   for old order lines.
 
+### Other changes
+- Fix for sending incorrect prices to Avatax - #9633 by @korycins
+- PREVIEW_FEATURE: Add mutations for managing a payment transaction attached to order/checkout. - #9564 by @korycins
+  - add fields:
+    - `order.transactions`
+    - `checkout.transactions`
+  - add mutations:
+    - `transactionCreate`
+    - `transactionUpdate`
+    - `transactionRequestAction`
+  - add new webhook event:
+    - `TRANSACTION_ACTION_REQUEST`
+
 # 3.3.1
 
 - Drop manual calls to emit post_migrate in migrations (#9647) (b32308802)
@@ -20,6 +33,8 @@ All notable, unreleased changes to this project will be documented in this file.
 
 ### Other changes
 
+- Fix filtering product attributes by date range - #9543 by @IKarbowiak
+- Fix for raising Permission Denied when anonymous user calls `checkout.customer` field - #9573 by @korycins
 - Use fulltext search for products (#9344) (4b6f25964) by @patrys
 - Precise timestamps for publication dates - #9581 by @IKarbowiak
   - Change `publicationDate` fields to `publishedAt` date time fields.

pyproject.toml

@@ -35,7 +35,7 @@ documentation = "https://docs.saleor.io/"
   html-to-draftjs = "^1.0.1"
   markdown = "^3.1.1"
   maxminddb = ">=1.5.4,<3.0.0"
-  petl = "1.7.8"
+  petl = "1.7.9"
   opentracing = "^2.3.0"
   phonenumberslite = "^8.12.25"
   prices = "^1.0"

requirements_dev.txt

@@ -201,7 +201,7 @@ toml==0.10.2; python_version >= "3.7" and python_full_version < "3.0.0" or pytho
 tomli==2.0.1; python_version < "3.11" and python_full_version >= "3.6.2" and python_version >= "3.7" and (python_version >= "3.7" and python_full_version < "3.0.0" or python_full_version >= "3.4.0" and python_version >= "3.7")
 tornado==6.1; python_version >= "3.7"
 tox==3.25.0; (python_version >= "2.7" and python_full_version < "3.0.0") or (python_full_version >= "3.5.0")
-types-certifi==2021.10.8.1
+types-certifi==2021.10.8.2
 types-freezegun==1.1.9
 types-pkg-resources==0.1.3
 types-python-dateutil==2.8.12

saleor/account/migrations/0055_alter_user_options.py

@@ -7,18 +7,21 @@ def assing_permissions(apps, schema_editor):
     def on_migrations_complete(sender=None, **kwargs):
         Group = apps.get_model("auth", "Group")
         Permission = apps.get_model("auth", "Permission")
+        ContentType = apps.get_model("contenttypes", "ContentType")
+
+        ct, _ = ContentType.objects.get_or_create(app_label="account", model="user")
+        impersonate_user, _ = Permission.objects.get_or_create(
+            name="Impersonate user.", content_type=ct, codename="impersonate_user"
+        )
 
-        impersonate_user = Permission.objects.filter(
-            codename="impersonate_user", content_type__app_label="account"
-        ).first()
         manage_users = Permission.objects.filter(
             codename="manage_users", content_type__app_label="account"
         )
 
         for group in Group.objects.filter(permissions__in=manage_users).iterator():
             group.permissions.add(impersonate_user)
 
-    post_migrate.connect(on_migrations_complete)
+    post_migrate.connect(on_migrations_complete, weak=False)
 
 
 class Migration(migrations.Migration):

saleor/account/migrations/0058_update_user_search_document.py

@@ -10,7 +10,7 @@ def update_user_search_document_values(apps, _schema_editor):
     def on_migrations_complete(sender=None, **kwargs):
         set_user_search_document_values.delay()
 
