From 4deea160ad827137006c7b68410e42f9f13bb23d Mon Sep 17 00:00:00 2001 From: Luke Parrott Date: Mon, 3 Apr 2023 16:32:42 -0500 Subject: [PATCH 01/14] W-10866049 Manage Allocations XSS fix --- force-app/main/default/pages/ALLO_ManageAllocations.page | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/force-app/main/default/pages/ALLO_ManageAllocations.page b/force-app/main/default/pages/ALLO_ManageAllocations.page index 29418d2b8e..62eaf82dee 100644 --- a/force-app/main/default/pages/ALLO_ManageAllocations.page +++ b/force-app/main/default/pages/ALLO_ManageAllocations.page @@ -163,8 +163,8 @@ $Lightning.use("{!namespace}" + ":RD2_EnablementApp", function() { $Lightning.createComponent("{!namespace}" + ":utilIllustration", { - title : "{!$Label.commonAdminPermissionErrorTitle}", - message : "{!$Label.commonPermissionErrorMessage}", + title : "{!JSENCODE($Label.commonAdminPermissionErrorTitle)}", + message : "{!JSENCODE($Label.commonPermissionErrorMessage)}", size: 'small', variant: 'no-access', illustrationClass: "slds-p-top_x-large slds-m-top_x-large" @@ -194,7 +194,7 @@ From 9bffdc6e8a33621d40e8fea930a6cf9c94a89b27 Mon Sep 17 00:00:00 2001 From: Luke Parrott Date: Tue, 4 Apr 2023 13:13:50 -0500 Subject: [PATCH 03/14] Fix for W-11553839 Payment Wizard --- force-app/main/default/pages/PMT_PaymentWizard.page | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/force-app/main/default/pages/PMT_PaymentWizard.page b/force-app/main/default/pages/PMT_PaymentWizard.page index f96a39065c..ce9671cfbe 100644 --- a/force-app/main/default/pages/PMT_PaymentWizard.page +++ b/force-app/main/default/pages/PMT_PaymentWizard.page @@ -31,8 +31,8 @@ $Lightning.use("{!namespace}" + ":RD2_EnablementApp", function() { $Lightning.createComponent("{!namespace}" + ":utilIllustration", { - title : "{!$Label.commonAdminPermissionErrorTitle}", - message : "{!$Label.commonPermissionErrorMessage}", + title : "{!JSENCODE($Label.commonAdminPermissionErrorTitle)}", + message : "{!JSENCODE($Label.commonPermissionErrorMessage)}", size: 'small', variant: 'no-access', illustrationClass: "slds-p-top_x-large slds-m-top_x-large" From f76e786e0af1b879a05b12a6dc768d517a179e9d Mon Sep 17 00:00:00 2001 From: Luke Parrott Date: Tue, 4 Apr 2023 15:22:52 -0500 Subject: [PATCH 04/14] Fix for W-11547533, RD Batch settings page --- force-app/main/default/pages/STG_PanelRDBatch.page | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/force-app/main/default/pages/STG_PanelRDBatch.page b/force-app/main/default/pages/STG_PanelRDBatch.page index 47349c8f4d..fe1cb2a9cd 100644 --- a/force-app/main/default/pages/STG_PanelRDBatch.page +++ b/force-app/main/default/pages/STG_PanelRDBatch.page @@ -9,7 +9,7 @@
- +
From b10f13e45b55320d22fa0df08d29d5f347d96dc5 Mon Sep 17 00:00:00 2001 From: Luke Parrott Date: Tue, 4 Apr 2023 16:45:26 -0500 Subject: [PATCH 05/14] W-11548191 fix, Error Log table in Settings --- .../default/classes/UTIL_SoqlListView_CTRL.cls | 11 ++++++++++- .../default/components/UTIL_SoqlListView.component | 14 +++----------- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/force-app/main/default/classes/UTIL_SoqlListView_CTRL.cls b/force-app/main/default/classes/UTIL_SoqlListView_CTRL.cls index 401a1a8c70..e2a8692b23 100644 --- a/force-app/main/default/classes/UTIL_SoqlListView_CTRL.cls +++ b/force-app/main/default/classes/UTIL_SoqlListView_CTRL.cls @@ -37,7 +37,7 @@ public with sharing class UTIL_SoqlListView_CTRL { - public UTIL_iSoqlListViewConsumer pageController { + public UTIL_iSoqlListViewConsumer pageController { get; set { if (value != null) { @@ -47,6 +47,15 @@ public with sharing class UTIL_SoqlListView_CTRL { } } + public String getListViewPageInfo () { + String listViewPageInfo = System.Label.labelListViewPageInfo; + return String.format(listViewPageInfo, new List{ + setCon.getPageNumber(), + NumberOfPages, + NumberOfItems + }); + } + // the set controller allows us to do paging in our pageTable public ApexPages.StandardSetController setCon { get { diff --git a/force-app/main/default/components/UTIL_SoqlListView.component b/force-app/main/default/components/UTIL_SoqlListView.component index c419395e14..df90e13fcc 100644 --- a/force-app/main/default/components/UTIL_SoqlListView.component +++ b/force-app/main/default/components/UTIL_SoqlListView.component @@ -51,12 +51,8 @@ {!$Label.labelListViewLast} - - - - - - + + @@ -138,11 +134,7 @@ {!$Label.labelListViewLast} - - - - - + {!$Label.labelShowMore} From 93c040b4bab9cff04755a1805b1136b42102c667 Mon Sep 17 00:00:00 2001 From: Luke Parrott Date: Wed, 5 Apr 2023 11:27:11 -0500 Subject: [PATCH 06/14] Fix for W-11564391 Contact Merge --- force-app/main/default/pages/CON_ContactMerge.page | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/force-app/main/default/pages/CON_ContactMerge.page b/force-app/main/default/pages/CON_ContactMerge.page index 4cbcf8aaa5..a2f6b6c5c8 100644 --- a/force-app/main/default/pages/CON_ContactMerge.page +++ b/force-app/main/default/pages/CON_ContactMerge.page @@ -43,7 +43,7 @@
- +
Date: Wed, 5 Apr 2023 11:36:07 -0500 Subject: [PATCH 07/14] Fix for W-11554050 and W-11553948 Levels page --- force-app/main/default/components/UTIL_InputField.component | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/force-app/main/default/components/UTIL_InputField.component b/force-app/main/default/components/UTIL_InputField.component index f94e130e71..a5375a6baf 100644 --- a/force-app/main/default/components/UTIL_InputField.component +++ b/force-app/main/default/components/UTIL_InputField.component @@ -45,7 +45,7 @@ var lkLink = lkSpan.querySelector("a"); lkLink.style.visibility = ""; lkLink.className = ""; - lkLink.setAttribute("aria-label", "{!$Label.UTIL_InputFormFormFieldAltLabelLookup} {!$ObjectType[sObjType].fields[field].label}"); + lkLink.setAttribute("aria-label", "{!JSENCODE($Label.UTIL_InputFormFormFieldAltLabelLookup)} {!$ObjectType[sObjType].fields[field].label}"); lkLink.innerHTML = "" + @@ -58,7 +58,7 @@ var lkLink = lkSpan.querySelector("a"); lkLink.style.visibility = ""; lkLink.className = ""; - lkLink.setAttribute("aria-label","{!$Label.UTIL_InputFormFormFieldAltLabelDate} {!$ObjectType[sObjType].fields[field].label}"); + lkLink.setAttribute("aria-label", "{!JSENCODE($Label.UTIL_InputFormFormFieldAltLabelDate)} {!