public function testGetByIdentifierNamespace()
{
$userId = 1;
$namespace = 'some_namespace';
$identifier = 'current';
$this->userContext->expects($this->once())->method('getUserId')->willReturn($userId);
$fieldUserId = new Filter([Filter::KEY_FIELD => 'user_id', Filter::KEY_VALUE => $userId, Filter::KEY_CONDITION_TYPE => 'eq']);
$fieldIdentifier = new Filter([Filter::KEY_FIELD => 'identifier', Filter::KEY_VALUE => $identifier, Filter::KEY_CONDITION_TYPE => 'eq']);
$fieldNamespace = new Filter([Filter::KEY_FIELD => 'namespace', Filter::KEY_VALUE => $namespace, Filter::KEY_CONDITION_TYPE => 'eq']);
$bookmarkId = 1;
$bookmark = $this->getMockBuilder('Magento\\Ui\\Api\\Data\\BookmarkInterface')->getMockForAbstractClass();
$bookmark->expects($this->once())->method('getId')->willReturn($bookmarkId);
$searchCriteria = $this->getMockBuilder('Magento\\Framework\\Api\\SearchCriteriaInterface')->getMockForAbstractClass();
$this->filterBuilder->expects($this->at(0))->method('create')->willReturn($fieldUserId);
$this->filterBuilder->expects($this->at(1))->method('create')->willReturn($fieldIdentifier);
$this->filterBuilder->expects($this->at(2))->method('create')->willReturn($fieldNamespace);
$this->searchCriteriaBuilder->expects($this->once())->method('addFilters')->with([$fieldUserId, $fieldIdentifier, $fieldNamespace]);
$this->searchCriteriaBuilder->expects($this->once())->method('create')->willReturn($searchCriteria);
$searchResult = $this->getMockBuilder('Magento\\Ui\\Api\\Data\\BookmarkSearchResultsInterface')->getMockForAbstractClass();
$searchResult->expects($this->once())->method('getTotalCount')->willReturn(1);
$searchResult->expects($this->once())->method('getItems')->willReturn([$bookmark]);
$this->bookmarkRepository->expects($this->once())->method('getList')->with($searchCriteria)->willReturn($searchResult);
$this->bookmarkRepository->expects($this->once())->method('getById')->with($bookmarkId)->willReturn($bookmark);
$this->assertEquals($bookmark, $this->bookmarkManagement->getByIdentifierNamespace($identifier, $namespace));
}
/**
* {@inheritDoc}
*/
public function getOverriddenValue()
{
if ($this->userContext->getUserType() === UserContextInterface::USER_TYPE_CUSTOMER) {
return $this->userContext->getUserId();
}
return null;
}
/**
* Check if resource for which access is needed has self permissions defined in webapi config.
*
* @param \Magento\Framework\Authorization $subject
* @param callable $proceed
* @param string $resource
* @param string $privilege
*
* @return bool true If resource permission is self, to allow
* customer access without further checks in parent method
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
*/
public function aroundIsAllowed(\Magento\Framework\Authorization $subject, \Closure $proceed, $resource, $privilege = null)
{
if ($resource == AuthorizationService::PERMISSION_SELF && $this->userContext->getUserId() && $this->userContext->getUserType() === UserContextInterface::USER_TYPE_CUSTOMER) {
return true;
} else {
return $proceed($resource, $privilege);
}
}
/**
* {@inheritdoc}
*/
public function getAclRoleId()
{
$userId = $this->userContext->getUserId();
$userType = $this->userContext->getUserType();
$roleCollection = $this->roleCollectionFactory->create();
/** @var Role $role */
$role = $roleCollection->setUserFilter($userId, $userType)->getFirstItem();
if (!$role->getId()) {
return null;
}
return $role->getId();
}
/**
* {@inheritdoc}
*/
public function getByIdentifierNamespace($identifier, $namespace)
{