-    post_migrate.connect(on_migrations_complete)
+    post_migrate.connect(on_migrations_complete, weak=False)
 
 
 class Migration(migrations.Migration):

saleor/channel/migrations/0001_initial.py

@@ -9,13 +9,17 @@ def assing_permissions(apps, schema_editor):
     def on_migrations_complete(sender=None, **kwargs):
         Group = apps.get_model("auth", "Group")
         Permission = apps.get_model("auth", "Permission")
-        manage_channels = Permission.objects.filter(
-            codename="manage_channels", content_type__app_label="channel"
-        ).first()
+        ContentType = apps.get_model("contenttypes", "ContentType")
+
+        ct, _ = ContentType.objects.get_or_create(app_label="channel", model="channel")
+        manage_channels, _ = Permission.objects.get_or_create(
+            name="Manage channels.", content_type=ct, codename="manage_channels"
+        )
+
         for group in Group.objects.iterator():
             group.permissions.add(manage_channels)
 
-    post_migrate.connect(on_migrations_complete)
+    post_migrate.connect(on_migrations_complete, weak=False)
 
 
 def get_default_currency(Checkout, Order, Product, ShippingMethod, Voucher):

saleor/checkout/complete_checkout.py

@@ -1055,6 +1055,7 @@ def _create_order_from_checkout(
 
     # payments
     checkout_info.checkout.payments.update(order=order, checkout_id=None)
+    checkout_info.checkout.payment_transactions.update(order=order, checkout_id=None)
 
     # order search
     order.search_document = prepare_order_search_document_value(order)

saleor/checkout/migrations/0040_add_handle_checkouts_permission.py

@@ -9,27 +9,28 @@ def on_migrations_complete(sender=None, **kwargs):
         Permission = apps.get_model("auth", "Permission")
         App = apps.get_model("app", "App")
         Group = apps.get_model("auth", "Group")
+        ContentType = apps.get_model("contenttypes", "ContentType")
+
+        ct, _ = ContentType.objects.get_or_create(
+            app_label="checkout", model="checkout"
+        )
+        handle_checkouts, _ = Permission.objects.get_or_create(
+            name="Handle checkouts", content_type=ct, codename="handle_checkouts"
+        )
 
-        handle_checkouts = Permission.objects.filter(
-            codename="handle_checkouts", content_type__app_label="checkout"
-        ).first()
         manage_checkouts = Permission.objects.filter(
             codename="manage_checkouts", content_type__app_label="checkout"
         ).first()
 
-        app_qs = App.objects.filter(
-            permissions=manage_checkouts,
-        )
+        app_qs = App.objects.filter(permissions=manage_checkouts)
         for app in app_qs.iterator():
             app.permissions.add(handle_checkouts)
 
-        groups = Group.objects.filter(
-            permissions=manage_checkouts,
-        )
+        groups = Group.objects.filter(permissions=manage_checkouts)
         for group in groups.iterator():
             group.permissions.add(handle_checkouts)
 
-    post_migrate.connect(on_migrations_complete)
+    post_migrate.connect(on_migrations_complete, weak=False)
 
 
 class Migration(migrations.Migration):

saleor/graphql/checkout/dataloaders.py

@@ -10,6 +10,7 @@
     update_delivery_method_lists_for_checkout_info,
 )
 from ...checkout.models import Checkout, CheckoutLine
+from ...payment.models import TransactionItem
 from ..account.dataloaders import AddressByIdLoader, UserByUserIdLoader
 from ..core.dataloaders import DataLoader
 from ..discount.dataloaders import VoucherByCodeLoader
@@ -323,3 +324,16 @@ def batch_load(self, keys):
         for line in lines.iterator():
             line_map[line.checkout_id].append(line)
         return [line_map.get(checkout_id, []) for checkout_id in keys]
+
+
+class TransactionItemsByCheckoutIDLoader(DataLoader):
+    context_key = "transaction_items_by_checkout_id"
+
+    def batch_load(self, keys):
+        transactions = TransactionItem.objects.filter(checkout_id__in=keys).order_by(
+            "pk"
+        )
+        transactions_map = defaultdict(list)
+        for transaction in transactions:
+            transactions_map[transaction.checkout_id].append(transaction)
+        return [transactions_map[checkout_id] for checkout_id in keys]

