Index: branches/5.2.x/units/orders/orders_event_handler.php =================================================================== diff -u -N -r14957 -r14986 --- branches/5.2.x/units/orders/orders_event_handler.php (.../orders_event_handler.php) (revision 14957) +++ branches/5.2.x/units/orders/orders_event_handler.php (.../orders_event_handler.php) (revision 14986) @@ -1,6 +1,6 @@ Application->isAdminUser) { - if ($event->Name == 'OnCreate') { + if ( !$this->Application->isAdminUser ) { + if ( $event->Name == 'OnCreate' ) { // user can't initiate custom order creation directly return false; } $user_id = $this->Application->RecallVar('user_id'); $items_info = $this->Application->GetVar($event->getPrefixSpecial(true)); - if ($items_info) { + if ( $items_info ) { // when POST is present, then check when is beeing submitted - $order_session_id = $this->Application->RecallVar($event->getPrefixSpecial(true).'_id'); + $order_session_id = $this->Application->RecallVar($event->getPrefixSpecial(true) . '_id'); - $order_dummy =& $this->Application->recallObject($event->Prefix.'.-item', null, Array('skip_autoload' => true)); + $order_dummy =& $this->Application->recallObject($event->Prefix . '.-item', null, Array ('skip_autoload' => true)); /* @var $order_dummy OrdersItem */ foreach ($items_info as $id => $field_values) { - if ($order_session_id != $id) { + if ( $order_session_id != $id ) { // user is trying update not his order, even order from other guest return false; } $order_dummy->Load($id); // session_id matches order_id from submit - if ($order_dummy->GetDBField('PortalUserId') != $user_id) { + if ( $order_dummy->GetDBField('PortalUserId') != $user_id ) { // user performs event on other user order return false; } $status_field = array_shift($this->Application->getUnitOption($event->Prefix, 'StatusField')); - if (isset($field_values[$status_field]) && $order_dummy->GetDBField($status_field) != $field_values[$status_field]) { + if ( isset($field_values[$status_field]) && $order_dummy->GetDBField($status_field) != $field_values[$status_field] ) { // user can't change status by himself return false; } - if ($order_dummy->GetDBField($status_field) != ORDER_STATUS_INCOMPLETE) { + if ( $order_dummy->GetDBField($status_field) != ORDER_STATUS_INCOMPLETE ) { // user can't edit orders being processed return false; } - if ($event->Name == 'OnUpdate') { + if ( $event->Name == 'OnUpdate' ) { // all checks were ok -> it's user's order -> allow to modify return true; } } } } - if ($event->Name == 'OnQuietPreSave') { + if ( $event->Name == 'OnQuietPreSave' ) { $section = $event->getSection(); - if ($this->isNewItemCreate($event)) { - return $this->Application->CheckPermission($section.'.add', 1); + if ( $this->isNewItemCreate($event) ) { + return $this->Application->CheckPermission($section . '.add', 1); } else { - return $this->Application->CheckPermission($section.'.add', 1) || $this->Application->CheckPermission($section.'.edit', 1); + return $this->Application->CheckPermission($section . '.add', 1) || $this->Application->CheckPermission($section . '.edit', 1); } } @@ -90,74 +90,87 @@ /** * Allows to override standard permission mapping * + * @return void + * @access protected + * @see kEventHandler::$permMapping */ - function mapPermissions() + protected function mapPermissions() { parent::mapPermissions(); - $permissions = Array( - // admin - 'OnRecalculateItems' => Array('self' => 'add|edit'), - 'OnResetToUser' => Array('self' => 'add|edit'), - 'OnResetToBilling' => Array('self' => 'add|edit'), - 