$this->searchCriteriaBuilder->addFilters([$this->filterBuilder->setField('user_id')->setConditionType('eq')->setValue($this->userContext->getUserId())->create(), $this->filterBuilder->setField('identifier')->setConditionType('eq')->setValue($identifier)->create(), $this->filterBuilder->setField('namespace')->setConditionType('eq')->setValue($namespace)->create()]);
$searchCriteria = $this->searchCriteriaBuilder->create();
$searchResults = $this->bookmarkRepository->getList($searchCriteria);
if ($searchResults->getTotalCount() > 0) {
foreach ($searchResults->getItems() as $searchResult) {
$bookmark = $this->bookmarkRepository->getById($searchResult->getId());
return $bookmark;
}
}
return null;
}
/**
* Override parameter values based on webapi.xml
*
* @param array $inputData Incoming data from request
* @param array $parameters Contains parameters to replace or default
* @return array Data in same format as $inputData with appropriate parameters added or changed
*/
public function override(array $inputData, array $parameters)
{
foreach ($parameters as $name => $paramData) {
$arrayKeys = explode('.', $name);
if ($paramData[Converter::KEY_FORCE] || !$this->isNestedArrayValueSet($inputData, $arrayKeys)) {
if ($paramData[Converter::KEY_VALUE] == '%customer_id%' && $this->userContext->getUserType() === UserContextInterface::USER_TYPE_CUSTOMER) {
$value = $this->userContext->getUserId();
} else {
$value = $paramData[Converter::KEY_VALUE];
}
$this->setNestedArrayValue($inputData, $arrayKeys, $value);
}
}
return $inputData;
}
protected function setUp()
{
$this->_objectManager = new \Magento\TestFramework\Helper\ObjectManager($this);
$userId = 'userId';
$userType = 'userType';
$this->userContext = $this->getMockBuilder('Magento\\Authorization\\Model\\CompositeUserContext')->disableOriginalConstructor()->setMethods(['getUserId', 'getUserType'])->getMock();
$this->userContext->expects($this->once())->method('getUserId')->will($this->returnValue($userId));
$this->userContext->expects($this->once())->method('getUserType')->will($this->returnValue($userType));
$this->roleCollectionFactory = $this->getMockBuilder('Magento\\Authorization\\Model\\Resource\\Role\\CollectionFactory')->disableOriginalConstructor()->setMethods(['create'])->getMock();
$this->roleCollection = $this->getMockBuilder('Magento\\Authorization\\Model\\Resource\\Role\\Collection')->disableOriginalConstructor()->setMethods(['setUserFilter', 'getFirstItem'])->getMock();
$this->roleCollectionFactory->expects($this->once())->method('create')->will($this->returnValue($this->roleCollection));
$this->roleCollection->expects($this->once())->method('setUserFilter')->with($userId, $userType)->will($this->returnValue($this->roleCollection));
$this->role = $this->getMockBuilder('Magento\\Authorization\\Model\\Role')->disableOriginalConstructor()->setMethods(['getId', '__wakeup'])->getMock();
$this->roleCollection->expects($this->once())->method('getFirstItem')->will($this->returnValue($this->role));
$this->locator = $this->_objectManager->getObject('Magento\\Webapi\\Model\\WebapiRoleLocator', ['userContext' => $this->userContext, 'roleCollectionFactory' => $this->roleCollectionFactory]);
}
/**
* {@inheritDoc}
*/
public function getOverriddenValue()
{
try {
if ($this->userContext->getUserType() === UserContextInterface::USER_TYPE_CUSTOMER) {
$customerId = $this->userContext->getUserId();
/** @var \Magento\Quote\Api\Data\CartInterface */
$cart = $this->cartManagement->getCartForCustomer($customerId);
if ($cart) {
return $cart->getId();
}
}
} catch (NoSuchEntityException $e) {
/* do nothing and just return null */
}
return null;
}
/**
* Check if access to the specified resources is prohibited to the user.
