From 63762d61f5ec8be8f64d4f594a35c4aa2f82a0f0 Mon Sep 17 00:00:00 2001 From: Patrick McLain Date: Fri, 7 Jun 2019 22:22:54 -0400 Subject: [PATCH 1/3] Respect allow send as guest configuration in resolver Resolver throws `GraphQlAuthorizationException` when sending as guest if allow send as guest is disabled. Fixes #732 --- .../Model/Resolver/SendEmailToFriend.php | 33 ++++- .../GraphQl/SendFriend/SendFriendTest.php | 124 +++++++++++++++--- .../_files/disable_send_friend_guest.php | 21 +++ .../_files/enable_send_friend_guest.php | 21 +++ 4 files changed, 177 insertions(+), 22 deletions(-) create mode 100644 dev/tests/integration/testsuite/Magento/GraphQl/SendFriend/_files/disable_send_friend_guest.php create mode 100644 dev/tests/integration/testsuite/Magento/GraphQl/SendFriend/_files/enable_send_friend_guest.php diff --git a/app/code/Magento/SendFriendGraphQl/Model/Resolver/SendEmailToFriend.php b/app/code/Magento/SendFriendGraphQl/Model/Resolver/SendEmailToFriend.php index c0c01c71df764..1ee4844e5a019 100644 --- a/app/code/Magento/SendFriendGraphQl/Model/Resolver/SendEmailToFriend.php +++ b/app/code/Magento/SendFriendGraphQl/Model/Resolver/SendEmailToFriend.php @@ -7,18 +7,22 @@ namespace Magento\SendFriendGraphQl\Model\Resolver; +use Magento\Authorization\Model\UserContextInterface; use Magento\Catalog\Api\Data\ProductInterface; use Magento\Catalog\Api\ProductRepositoryInterface; +use Magento\Framework\App\ObjectManager; use Magento\Framework\DataObjectFactory; use Magento\Framework\Event\ManagerInterface; use Magento\Framework\Exception\NoSuchEntityException; use Magento\Framework\GraphQl\Config\Element\Field; +use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException; use Magento\Framework\GraphQl\Exception\GraphQlInputException; use Magento\Framework\GraphQl\Exception\GraphQlNoSuchEntityException; use Magento\Framework\GraphQl\Query\ResolverInterface; use Magento\Framework\GraphQl\Schema\Type\ResolveInfo; use Magento\SendFriend\Model\SendFriend; use Magento\SendFriend\Model\SendFriendFactory; +use Magento\SendFriend\Helper\Data as SendFriendHelper; /** * @inheritdoc @@ -45,22 +49,30 @@ class SendEmailToFriend implements ResolverInterface */ private $eventManager; + /** + * @var SendFriendHelper + */ + private $sendFriendHelper; + /** * @param SendFriendFactory $sendFriendFactory * @param ProductRepositoryInterface $productRepository * @param DataObjectFactory $dataObjectFactory * @param ManagerInterface $eventManager + * @param SendFriendHelper|null $sendFriendHelper */ public function __construct( SendFriendFactory $sendFriendFactory, ProductRepositoryInterface $productRepository, DataObjectFactory $dataObjectFactory, - ManagerInterface $eventManager + ManagerInterface $eventManager, + SendFriendHelper $sendFriendHelper = null ) { $this->sendFriendFactory = $sendFriendFactory; $this->productRepository = $productRepository; $this->dataObjectFactory = $dataObjectFactory; $this->eventManager = $eventManager; + $this->sendFriendHelper = $sendFriendHelper ?? ObjectManager::getInstance()->get(SendFriendHelper::class); } /** @@ -68,6 +80,10 @@ public function __construct( */ public function resolve(Field $field, $context, ResolveInfo $info, array $value = null, array $args = null) { + if (!$this->sendFriendHelper->isAllowForGuest() && $this->isUserGuest($context->getUserId(), $context->getUserType())) { + throw new GraphQlAuthorizationException(__('The current customer isn\'t authorized.')); + } + /** @var SendFriend $sendFriend */ $sendFriend = $this->sendFriendFactory->create(); @@ -195,4 +211,19 @@ private function extractSenderData(array $args): array ], ]; } + + /** + * Checking if current customer is guest + * + * @param int|null $customerId + * @param int|null $customerType + * @return bool + */ + private function isUserGuest(?int $customerId, ?int $customerType): bool + { + if (null === $customerId || null === $customerType) { + return true; + } + return 0 === (int)$customerId || (int)$customerType === UserContextInterface::USER_TYPE_GUEST; + } } diff --git a/dev/tests/api-functional/testsuite/Magento/GraphQl/SendFriend/SendFriendTest.php b/dev/tests/api-functional/testsuite/Magento/GraphQl/SendFriend/SendFriendTest.php index e7401100b7860..e885c2b8fb568 100644 --- a/dev/tests/api-functional/testsuite/Magento/GraphQl/SendFriend/SendFriendTest.php +++ b/dev/tests/api-functional/testsuite/Magento/GraphQl/SendFriend/SendFriendTest.php @@ -8,6 +8,8 @@ namespace Magento\GraphQl\SendFriend; use Magento\Catalog\Api\ProductRepositoryInterface; +use Magento\Framework\Exception\AuthenticationException; +use Magento\Integration\Api\CustomerTokenServiceInterface; use Magento\SendFriend\Model\SendFriend; use Magento\SendFriend\Model\SendFriendFactory; use Magento\TestFramework\Helper\Bootstrap; @@ -23,21 +25,29 @@ class SendFriendTest extends GraphQlAbstract * @var SendFriendFactory */ private $sendFriendFactory; + /** * @var ProductRepositoryInterface */ private $productRepository; + /** + * @var CustomerTokenServiceInterface + */ + private $customerTokenService; + protected function setUp() { $this->sendFriendFactory = Bootstrap::getObjectManager()->get(SendFriendFactory::class); $this->productRepository = Bootstrap::getObjectManager()->get(ProductRepositoryInterface::class); + $this->customerTokenService = Bootstrap::getObjectManager()->get(CustomerTokenServiceInterface::class); } /** * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product.php + * @magentoApiDataFixture Magento/GraphQl/SendFriend/_files/enable_send_friend_guest.php */ - public function testSendFriend() + public function testSendFriendGuestEnable() { $productId = (int)$this->productRepository->get('simple_product')->getId(); $recipients = '{ @@ -51,15 +61,57 @@ public function testSendFriend() $query = $this->getQuery($productId, $recipients); $response = $this->graphQlMutation($query); - self::assertEquals('Name', $response['sendEmailToFriend']['sender']['name']); - self::assertEquals('e@mail.com', $response['sendEmailToFriend']['sender']['email']); - self::assertEquals('Lorem Ipsum', $response['sendEmailToFriend']['sender']['message']); - self::assertEquals('Recipient Name 1', $response['sendEmailToFriend']['recipients'][0]['name']); - self::assertEquals('recipient1@mail.com', $response['sendEmailToFriend']['recipients'][0]['email']); - self::assertEquals('Recipient Name 2', $response['sendEmailToFriend']['recipients'][1]['name']); - self::assertEquals('recipient2@mail.com', $response['sendEmailToFriend']['recipients'][1]['email']); + $this->assertResponse($response); + } + + /** + * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product.php + * @magentoApiDataFixture Magento/GraphQl/SendFriend/_files/disable_send_friend_guest.php + * @expectedException \Exception + * @expectedExceptionMessage The current customer isn't authorized. + */ + public function testSendFriendGuestDisableAsGuest() + { + $productId = (int)$this->productRepository->get('simple_product')->getId(); + $recipients = '{ + name: "Recipient Name 1" + email:"recipient1@mail.com" + }, + { + name: "Recipient Name 2" + email:"recipient2@mail.com" + }'; + $query = $this->getQuery($productId, $recipients); + + $response = $this->graphQlMutation($query); + $this->assertResponse($response); + } + + /** + * @magentoApiDataFixture Magento/Customer/_files/customer.php + * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product.php + * @magentoApiDataFixture Magento/GraphQl/SendFriend/_files/disable_send_friend_guest.php + */ + public function testSendFriendGuestDisableAsCustomer() + { + $productId = (int)$this->productRepository->get('simple_product')->getId(); + $recipients = '{ + name: "Recipient Name 1" + email:"recipient1@mail.com" + }, + { + name: "Recipient Name 