'OnResetToShipping' => Array('self' => 'add|edit'), - 'OnMassOrderApprove' => Array('self' => 'advanced:approve'), - 'OnMassOrderDeny' => Array('self' => 'advanced:deny'), - 'OnMassOrderArchive' => Array('self' => 'advanced:archive'), - 'OnMassPlaceOrder' => Array('self' => 'advanced:place'), - 'OnMassOrderProcess' => Array('self' => 'advanced:process'), - 'OnMassOrderShip' => Array('self' => 'advanced:ship'), - 'OnResetToPending' => Array('self' => 'advanced:reset_to_pending'), - 'OnLoadSelected' => Array('self' => 'view'), // print in this case - 'OnGoToOrder' => Array('self' => 'view'), - // front-end - 'OnViewCart' => Array('self' => true), - 'OnAddToCart' => Array('self' => true), - 'OnRemoveFromCart' => Array('self' => true), - 'OnUpdateCart' => Array('self' => true), - 'OnUpdateCartJSON' => Array('self' => true), - 'OnUpdateItemOptions' => Array('self' => true), - 'OnCleanupCart' => Array('self' => true), - 'OnContinueShopping' => Array('self' => true), - 'OnCheckout' => Array('self' => true), - 'OnSelectAddress' => Array('self' => true), - 'OnProceedToBilling' => Array('self' => true), - 'OnProceedToPreview' => Array('self' => true), - 'OnCompleteOrder' => Array('self' => true), - 'OnUpdateAjax' => Array('self' => true), + $permissions = Array ( + // admin + 'OnRecalculateItems' => Array('self' => 'add|edit'), + 'OnResetToUser' => Array('self' => 'add|edit'), + 'OnResetToBilling' => Array('self' => 'add|edit'), + 'OnResetToShipping' => Array('self' => 'add|edit'), + 'OnMassOrderApprove' => Array('self' => 'advanced:approve'), + 'OnMassOrderDeny' => Array('self' => 'advanced:deny'), + 'OnMassOrderArchive' => Array('self' => 'advanced:archive'), + 'OnMassPlaceOrder' => Array('self' => 'advanced:place'), + 'OnMassOrderProcess' => Array('self' => 'advanced:process'), + 'OnMassOrderShip' => Array('self' => 'advanced:ship'), + 'OnResetToPending' => Array('self' => 'advanced:reset_to_pending'), + 'OnLoadSelected' => Array('self' => 'view'), // print in this case + 'OnGoToOrder' => Array('self' => 'view'), - 'OnRemoveCoupon' => Array('self' => true), - 'OnRemoveGiftCertificate' => Array('self' => true), + // front-end + 'OnViewCart' => Array('self' => true), + 'OnAddToCart' => Array('self' => true), + 'OnRemoveFromCart' => Array('self' => true), + 'OnUpdateCart' => Array('self' => true), + 'OnUpdateCartJSON' => Array('self' => true), + 'OnUpdateItemOptions' => Array('self' => true), + 'OnCleanupCart' => Array('self' => true), + 'OnContinueShopping' => Array('self' => true), + 'OnCheckout' => Array('self' => true), + 'OnSelectAddress' => Array('self' => true), + 'OnProceedToBilling' => Array('self' => true), + 'OnProceedToPreview' => Array('self' => true), + 'OnCompleteOrder' => Array('self' => true), + 'OnUpdateAjax' => Array('self' => true), - 'OnCancelRecurring' => Array('self' => true), - 'OnAddVirtualProductToCart' => Array('self' => true), - 'OnItemBuild' => Array('self' => true), - 'OnDownloadLabel' => Array('self' => true, 'subitem' => true), + 'OnRemoveCoupon' => Array('self' => true), + 'OnRemoveGiftCertificate' => Array('self' => true), - ); + 'OnCancelRecurring' => Array('self' => true), + 'OnAddVirtualProductToCart' => Array('self' => true), + 'OnItemBuild' => Array('self' => true), + 'OnDownloadLabel' => Array('self' => true, 'subitem' => true), + ); + $this->permMapping = array_merge($this->permMapping, $permissions); } - function mapEvents() + /** + * Define alternative event processing method names + * + * @return void + * @see kEventHandler::$eventMethods + * @access protected + */ + protected function mapEvents() { parent::mapEvents(); - $common_events = Array( - 'OnResetToUser' => 'OnResetAddress', - 'OnResetToBilling' => 'OnResetAddress', - 'OnResetToShipping' => 'OnResetAddress', - 'OnMassOrderProcess' => 'MassInventoryAction', - 'OnMassOrderApprove' => 'MassInventoryAction', - 'OnMassOrderDeny' => 'MassInventoryAction', - 'OnMassOrderArchive' => 'MassInventoryAction', - 'OnMassOrderShip' => 'MassInventoryAction', + $common_events = Array ( + 'OnResetToUser' => 'OnResetAddress', + 'OnResetToBilling' => 'OnResetAddress', + 'OnResetToShipping' => 'OnResetAddress', - 'OnOrderProcess' => 'InventoryAction', - 'OnOrderApprove' => 'InventoryAction', - 'OnOrderDeny' => 'InventoryAction', - 'OnOrderArchive' => 'InventoryAction', - 'OnOrderShip' => 'InventoryAction', - ); + 'OnMassOrderProcess' => 'MassInventoryAction', + 'OnMassOrderApprove' => 'MassInventoryAction', + 'OnMassOrderDeny' => 'MassInventoryAction', + 'OnMassOrderArchive' => 'MassInventoryAction', + 'OnMassOrderShip' => 'MassInventoryAction', + + 'OnOrderProcess' => 'InventoryAction', + 'OnOrderApprove' => 'InventoryAction', + 'OnOrderDeny' => 'InventoryAction', + 'OnOrderArchive' => 'InventoryAction', + 'OnOrderShip' => 'InventoryAction', + ); + $this->eventMethods = array_merge($this->eventMethods, $common_events); } @@ -979,6 +992,18 @@ } /** + * Returns table prefix from event (temp or live) + * + * @param kEvent $event + * @return string + * @todo Needed? Should be refactored (by Alex) + */ + function TablePrefix(kEvent &$event) + { + return $this->UseTempTables($event) ? $this->Application->GetTempTablePrefix('prefix:' . $event->Prefix) . TABLE_PREFIX : TABLE_PREFIX; + } + + /** * Check if required options are selected & selected option combination is in stock * * @param kEvent $event @@ -1286,7 +1311,7 @@ function OnRemoveFromCart(&$event) { $ord_item_id = $this->Application->GetVar('orditems_id'); - $ord_id = $this->getPassedId($event); + $ord_id = $this->getPassedID($event); $this->Conn->Query('DELETE FROM '.TABLE_PREFIX.'OrderItems WHERE OrderId = '.$ord_id.' AND OrderItemId = '.$ord_item_id); $this->OnRecalculateItems($event); } @@ -1310,48 +1335,47 @@ * * @param kEvent $event * @return int + * @access public */ - function getPassedId(&$event) + public function getPassedID(kEvent &$event) { $event->setEventParam('raise_warnings', 0); $passed = parent::getPassedID($event); - if ($this->Application->isAdminUser) { + if ( $this->Application->isAdminUser ) { // work as usual in admin return $passed; } - if ($event->Special == 'last') { + if ( $event->Special == 'last' ) { // return last order id (for using on thank you page) $order_id = $this->Application->RecallVar('front_order_id'); return $order_id > 0 ? $order_id : FAKE_ORDER_ID; // FAKE_ORDER_ID helps to keep parent filter for order items set in "kDBList::linkToParent" } - $ses_id = $this->Application->RecallVar( $event->getPrefixSpecial(true) . '_id' ); - if ($passed && ($passed != $ses_id)) { + $ses_id = $this->Application->RecallVar($event->getPrefixSpecial(true) . '_id'); + + if ( $passed && ($passed != $ses_id) ) { // order id given in url doesn't match our current order id $sql = 'SELECT PortalUserId FROM ' . TABLE_PREFIX . 'Orders WHERE OrderId = ' . $passed; $user_id = $this->Conn->GetOne($sql); - if ($user_id == $this->Application->RecallVar('user_id')) { + if ( $user_id == $this->Application->RecallVar('user_id') ) { // current user is owner of order with given id -> allow him to view order details return $passed; } else { // current user is not owner of given order -> hacking attempt - $this->Application->SetVar($event->getPrefixSpecial().'