*
* @param int $integrationId
* @param string[] $resources
*/
protected function _ensurePermissionsAreNotGranted($integrationId, $resources)
{
$this->userContextMock->expects($this->any())->method('getUserId')->will($this->returnValue($integrationId));
foreach ($resources as $resource) {
$this->assertFalse($this->libAuthorization->isAllowed($resource), "Access to resource '{$resource}' is expected to be prohibited.");
}
}
/**
* Update bookmarks based on request params
*
* @param BookmarkInterface $bookmark
* @param string $identifier
* @param string $title
* @param string $config
* @return void
*/
protected function updateBookmark(BookmarkInterface $bookmark, $identifier, $title, $config)
{
$updateBookmark = $this->checkBookmark($identifier);
if ($updateBookmark !== false) {
$bookmark = $updateBookmark;
}
$bookmark->setUserId($this->userContext->getUserId())->setNamespace($this->_request->getParam('namespace'))->setIdentifier($identifier)->setTitle($title)->setConfig($config);
$this->bookmarkRepository->save($bookmark);
}
/**
* @param array $requestData Data from the request
* @param array $parameters Data from config about which parameters to override
* @param array $expectedOverriddenParams Result of overriding $requestData when applying rules from $parameters
* @param int $userId The id of the user invoking the request
* @param int $userType The type of user invoking the request
*
* @dataProvider overrideParmasDataProvider
*/
public function testOverrideParams($requestData, $parameters, $expectedOverriddenParams, $userId, $userType)
{
$this->_routeMock->expects($this->once())->method('getParameters')->will($this->returnValue($parameters));
$this->_routeMock->expects($this->any())->method('getAclResources')->will($this->returnValue(['1']));
$this->_authorizationMock->expects($this->once())->method('isAllowed')->will($this->returnValue(true));
$this->_requestMock->expects($this->any())->method('getRequestData')->will($this->returnValue($requestData));
$this->userContextMock->expects($this->any())->method('getUserId')->will($this->returnValue($userId));
$this->userContextMock->expects($this->any())->method('getUserType')->will($this->returnValue($userType));
// serializer should expect overridden params
$this->serializerMock->expects($this->once())->method('getInputData')->with($this->equalTo('Magento\\Webapi\\Controller\\TestService'), $this->equalTo('testMethod'), $this->equalTo($expectedOverriddenParams));
$this->_restController->dispatch($this->_requestMock);
}
/**
* Update bookmarks based on request params
*
* @param BookmarkInterface $bookmark
* @param string $identifier
* @param string $title
* @param array $config
* @return void
*/
protected function updateBookmark(BookmarkInterface $bookmark, $identifier, $title, array $config = [])
{
$this->filterVars($config);
$bookmark->setUserId($this->userContext->getUserId())->setNamespace($this->_request->getParam('namespace'))->setIdentifier($identifier)->setTitle($title)->setConfig($config)->setCurrent($identifier !== self::CURRENT_IDENTIFIER);
$this->bookmarkRepository->save($bookmark);
$bookmarks = $this->bookmarkManagement->loadByNamespace($this->_request->getParam('namespace'));
foreach ($bookmarks->getItems() as $bookmark) {
if ($bookmark->getIdentifier() == $identifier) {
continue;
}
$bookmark->setCurrent(false);
$this->bookmarkRepository->save($bookmark);
}
}
/**
* Override parameter values based on webapi.xml
*
* @param array $inputData Incoming data from request
* @param array $parameters Contains parameters to replace or default
* @return array Data in same format as $inputData with appropriate parameters added or changed
*/
protected function overrideParams(array $inputData, array $parameters)
{
foreach ($parameters as $name => $paramData) {
if ($paramData[Converter::KEY_FORCE] || !isset($inputData[$name])) {
if ($paramData[Converter::KEY_VALUE] == '%customer_id%' && $this->userContext->getUserType() === UserContextInterface::USER_TYPE_CUSTOMER) {
$value = $this->userContext->getUserId();
} else {
$value = $paramData[Converter::KEY_VALUE];
}
$inputData[$name] = $value;
}
}
return $inputData;
}
/**
* Creates a cart for the currently logged-in customer.
*
* @param int $storeId
* @return \Magento\Quote\Model\Quote Cart object.
* @throws CouldNotSaveException The cart could not be created.