2" + email:"recipient2@mail.com" + }'; + $query = $this->getQuery($productId, $recipients); + + $response = $this->graphQlMutation($query, [], '', $this->getHeaderMap()); + $this->assertResponse($response); } + /** + * @magentoApiDataFixture Magento/Customer/_files/customer.php + */ public function testSendWithoutExistProduct() { $productId = 2018; @@ -77,10 +129,11 @@ public function testSendWithoutExistProduct() $this->expectExceptionMessage( 'The product that was requested doesn\'t exist. Verify the product and try again.' ); - $this->graphQlMutation($query); + $this->graphQlMutation($query, [], '', $this->getHeaderMap()); } /** + * @magentoApiDataFixture Magento/Customer/_files/customer.php * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product.php */ public function testMaxSendEmailToFriend() @@ -118,10 +171,11 @@ public function testMaxSendEmailToFriend() $this->expectException(\Exception::class); $this->expectExceptionMessage("No more than {$sendFriend->getMaxRecipients()} emails can be sent at a time."); - $this->graphQlMutation($query); + $this->graphQlMutation($query, [], '', $this->getHeaderMap()); } /** + * @magentoApiDataFixture Magento/Customer/_files/customer.php * @magentoApiDataFixture Magento/Catalog/_files/product_simple.php * @dataProvider sendFriendsErrorsDataProvider * @param string $input @@ -151,10 +205,11 @@ public function testErrors(string $input, string $errorMessage) QUERY; $this->expectException(\Exception::class); $this->expectExceptionMessage($errorMessage); - $this->graphQlMutation($query); + $this->graphQlMutation($query, [], '', $this->getHeaderMap()); } /** + * @magentoApiDataFixture Magento/Customer/_files/customer.php * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product.php * TODO: use magentoApiConfigFixture (to be merged https://github.com/magento/graphql-ce/pull/351) * @magentoApiDataFixture Magento/SendFriend/Fixtures/sendfriend_configuration.php @@ -183,11 +238,12 @@ public function testLimitMessagesPerHour() $maxSendToFriends = $sendFriend->getMaxSendsToFriend(); for ($i = 0; $i <= $maxSendToFriends + 1; $i++) { - $this->graphQlMutation($query); + $this->graphQlMutation($query, [], '', $this->getHeaderMap()); } } /** + * @magentoApiDataFixture Magento/Customer/_files/customer.php * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product.php */ public function testSendProductWithoutSenderEmail() @@ -201,10 +257,11 @@ public function testSendProductWithoutSenderEmail() $this->expectException(\Exception::class); $this->expectExceptionMessage('GraphQL response contains errors: Please provide Email for all of recipients.'); - $this->graphQlMutation($query); + $this->graphQlMutation($query, [], '', $this->getHeaderMap()); } /** + * @magentoApiDataFixture Magento/Customer/_files/customer.php * @magentoApiDataFixture Magento/GraphQl/Catalog/_files/simple_product_without_visibility.php */ public function testSendProductWithoutVisibility() @@ -220,14 +277,8 @@ public function testSendProductWithoutVisibility() }'; $query = $this->getQuery($productId, $recipients); - $response = $this->graphQlMutation($query); - self::assertEquals('Name', $response['sendEmailToFriend']['sender']['name']); - self::assertEquals('e@mail.com', $response['sendEmailToFriend']['sender']['email']); - self::assertEquals('Lorem Ipsum', $response['sendEmailToFriend']['sender']['message']); - self::assertEquals('Recipient Name 1', $response['sendEmailToFriend']['recipients'][0]['name']); - self::assertEquals('recipient1@mail.com', $response['sendEmailToFriend']['recipients'][0]['email']); - self::assertEquals('Recipient Name 2', $response['sendEmailToFriend']['recipients'][1]['name']); - self::assertEquals('recipient2@mail.com', $response['sendEmailToFriend']['recipients'][1]['email']); + $response = $this->graphQlMutation($query, [], '', $this->getHeaderMap()); + $this->assertResponse($response); } /** @@ -311,6 +362,37 @@ public function sendFriendsErrorsDataProvider() ]; } + /** + * Generic assertions for send a friend response + * + * @param array $response + */ + private function assertResponse(array $response): void + { + self::assertEquals('Name', $response['sendEmailToFriend']['sender']['name']); + self::assertEquals('e@mail.com', $response['sendEmailToFriend']['sender']['email']); + self::assertEquals('Lorem Ipsum', $response['sendEmailToFriend']['sender']['message']); + self::assertEquals('Recipient Name 1', $response['sendEmailToFriend']['recipients'][0]['name']); + self::assertEquals('recipient1@mail.com', $response['sendEmailToFriend']['recipients'][0]['email']); + self::assertEquals('Recipient Name 2', $response['sendEmailToFriend']['recipients'][1]['name']); + self::assertEquals('recipient2@mail.com', $response['sendEmailToFriend']['recipients'][1]['email']); + } + + /** + * Retrieve customer authorization headers + * + * @param string $username + * @param string $password + * @return array + * @throws AuthenticationException + */ + private function getHeaderMap(string $username = 'customer@example.com', string $password = 'password'): array + { + $customerToken = $this->customerTokenService->createCustomerAccessToken($username, $password); + $headerMap = ['Authorization' => 'Bearer ' . $customerToken]; + return $headerMap; + } + /** * @param int $productId * @param string $recipients diff --git a/dev/tests/integration/testsuite/Magento/GraphQl/SendFriend/_files/disable_send_friend_guest.php b/dev/tests/integration/testsuite/Magento/GraphQl/SendFriend/_files/disable_send_friend_guest.php new file mode 100644 index 0000000000000..80fcc2079a018 --- /dev/null +++ b/dev/tests/integration/testsuite/Magento/GraphQl/SendFriend/_files/disable_send_friend_guest.php @@ -0,0 +1,21 @@ +get(WriterInterface::class); + +$configWriter->save('sendfriend/email/allow_guest', '0'); + +$scopeConfig = $objectManager->get(ScopeConfigInterface::class); +$scopeConfig->clean(); diff --git a/dev/tests/integration/testsuite/Magento/GraphQl/SendFriend/_files/enable_send_friend_guest.php b/dev/tests/integration/testsuite/Magento/GraphQl/SendFriend/_files/enable_send_friend_guest.php new file mode 100644 index 0000000000000..aaf9a447aeaa0 --- /dev/null +++ b/dev/tests/integration/testsuite/Magento/GraphQl/SendFriend/_files/enable_send_friend_guest.php @@ -0,0 +1,21 @@ +get(WriterInterface::class); + +$configWriter->save('sendfriend/email/allow_guest', '1'); + +$scopeConfig = $objectManager->get(ScopeConfigInterface::class); +$scopeConfig->clean(); From bbe60ddb259c8b62ffbef72b1399eb2b5df735e9 Mon Sep 17 00:00:00 2001 From: Patrick McLain Date: Sat, 8 Jun 2019 08:37:20 -0400 Subject: [PATCH 2/3] Fix static test issues * Missing dep on magento/module-authorization * Separate email send logic from resolver --- .../Model/Resolver/SendEmailToFriend.php | 128 +++------------- .../Model/SendFriend/SendEmail.php | 142 ++++++++++++++++++ .../Magento/SendFriendGraphQl/composer.json | 3 +- 3 files changed, 164 insertions(+), 109 deletions(-) create mode 100644 app/code/Magento/SendFriendGraphQl/Model/SendFriend/SendEmail.php diff --git a/app/code/Magento/SendFriendGraphQl/Model/Resolver/SendEmailToFriend.php b/app/code/Magento/SendFriendGraphQl/Model/Resolver/SendEmailToFriend.php index 1ee4844e5a019..5d8df4283184f 100644 --- a/app/code/Magento/SendFriendGraphQl/Model/Resolver/SendEmailToFriend.php +++ b/app/code/Magento/SendFriendGraphQl/Model/Resolver/SendEmailToFriend.php @@ -8,21 +8,13 @@ namespace Magento\SendFriendGraphQl\Model\Resolver; use Magento\Authorization\Model\UserContextInterface; -use Magento\Catalog\Api\Data\ProductInterface; -use Magento\Catalog\Api\ProductRepositoryInterface; -use Magento\Framework\App\ObjectManager; -use Magento\Framework\DataObjectFactory; -use Magento\Framework\Event\ManagerInterface; -use