saleor/graphql/checkout/mutations/order_create_from_checkout.py

@@ -50,8 +50,12 @@ class Arguments:
         )
 
     class Meta:
+        auto_permission_message = False
         description = (
-            "Create new order from existing checkout." + ADDED_IN_32 + PREVIEW_FEATURE
+            "Create new order from existing checkout. Requires the "
+            "following permissions: AUTHENTICATED_APP and HANDLE_CHECKOUTS."
+            + ADDED_IN_32
+            + PREVIEW_FEATURE
         )
         object_type = Order
         permissions = (CheckoutPermissions.HANDLE_CHECKOUTS,)

saleor/graphql/checkout/tests/test_checkout.py

@@ -37,7 +37,7 @@
     calculate_checkout_quantity,
 )
 from ....core.payments import PaymentInterface
-from ....payment import TransactionKind
+from ....payment import TransactionAction, TransactionKind
 from ....payment.interface import GatewayResponse
 from ....plugins.base_plugin import ExcludedShippingMethod
 from ....plugins.manager import get_plugins_manager
@@ -4671,3 +4671,92 @@ def test_get_checkout_with_vatlayer_set(
     # then
     content = get_graphql_content(response)
     assert content["data"]["checkout"]["token"] == str(checkout.token)
+
+
+QUERY_CHECKOUT_TRANSACTIONS = """
+    query getCheckout($token: UUID!) {
+        checkout(token: $token) {
+           transactions {
+               id
+           }
+        }
+    }
+    """
+
+
+def test_checkout_transactions_missing_permission(api_client, checkout):
+    # given
+    checkout.payment_transactions.create(
+        status="Authorized",
+        type="Credit card",
+        reference="123",
+        currency="USD",
+        authorized_value=Decimal("15"),
+        available_actions=[TransactionAction.CAPTURE, TransactionAction.VOID],
+    )
+    query = QUERY_CHECKOUT_TRANSACTIONS
+    variables = {"token": str(checkout.token)}
+
+    # when
+    response = api_client.post_graphql(query, variables)
+
+    # then
+    assert_no_permission(response)
+
+
+def test_checkout_transactions_with_manage_checkouts(
+    staff_api_client, checkout, permission_manage_checkouts
+):
+    # given
+    transaction = checkout.payment_transactions.create(
+        status="Authorized",
+        type="Credit card",
+        reference="123",
+        currency="USD",
+        authorized_value=Decimal("15"),
+        available_actions=[TransactionAction.CAPTURE, TransactionAction.VOID],
+    )
+    query = QUERY_CHECKOUT_TRANSACTIONS
+    variables = {"token": str(checkout.token)}
+
+    # when
+    response = staff_api_client.post_graphql(
+        query, variables, permissions=[permission_manage_checkouts]
+    )
+
+    # then
+    content = get_graphql_content(response)
+    assert len(content["data"]["checkout"]["transactions"]) == 1
+    transaction_id = content["data"]["checkout"]["transactions"][0]["id"]
+    assert transaction_id == graphene.Node.to_global_id(
+        "TransactionItem", transaction.id
+    )
+
+
+def test_checkout_transactions_with_handle_payments(
+    staff_api_client, checkout, permission_manage_payments
+):
+    # given
+    transaction = checkout.payment_transactions.create(
+        status="Authorized",
+        type="Credit card",
+        reference="123",
+        currency="USD",
+        authorized_value=Decimal("15"),
+        available_actions=[TransactionAction.CAPTURE, TransactionAction.VOID],
+    )
+    query = QUERY_CHECKOUT_TRANSACTIONS
+    variables = {"token": str(checkout.token)}
+
+    # when
+    response = staff_api_client.post_graphql(
+        query, variables, permissions=[permission_manage_payments]
+    )
+
+    # then
+    content = get_graphql_content(response)
+    assert len(content["data"]["checkout"]["transactions"]) == 1
+    transaction_id = content["data"]["checkout"]["transactions"][0]["id"]
+    assert transaction_id == graphene.Node.to_global_id(
+        "TransactionItem", transaction.id
+    )