_id', 0); + $this->Application->SetVar($event->getPrefixSpecial() . '_id', 0); return 0; } } - else { - // not passed or equals to ses_id - return $ses_id > 0 ? $ses_id : FAKE_ORDER_ID; // FAKE_ORDER_ID helps to keep parent filter for order items set in "kDBList::linkToParent" - } - return $passed; + // not passed or equals to ses_id + return $ses_id > 0 ? $ses_id : FAKE_ORDER_ID; // FAKE_ORDER_ID helps to keep parent filter for order items set in "kDBList::linkToParent" } /** @@ -1361,7 +1385,7 @@ * @return void * @access protected */ - protected function LoadItem(&$event) + protected function LoadItem(kEvent &$event) { $id = $this->getPassedID($event); @@ -1373,7 +1397,7 @@ /* @var $object kDBItem */ $object->Clear($id); - return ; + return; } parent::LoadItem($event); @@ -2494,41 +2518,42 @@ * @access protected * @see kDBEventHandler::OnListBuild() */ - protected function SetCustomQuery(&$event) + protected function SetCustomQuery(kEvent &$event) { + parent::SetCustomQuery($event); + $object =& $event->getObject(); /* @var $object kDBList */ $types = $event->getEventParam('types'); - if($types == 'myorders' || $types == 'myrecentorders') - { + if ( $types == 'myorders' || $types == 'myrecentorders' ) { $user_id = $this->Application->RecallVar('user_id'); - $object->addFilter('myitems_user1','%1$s.PortalUserId = '.$user_id); - $object->addFilter('myitems_user2','%1$s.PortalUserId > 0'); - $object->addFilter('Status','%1$s.Status != 0'); + $object->addFilter('myitems_user1', '%1$s.PortalUserId = ' . $user_id); + $object->addFilter('myitems_user2', '%1$s.PortalUserId > 0'); + $object->addFilter('Status', '%1$s.Status != 0'); } else if ($event->Special == 'returns') { // $object->addFilter('returns_filter',TABLE_PREFIX.'Orders.Status = '.ORDER_STATUS_PROCESSED.' AND ( // SELECT SUM(ReturnType) // FROM '.TABLE_PREFIX.'OrderItems oi // WHERE oi.OrderId = '.TABLE_PREFIX.'Orders.OrderId // ) > 0'); - $object->addFilter('returns_filter',TABLE_PREFIX.'Orders.Status = '.ORDER_STATUS_PROCESSED.' AND '.TABLE_PREFIX.'Orders.ReturnTotal > 0'); + $object->addFilter('returns_filter', TABLE_PREFIX . 'Orders.Status = ' . ORDER_STATUS_PROCESSED . ' AND ' . TABLE_PREFIX . 'Orders.ReturnTotal > 0'); } - else if ($event->Special == 'user') { + else if ( $event->Special == 'user' ) { $user_id = $this->Application->GetVar('u_id'); - $object->addFilter('user_filter','%1$s.PortalUserId = '.$user_id); + $object->addFilter('user_filter', '%1$s.PortalUserId = ' . $user_id); } else { $special = $event->Special ? $event->Special : $this->Application->GetVar('order_type'); - if ($special != 'search') { + if ( $special != 'search' ) { // don't filter out orders by special in case of search tab - $object->addFilter( 'status_filter', '%1$s.Status='.$this->getTypeBySpecial($special) ); + $object->addFilter('status_filter', '%1$s.Status=' . $this->getTypeBySpecial($special)); } if ( $event->getEventParam('selected_only') ) { $ids = $this->StoreSelectedIDs($event); - $object->addFilter( 'selected_filter', '%1$s.OrderId IN ('.implode(',', $ids).')'); + $object->addFilter('selected_filter', '%1$s.OrderId IN (' . implode(',', $ids) . ')'); } } } @@ -3766,10 +3791,11 @@ * * @param kEvent $event * @return bool + * @access protected */ - function checkItemStatus(&$event) + protected function checkItemStatus(kEvent &$event) { - if ($this->Application->isAdminUser) { + if ( $this->Application->isAdminUser ) { return true; }