Magento\Framework\Exception\NoSuchEntityException; use Magento\Framework\GraphQl\Config\Element\Field; use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException; use Magento\Framework\GraphQl\Exception\GraphQlInputException; -use Magento\Framework\GraphQl\Exception\GraphQlNoSuchEntityException; use Magento\Framework\GraphQl\Query\ResolverInterface; use Magento\Framework\GraphQl\Schema\Type\ResolveInfo; -use Magento\SendFriend\Model\SendFriend; -use Magento\SendFriend\Model\SendFriendFactory; use Magento\SendFriend\Helper\Data as SendFriendHelper; +use Magento\SendFriendGraphQl\Model\SendFriend\SendEmail; /** * @inheritdoc @@ -30,49 +22,25 @@ class SendEmailToFriend implements ResolverInterface { /** - * @var SendFriendFactory - */ - private $sendFriendFactory; - - /** - * @var ProductRepositoryInterface - */ - private $productRepository; - - /** - * @var DataObjectFactory - */ - private $dataObjectFactory; - - /** - * @var ManagerInterface + * @var SendFriendHelper */ - private $eventManager; + private $sendFriendHelper; /** - * @var SendFriendHelper + * @var SendEmail */ - private $sendFriendHelper; + private $sendEmail; /** - * @param SendFriendFactory $sendFriendFactory - * @param ProductRepositoryInterface $productRepository - * @param DataObjectFactory $dataObjectFactory - * @param ManagerInterface $eventManager - * @param SendFriendHelper|null $sendFriendHelper + * @param SendEmail $sendEmail + * @param SendFriendHelper $sendFriendHelper */ public function __construct( - SendFriendFactory $sendFriendFactory, - ProductRepositoryInterface $productRepository, - DataObjectFactory $dataObjectFactory, - ManagerInterface $eventManager, - SendFriendHelper $sendFriendHelper = null + SendEmail $sendEmail, + SendFriendHelper $sendFriendHelper ) { - $this->sendFriendFactory = $sendFriendFactory; - $this->productRepository = $productRepository; - $this->dataObjectFactory = $dataObjectFactory; - $this->eventManager = $eventManager; - $this->sendFriendHelper = $sendFriendHelper ?? ObjectManager::getInstance()->get(SendFriendHelper::class); + $this->sendEmail = $sendEmail; + $this->sendFriendHelper = $sendFriendHelper; } /** @@ -80,81 +48,25 @@ public function __construct( */ public function resolve(Field $field, $context, ResolveInfo $info, array $value = null, array $args = null) { - if (!$this->sendFriendHelper->isAllowForGuest() && $this->isUserGuest($context->getUserId(), $context->getUserType())) { - throw new GraphQlAuthorizationException(__('The current customer isn\'t authorized.')); - } + $userId = $context->getUserId(); + $userType = $context->getUserType(); - /** @var SendFriend $sendFriend */ - $sendFriend = $this->sendFriendFactory->create(); - - if ($sendFriend->getMaxSendsToFriend() && $sendFriend->isExceedLimit()) { - throw new GraphQlInputException( - __('You can\'t send messages more than %1 times an hour.', $sendFriend->getMaxSendsToFriend()) - ); + if (!$this->sendFriendHelper->isAllowForGuest() && $this->isUserGuest($userId, $userType)) { + throw new GraphQlAuthorizationException(__('The current customer isn\'t authorized.')); } - $product = $this->getProduct($args['input']['product_id']); - $this->eventManager->dispatch('sendfriend_product', ['product' => $product]); - $sendFriend->setProduct($product); - $senderData = $this->extractSenderData($args); - $sendFriend->setSender($senderData); - $recipientsData = $this->extractRecipientsData($args); - $sendFriend->setRecipients($recipientsData); - $this->validateSendFriendModel($sendFriend, $senderData, $recipientsData); - $sendFriend->send(); + $this->sendEmail->execute( + $args['input']['product_id'], + $senderData, + $recipientsData + ); return array_merge($senderData, $recipientsData); } - /** - * Validate send friend model - * - * @param SendFriend $sendFriend - * @param array $senderData - * @param array $recipientsData - * @return void - * @throws GraphQlInputException - */ - private function validateSendFriendModel(SendFriend $sendFriend, array $senderData, array $recipientsData): void - { - $sender = $this->dataObjectFactory->create()->setData($senderData['sender']); - $sendFriend->setData('_sender', $sender); - - $emails = array_column($recipientsData['recipients'], 'email'); - $recipients = $this->dataObjectFactory->create()->setData('emails', $emails); - $sendFriend->setData('_recipients', $recipients); - - $validationResult = $sendFriend->validate(); - if ($validationResult !