Skip to content
Permalink
Browse files Browse the repository at this point in the history
NEXT-21034 - Dont restore permissions
  • Loading branch information
shyim committed Apr 12, 2022
1 parent ed56bf1 commit 083765e
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 29 deletions.
Expand Up @@ -198,6 +198,7 @@ public function assignCustomer(Request $request, Context $context): Response
PlatformRequest::HEADER_CONTEXT_TOKEN => $salesChannelContext->getToken(),
], \JSON_THROW_ON_ERROR);
$response = new Response();
$response->headers->set('content-type', 'application/json');
$response->setContent($content ?: null);

return $response;
Expand Down
3 changes: 2 additions & 1 deletion src/Core/System/SalesChannel/Context/CartRestorer.php
Expand Up @@ -46,7 +46,7 @@ public function restore(string $customerId, SalesChannelContext $currentContext)
$customerId
);

if (empty($customerPayload) || !($customerPayload['expired'] ?? false) && $customerPayload['token'] === $currentContext->getToken()) {
if (empty($customerPayload) || !empty($customerPayload['permissions']) || !($customerPayload['expired'] ?? false) && $customerPayload['token'] === $currentContext->getToken()) {
return $this->replaceContextToken($customerId, $currentContext);
}

Expand Down Expand Up @@ -114,6 +114,7 @@ private function replaceContextToken(string $customerId, SalesChannelContext $cu
'customerId' => $customerId,
'billingAddressId' => null,
'shippingAddressId' => null,
'permissions' => [],
],
$currentContext->getSalesChannel()->getId(),
$customerId
Expand Down
Expand Up @@ -32,11 +32,14 @@ public function __construct(Connection $connection, EventDispatcherInterface $ev
$this->lifetimeInterval = $lifetimeInterval ?? 'P1D';
}

public function save(string $token, array $parameters, string $salesChannelId, ?string $customerId = null): void
public function save(string $token, array $newParameters, string $salesChannelId, ?string $customerId = null): void
{
$existing = $this->load($token, $salesChannelId, $customerId);

$parameters = array_replace_recursive($existing, $parameters);
$parameters = array_replace_recursive($existing, $newParameters);
if (isset($newParameters['permissions']) && $newParameters['permissions'] === []) {
$parameters['permissions'] = [];
}

unset($parameters['token']);

Expand Down
42 changes: 16 additions & 26 deletions src/Core/System/Test/SalesChannel/Context/CartRestorerTest.php
Expand Up @@ -12,13 +12,10 @@
use Shopware\Core\Checkout\Cart\LineItem\LineItemCollection;
use Shopware\Core\Checkout\Cart\SalesChannel\CartService;
use Shopware\Core\Checkout\Customer\CustomerEntity;
use Shopware\Core\Checkout\Payment\Cart\PaymentHandler\PrePayment;
use Shopware\Core\Content\Product\Aggregate\ProductVisibility\ProductVisibilityDefinition;
use Shopware\Core\Defaults;
use Shopware\Core\Framework\Context;
use Shopware\Core\Framework\DataAbstractionLayer\EntityRepositoryInterface;
use Shopware\Core\Framework\DataAbstractionLayer\Search\Criteria;
use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\EqualsFilter;
use Shopware\Core\Framework\Feature;
use Shopware\Core\Framework\Test\TestCaseBase\IntegrationTestBehaviour;
use Shopware\Core\Framework\Util\Random;
Expand All @@ -33,6 +30,7 @@
use Shopware\Core\Test\TestDefaults;
use Symfony\Component\EventDispatcher\EventDispatcher;
use Symfony\Contracts\EventDispatcher\Event;
use function json_encode;

class CartRestorerTest extends TestCase
{
Expand Down Expand Up @@ -325,33 +323,25 @@ public function testCartMergedEventIsFiredWithCustomerCart(): void
static::assertEquals(5, $p2->getQuantity());
}

private function getStateId(string $state, string $machine)
public function testPermissionsAreIgnoredOnRestoer(): void
{
return $this->getContainer()->get(Connection::class)
->fetchColumn('
SELECT LOWER(HEX(state_machine_state.id))
FROM state_machine_state
INNER JOIN state_machine
ON state_machine.id = state_machine_state.state_machine_id
AND state_machine.technical_name = :machine
WHERE state_machine_state.technical_name = :state
', [
'state' => $state,
'machine' => $machine,
]);
}
$currentContextToken = Random::getAlphanumericString(32);

private function getPrePaymentMethodId(): string
{
/** @var EntityRepositoryInterface $repository */
$repository = $this->getContainer()->get('payment_method.repository');
$currentContext = $this->createSalesChannelContext($currentContextToken, []);

$criteria = (new Criteria())
->setLimit(1)
->addFilter(new EqualsFilter('active', true))
->addFilter(new EqualsFilter('handlerIdentifier', PrePayment::class));
$con = $this->getContainer()->get(Connection::class);

$con->insert('sales_channel_api_context', [
'token' => Random::getAlphanumericString(32),
'payload' => json_encode(['expired' => false, 'customerId' => $this->customerId, 'permissions' => ['foo']], \JSON_THROW_ON_ERROR),
'sales_channel_id' => Uuid::fromHexToBytes($currentContext->getSalesChannelId()),
'customer_id' => Uuid::fromHexToBytes($this->customerId),
'updated_at' => (new \DateTime())->format(Defaults::STORAGE_DATE_TIME_FORMAT),
]);

$restoreContext = $this->cartRestorer->restore($this->customerId, $currentContext);

return $repository->searchIds($criteria, Context::createDefaultContext())->getIds()[0];
static::assertSame([], $restoreContext->getPermissions());
}

private function createProduct(Context $context): string
Expand Down

0 comments on commit 083765e

Please sign in to comment.