Permalink
Show file tree
Hide file tree
3 changes: 2 additions & 1 deletion
3
Framework/Test/Api/Controller/SalesChannelProxyControllerTest.php
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
NEXT-20305 - Secure proxy route to switch customer with ACL
- Loading branch information
Showing
5 changed files
with
134 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
10 changes: 10 additions & 0 deletions
10
...gration1646397836UpdateRolePrivilegesOfOrderCreatorUpdateRolePrivilegesOfOrderCreator.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| <?php declare(strict_types=1); | ||
|
|
||
| namespace Shopware\Core\Migration; | ||
|
|
||
| /** | ||
| * @deprecated tag:v6.5.0 - Will be deleted. Migrations are now namespaced by major version | ||
| */ | ||
| class Migration1646397836UpdateRolePrivilegesOfOrderCreatorUpdateRolePrivilegesOfOrderCreator extends \Shopware\Core\Migration\V6_4\Migration1646397836UpdateRolePrivilegesOfOrderCreator | ||
| { | ||
| } |
64 changes: 64 additions & 0 deletions
64
Migration/Test/Migration1646397836UpdateRolePrivilegesOfOrderCreatorTest.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| <?php declare(strict_types=1); | ||
|
|
||
| namespace Shopware\Core\Migration\Test; | ||
|
|
||
| use Doctrine\DBAL\Connection; | ||
| use PHPUnit\Framework\TestCase; | ||
| use Shopware\Core\Framework\Api\Acl\Role\AclRoleEntity; | ||
| use Shopware\Core\Framework\Context; | ||
| use Shopware\Core\Framework\DataAbstractionLayer\Search\Criteria; | ||
| use Shopware\Core\Framework\Test\TestCaseBase\IntegrationTestBehaviour; | ||
| use Shopware\Core\Framework\Uuid\Uuid; | ||
| use Shopware\Core\Migration\V6_4\Migration1646397836UpdateRolePrivilegesOfOrderCreator; | ||
|
|
||
| class Migration1646397836UpdateRolePrivilegesOfOrderCreatorTest extends TestCase | ||
| { | ||
| use IntegrationTestBehaviour; | ||
|
|
||
| public function testNewPermissionsAreAdded(): void | ||
| { | ||
| $repo = $this->getContainer()->get('acl_role.repository'); | ||
| $connection = $this->getContainer()->get(Connection::class); | ||
|
|
||
| $id = Uuid::randomHex(); | ||
| $context = Context::createDefaultContext(); | ||
| $repo->create([[ | ||
| 'id' => $id, | ||
| 'name' => 'test', | ||
| 'privileges' => ['order.creator'], | ||
| ]], $context); | ||
|
|
||
| $migration = new Migration1646397836UpdateRolePrivilegesOfOrderCreator(); | ||
| $migration->update($connection); | ||
|
|
||
| /** @var AclRoleEntity $role */ | ||
| $role = $repo->search(new Criteria([$id]), $context)->first(); | ||
| static::assertNotNull($role); | ||
|
|
||
| static::assertContains('api_proxy_switch-customer', $role->getPrivileges()); | ||
| } | ||
|
|
||
| public function testUnrelatedRolesAreNotUpdated(): void | ||
| { | ||
| $repo = $this->getContainer()->get('acl_role.repository'); | ||
| $connection = $this->getContainer()->get(Connection::class); | ||
|
|
||
| $id = Uuid::randomHex(); | ||
| $context = Context::createDefaultContext(); | ||
| $privileges = ['order:create', 'order:read', 'order:update', 'order:delete']; | ||
| $repo->create([[ | ||
| 'id' => $id, | ||
| 'name' => 'test', | ||
| 'privileges' => $privileges, | ||
| ]], $context); | ||
|
|
||
| $before = $connection->fetchAssociative('SELECT * FROM `acl_role` WHERE id = :id', ['id' => Uuid::fromHexToBytes($id)]); | ||
|
|
||
| $migration = new Migration1646397836UpdateRolePrivilegesOfOrderCreator(); | ||
| $migration->update($connection); | ||
|
|
||
| $after = $connection->fetchAssociative('SELECT * FROM `acl_role` WHERE id = :id', ['id' => Uuid::fromHexToBytes($id)]); | ||
|
|
||
| static::assertSame($before, $after); | ||
| } | ||
| } |
56 changes: 56 additions & 0 deletions
56
Migration/V6_4/Migration1646397836UpdateRolePrivilegesOfOrderCreator.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| <?php declare(strict_types=1); | ||
|
|
||
| namespace Shopware\Core\Migration\V6_4; | ||
|
|
||
| use Doctrine\DBAL\Connection; | ||
| use Shopware\Core\Defaults; | ||
| use Shopware\Core\Framework\Migration\MigrationStep; | ||
|
|
||
| class Migration1646397836UpdateRolePrivilegesOfOrderCreator extends MigrationStep | ||
| { | ||
| public const NEW_PRIVILEGES = [ | ||
| 'order.creator' => [ | ||
| 'api_proxy_switch-customer', | ||
| ], | ||
| ]; | ||
|
|
||
| public function getCreationTimestamp(): int | ||
| { | ||
| return 1646397836; | ||
| } | ||
|
|
||
| public function update(Connection $connection): void | ||
| { | ||
| $roles = $connection->fetchAllAssociative('SELECT * from `acl_role`'); | ||
|
|
||
| foreach ($roles as $role) { | ||
| $currentPrivileges = \json_decode($role['privileges'], true, 512, \JSON_THROW_ON_ERROR); | ||
| $newPrivileges = array_values($this->fixRolePrivileges($currentPrivileges)); | ||
|
|
||
| if ($currentPrivileges === $newPrivileges) { | ||
| continue; | ||
| } | ||
|
|
||
| $role['privileges'] = json_encode($newPrivileges); | ||
| $role['updated_at'] = (new \DateTimeImmutable())->format(Defaults::STORAGE_DATE_FORMAT); | ||
|
|
||
| $connection->update('acl_role', $role, ['id' => $role['id']]); | ||
| } | ||
| } | ||
|
|
||
| public function updateDestructive(Connection $connection): void | ||
| { | ||
| // implement update destructive | ||
| } | ||
|
|
||
| private function fixRolePrivileges(array $rolePrivileges): array | ||
| { | ||
| foreach (self::NEW_PRIVILEGES as $key => $new) { | ||
| if (\in_array($key, $rolePrivileges, true)) { | ||
| $rolePrivileges = array_merge($rolePrivileges, $new); | ||
| } | ||
| } | ||
|
|
||
| return array_unique($rolePrivileges); | ||
| } | ||
| } |