== true) { - throw new GraphQlInputException(__(implode($validationResult))); - } - } - - /** - * Get product - * - * @param int $productId - * @return ProductInterface - * @throws GraphQlNoSuchEntityException - */ - private function getProduct(int $productId): ProductInterface - { - try { - $product = $this->productRepository->getById($productId); - if (!$product->isVisibleInCatalog()) { - throw new GraphQlNoSuchEntityException( - __("The product that was requested doesn't exist. Verify the product and try again.") - ); - } - } catch (NoSuchEntityException $e) { - throw new GraphQlNoSuchEntityException(__($e->getMessage()), $e); - } - return $product; - } - /** * Extract recipients data * diff --git a/app/code/Magento/SendFriendGraphQl/Model/SendFriend/SendEmail.php b/app/code/Magento/SendFriendGraphQl/Model/SendFriend/SendEmail.php new file mode 100644 index 0000000000000..196086c7546c4 --- /dev/null +++ b/app/code/Magento/SendFriendGraphQl/Model/SendFriend/SendEmail.php @@ -0,0 +1,142 @@ +dataObjectFactory = $dataObjectFactory; + $this->productRepository = $productRepository; + $this->sendFriendFactory = $sendFriendFactory; + $this->eventManager = $eventManager; + } + + /** + * Send product email to friend(s) + * + * @param int $productId + * @param array $senderData + * @param array $recipientsData + * @throws GraphQlInputException + * @throws GraphQlNoSuchEntityException + * @throws \Magento\Framework\Exception\LocalizedException + */ + public function execute(int $productId, array $senderData, array $recipientsData): void + { + /** @var SendFriend $sendFriend */ + $sendFriend = $this->sendFriendFactory->create(); + + if ($sendFriend->getMaxSendsToFriend() && $sendFriend->isExceedLimit()) { + throw new GraphQlInputException( + __('You can\'t send messages more than %1 times an hour.', $sendFriend->getMaxSendsToFriend()) + ); + } + + $product = $this->getProduct($productId); + + $this->eventManager->dispatch('sendfriend_product', ['product' => $product]); + + $sendFriend->setProduct($product); + $sendFriend->setSender($senderData); + $sendFriend->setRecipients($recipientsData); + + $this->validateSendFriendModel($sendFriend, $senderData, $recipientsData); + + $sendFriend->send(); + } + + /** + * Validate send friend model + * + * @param SendFriend $sendFriend + * @param array $senderData + * @param array $recipientsData + * @return void + * @throws GraphQlInputException + */ + private function validateSendFriendModel(SendFriend $sendFriend, array $senderData, array $recipientsData): void + { + $sender = $this->dataObjectFactory->create()->setData($senderData['sender']); + $sendFriend->setData('_sender', $sender); + + $emails = array_column($recipientsData['recipients'], 'email'); + $recipients = $this->dataObjectFactory->create()->setData('emails', $emails); + $sendFriend->setData('_recipients', $recipients); + + $validationResult = $sendFriend->validate(); + if ($validationResult !== true) { + throw new GraphQlInputException(__(implode($validationResult))); + } + } + + /** + * Get product + * + * @param int $productId + * @return ProductInterface + * @throws GraphQlNoSuchEntityException + */ + private function getProduct(int $productId): ProductInterface + { + try { + $product = $this->productRepository->getById($productId); + if (!