*/
protected function createCustomerCart($storeId)
{
$customer = $this->customerRepository->getById($this->userContext->getUserId());
try {
$this->quoteRepository->getActiveForCustomer($this->userContext->getUserId());
throw new CouldNotSaveException(__('Cannot create quote'));
} catch (\Magento\Framework\Exception\NoSuchEntityException $e) {
}
/** @var \Magento\Quote\Model\Quote $quote */
$quote = $this->quoteRepository->create();
$quote->setStoreId($storeId);
$quote->setCustomer($customer);
$quote->setCustomerIsGuest(0);
return $quote;
}
/**
* Create cart for current logged in customer
*
* @return \Magento\Sales\Model\Quote
* @throws CouldNotSaveException
*/
protected function createCustomerCart()
{
$storeId = $this->storeManager->getStore()->getId();
$customer = $this->customerRegistry->retrieve($this->userContext->getUserId());
$currentCustomerQuote = $this->quoteFactory->create()->loadByCustomer($customer);
if ($currentCustomerQuote->getId() && $currentCustomerQuote->getIsActive()) {
throw new CouldNotSaveException('Cannot create quote');
}
/** @var \Magento\Sales\Model\Quote $quote */
$quote = $this->quoteFactory->create();
$quote->setStoreId($storeId);
$quote->setCustomer($customer);
$quote->setCustomerIsGuest(0);
return $quote;
}
/**
* @param \Magento\Quote\Model\GuestCart\GuestCartManagement $subject
* @param string $cartId
* @param int $customerId
* @param int $storeId
* @throws StateException
* @return void
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
*/
public function beforeAssignCustomer(\Magento\Quote\Model\GuestCart\GuestCartManagement $subject, $cartId, $customerId, $storeId)
{
if ($customerId !== (int) $this->userContext->getUserId()) {
throw new StateException(__('Cannot assign customer to the given cart. You don\'t have permission for this operation.'));
}
}
/**
* Check whether access is allowed for create cart resource
*
* @param \Magento\Checkout\Service\V1\Cart\WriteServiceInterface $subject
* @param int $cartId
* @param int $customerId
*
* @return void
* @throws AuthorizationException if access denied
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
*/
public function beforeAssignCustomer(\Magento\Checkout\Service\V1\Cart\WriteServiceInterface $subject, $cartId, $customerId)
{
if (!in_array($this->userContext->getUserType(), $this->allowedUserTypes)) {
throw new AuthorizationException('Access denied');
}
}
public function testGetOverriddenValueIsNotCustomer()
{
$this->userContext->expects($this->once())->method('getUserType')->will($this->returnValue(UserContextInterface::USER_TYPE_ADMIN));
$this->assertNull($this->model->getOverriddenValue());
}
/**
* Check whether access is allowed for create cart resource
*
* @param \Magento\Quote\Api\CartManagementInterface $subject
* @param int $cartId
* @param int $customerId
* @param int $storeId
*
* @return void
* @throws AuthorizationException if access denied
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
*/
public function beforeAssignCustomer(\Magento\Quote\Api\CartManagementInterface $subject, $cartId, $customerId, $storeId)
{
if (!in_array($this->userContext->getUserType(), $this->allowedUserTypes)) {
throw new AuthorizationException(__('Access denied'));
}
}
/**
* Check whether access is allowed for cart list resource
*
* @param \Magento\Quote\Api\CartRepositoryInterface $subject
* @param SearchCriteria $searchCriteria
*
* @return void
* @throws AuthorizationException if access denied
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
*/
public function beforeGetList(\Magento\Quote\Api\CartRepositoryInterface $subject, SearchCriteria $searchCriteria)
{
if (!in_array($this->userContext->getUserType(), $this->allowedUserTypes)) {
throw new AuthorizationException(__('Access denied'));
}
}
/**
* Check whether access is allowed for cart list resource
*
* @param \Magento\Checkout\Service\V1\Cart\ReadServiceInterface $subject
* @param SearchCriteria $searchCriteria
*
* @return void
* @throws AuthorizationException if access denied
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
*/
public function beforeGetCartList(\Magento\Checkout\Service\V1\Cart\ReadServiceInterface $subject, SearchCriteria $searchCriteria)
{
if (!in_array($this->userContext->getUserType(), $this->allowedUserTypes)) {
throw new AuthorizationException('Access denied');
}
}
/**
* Generate cache ID using current context: user permissions and store
*
* @param string $prefix Prefix is used by hashing function
* @return string
*/
public function generateCacheIdUsingContext($prefix)
{
return hash('md5', $prefix . $this->storeManager->getStore()->getCode() . $this->userContext->getUserType() . $this->userContext->getUserId());
}
/**
* Checks if order is allowed for current customer
*
* @param \Magento\Sales\Model\Order $order
* @return bool
*/
protected function isAllowed(\Magento\Sales\Model\Order $order)
{
return $this->userContext->getUserType() == UserContextInterface::USER_TYPE_CUSTOMER ? $order->getCustomerId() == $this->userContext->getUserId() : true;
}
/**
* Check whether quote is allowed for current user context
*
* @param \Magento\Quote\Model\Quote $quote
* @return bool
*/
protected function isAllowed(\Magento\Quote\Model\Quote $quote)
{
return $this->userContext->getUserType() == UserContextInterface::USER_TYPE_CUSTOMER ? $quote->getCustomerId() === null || $quote->getCustomerId() == $this->userContext->getUserId() : true;
}