$product->isVisibleInCatalog()) { + throw new GraphQlNoSuchEntityException( + __("The product that was requested doesn't exist. Verify the product and try again.") + ); + } + } catch (NoSuchEntityException $e) { + throw new GraphQlNoSuchEntityException(__($e->getMessage()), $e); + } + return $product; + } +} diff --git a/app/code/Magento/SendFriendGraphQl/composer.json b/app/code/Magento/SendFriendGraphQl/composer.json index d401f57b2257a..2da404359783a 100644 --- a/app/code/Magento/SendFriendGraphQl/composer.json +++ b/app/code/Magento/SendFriendGraphQl/composer.json @@ -6,7 +6,8 @@ "php": "~7.1.3||~7.2.0", "magento/framework": "*", "magento/module-catalog": "*", - "magento/module-send-friend": "*" + "magento/module-send-friend": "*", + "magento/module-authorization": "*" }, "suggest": { "magento/module-graph-ql": "*" From 2dded7cfb70b1df5245744dd38a5654c06c28515 Mon Sep 17 00:00:00 2001 From: Valerii Naida Date: Fri, 21 Jun 2019 12:57:12 -0500 Subject: [PATCH 3/3] magento/graphql-ce#732: Guest User can SendFriend products ignoring restrictions --- .../Model/Resolver/SendEmailToFriend.php | 26 ++++--------------- .../Magento/SendFriendGraphQl/composer.json | 3 --- 2 files changed, 5 insertions(+), 24 deletions(-) diff --git a/app/code/Magento/SendFriendGraphQl/Model/Resolver/SendEmailToFriend.php b/app/code/Magento/SendFriendGraphQl/Model/Resolver/SendEmailToFriend.php index 5d8df4283184f..0a4fe1e3e5616 100644 --- a/app/code/Magento/SendFriendGraphQl/Model/Resolver/SendEmailToFriend.php +++ b/app/code/Magento/SendFriendGraphQl/Model/Resolver/SendEmailToFriend.php @@ -7,12 +7,12 @@ namespace Magento\SendFriendGraphQl\Model\Resolver; -use Magento\Authorization\Model\UserContextInterface; use Magento\Framework\GraphQl\Config\Element\Field; use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException; use Magento\Framework\GraphQl\Exception\GraphQlInputException; use Magento\Framework\GraphQl\Query\ResolverInterface; use Magento\Framework\GraphQl\Schema\Type\ResolveInfo; +use Magento\GraphQl\Model\Query\ContextInterface; use Magento\SendFriend\Helper\Data as SendFriendHelper; use Magento\SendFriendGraphQl\Model\SendFriend\SendEmail; @@ -48,10 +48,10 @@ public function __construct( */ public function resolve(Field $field, $context, ResolveInfo $info, array $value = null, array $args = null) { - $userId = $context->getUserId(); - $userType = $context->getUserType(); - - if (!$this->sendFriendHelper->isAllowForGuest() && $this->isUserGuest($userId, $userType)) { + /** @var ContextInterface $context */ + if (!$this->sendFriendHelper->isAllowForGuest() + && false === $context->getExtensionAttributes()->getIsCustomer() + ) { throw new GraphQlAuthorizationException(__('The current customer isn\'t authorized.')); } @@ -63,7 +63,6 @@ public function resolve(Field $field, $context, ResolveInfo $info, array $value $senderData, $recipientsData ); - return array_merge($senderData, $recipientsData); } @@ -123,19 +122,4 @@ private function extractSenderData(array $args): array ], ]; } - - /** - * Checking if current customer is guest - * - * @param int|null $customerId - * @param int|null $customerType - * @return bool - */ - private function isUserGuest(?int $customerId, ?int $customerType): bool - { - if (null === $customerId || null === $customerType) { - return true; - } - return 0 === (int)$customerId || (int)$customerType === UserContextInterface::USER_TYPE_GUEST; - } } diff --git a/app/code/Magento/SendFriendGraphQl/composer.json b/app/code/Magento/SendFriendGraphQl/composer.json index 2da404359783a..091c684879129 100644 --- a/app/code/Magento/SendFriendGraphQl/composer.json +++ b/app/code/Magento/SendFriendGraphQl/composer.json @@ -7,9 +7,6 @@ "magento/framework": "*", "magento/module-catalog": "*", "magento/module-send-friend": "*", - "magento/module-authorization": "*" - }, - "suggest": { "magento/module-graph-ql": "*" }, "license": [