$ObjectType[sObjType].fields[field].label}"); lkLink.innerHTML = "" + From 4c5522c097b8eb0e19e64a839e4f388e7c00cc64 Mon Sep 17 00:00:00 2001 From: Luke Parrott Date: Wed, 5 Apr 2023 11:47:27 -0500 Subject: [PATCH 08/14] Update HtmlOutput to allow nbsp --- force-app/main/default/classes/UTIL_HtmlOutput_CTRL.cls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/force-app/main/default/classes/UTIL_HtmlOutput_CTRL.cls b/force-app/main/default/classes/UTIL_HtmlOutput_CTRL.cls index 0c50bf096c..e1fac8fd35 100644 --- a/force-app/main/default/classes/UTIL_HtmlOutput_CTRL.cls +++ b/force-app/main/default/classes/UTIL_HtmlOutput_CTRL.cls @@ -48,7 +48,8 @@ public with sharing class UTIL_HtmlOutput_CTRL { ' '|para|', ' '|head1|', ' '|head2|', - ' '|head3|' + ' '|head3|', + ' ' => '|nonBreakingSpace|' }; /** @description The map of allowed urls and their temporary substitution values */ From 71687e6de1dd0f57faccd39431d28e5266a56972 Mon Sep 17 00:00:00 2001 From: Luke Parrott Date: Tue, 18 Apr 2023 12:29:32 -0500 Subject: [PATCH 09/14] Hiding Application Status component since it is causing confusion in Trials --- .../default/lwc/gsApplicationStatus/gsApplicationStatus.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/force-app/main/default/lwc/gsApplicationStatus/gsApplicationStatus.js b/force-app/main/default/lwc/gsApplicationStatus/gsApplicationStatus.js index 01ec5d86c0..50226461c7 100644 --- a/force-app/main/default/lwc/gsApplicationStatus/gsApplicationStatus.js +++ b/force-app/main/default/lwc/gsApplicationStatus/gsApplicationStatus.js @@ -21,7 +21,7 @@ export default class GsApplicationStatus extends LightningElement { @track isApplicationSubmitted = false; @track isLoading = false; @track img = ""; - @track isActiveInstance = false; + @track isActiveInstance = true; applyForFreeLicensesImg = Resources + '/gsResources/Accept_Tasks_Apply_Card.png'; checkForStatusImg = Resources + '/gsResources/gift_illustration_2.svg'; @@ -55,7 +55,8 @@ export default class GsApplicationStatus extends LightningElement { this.diffInDays = this.calculateTrialRemainingDays(result); this.isApplicationSubmitted = this.checkApplicationSubmitted(result); this.img = this.isApplicationSubmitted ? this.checkForStatusImg : this.applyForFreeLicensesImg; - this.isActiveInstance = result.trialExpirationDate == null; + // Disabling this component since it is causing confusion in new Trials and orgs that were converted from Trials + // this.isActiveInstance = result.trialExpirationDate == null; this.hideSpinner(); this.learnMoreAriaLabel = `${this.labels.gsLearnMore} ${this.labels.opensInNewLink}`; this.applyForFreeLicensesAriaLabel = `${this.labels.gsApplyForFreeLicenses} ${this.labels.opensInNewLink}`; From bbedba530ae70e57cdfbe7ff5af42aa275d19817 Mon Sep 17 00:00:00 2001 From: Reede Stockton Date: Tue, 18 Apr 2023 17:36:32 -0700 Subject: [PATCH 10/14] Add permission check to runBatchDryRun / W-9463070 --- .../main/default/classes/BGE_DataImportBatchEntry_CTRL.cls | 2 ++ 1 file changed, 2 insertions(+) diff --git a/force-app/main/default/classes/BGE_DataImportBatchEntry_CTRL.cls b/force-app/main/default/classes/BGE_DataImportBatchEntry_CTRL.cls index 5d0f216f4b..59394fcd7d 100644 --- a/force-app/main/default/classes/BGE_DataImportBatchEntry_CTRL.cls +++ b/force-app/main/default/classes/BGE_DataImportBatchEntry_CTRL.cls @@ -343,6 +343,8 @@ public with sharing class BGE_DataImportBatchEntry_CTRL { @AuraEnabled public static String runBatchDryRun(Id batchId, Integer numberOfRowsToReturn) { try { + checkFieldPermissions(); + Data_Import_Settings__c dataImportSettings = BDI_DataImportService.loadSettings(batchId); List allRawDataImports = getAllDataImportRecordsForDryRunByBatchId(batchId); From 7b4843af4ea9cbaa0ae4ccba6f55dd66a01cafd3 Mon Sep 17 00:00:00 2001 From: Reede Stockton Date: Wed, 19 Apr 2023 11:20:42 -0700 Subject: [PATCH 11/14] Check for Admin user in BDI_ManageAdvancedMapping.getAdvancedMappingObjectData / W-11030828 --- .../main/default/classes/BDI_ManageAdvancedMappingCtrl.cls | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/force-app/main/default/classes/BDI_ManageAdvancedMappingCtrl.cls b/force-app/main/default/classes/BDI_ManageAdvancedMappingCtrl.cls index 9d1f6bb42c..92840957a6 100644 --- a/force-app/main/default/classes/BDI_ManageAdvancedMappingCtrl.cls +++ b/force-app/main/default/classes/BDI_ManageAdvancedMappingCtrl.cls @@ -153,6 +153,10 @@ public class BDI_ManageAdvancedMappingCtrl { */ @AuraEnabled public static AdvancedMappingObjectData getAdvancedMappingObjectData () { + if (!isAdminUser(UserInfo.getUserId())) { + throw new AuraHandledException(Label.commonInsufficientPermissions); + } + return new AdvancedMappingObjectData(getObjectMappings(), getObjectOptions()); } From 2c96c7372bc237fb4350b518d98341f25ffd595d Mon Sep 17 00:00:00 2001 From: Reede Stockton Date: Wed, 19 Apr 2023 11:53:12 -0700 Subject: [PATCH 12/14] Move AuraEnabled restricted getDataImportSettings to GE_GiftEntryController / W-9463506 --- .../main/default/classes/GE_GiftEntryController.cls | 9 +++++++++ .../main/default/classes/UTIL_CustomSettingsFacade.cls | 1 - .../lwc/utilTemplateBuilder/utilTemplateBuilder.js | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/force-app/main/default/classes/GE_GiftEntryController.cls b/force-app/main/default/classes/GE_GiftEntryController.cls index 7f522b1c74..133a7b0a39 100644 --- a/force-app/main/default/classes/GE_GiftEntryController.cls +++ b/force-app/main/default/classes/GE_GiftEntryController.cls @@ -1335,6 +1335,15 @@ public with sharing class GE_GiftEntryController { } } + @AuraEnabled + public static Data_Import_Settings__c getDataImportSettings() { + if (!UTIL_Describe.getObjectDescribe('DataImportBatch__c').isUpdateable()) { + throw new AuraHandledException(Label.commonInsufficientPermissions); + } + + return UTIL_CustomSettingsFacade.getDataImportSettings(); + } + private static String retrieveBatchCurrencyIsoCode (Id batchId) { String query = new UTIL_Query() .withSelectFields(new Set{UTIL_Currency.CURRENCY_ISO_CODE_FIELD}) diff --git a/force-app/main/default/classes/UTIL_CustomSettingsFacade.cls b/force-app/main/default/classes/UTIL_CustomSettingsFacade.cls index ad7d4dbff5..ed4d99e1fc 100644 --- a/force-app/main/default/classes/UTIL_CustomSettingsFacade.cls +++ b/force-app/main/default/classes/UTIL_CustomSettingsFacade.cls @@ -296,7 +296,6 @@ public without sharing class UTIL_CustomSettingsFacade { * settings are defined. The ID field should be checked to determine if the returned record already exists or doesn't exist * in the database. */ - @AuraEnabled public static Data_Import_Settings__c getDataImportSettings() { if(Test.isRunningTest() && dataImportSettings == null) { dataImportSettings = new Data_Import_Settings__c(); diff --git a/force-app/main/default/lwc/utilTemplateBuilder/utilTemplateBuilder.js b/force-app/main/default/lwc/utilTemplateBuilder/utilTemplateBuilder.js index 8adc7c7f40..f6a84d951a 100644 --- a/force-app/main/default/lwc/utilTemplateBuilder/utilTemplateBuilder.js +++ b/force-app/main/default/lwc/utilTemplateBuilder/utilTemplateBuilder.js @@ -75,7 +75,7 @@ import ACCOUNT_NAME_INFO from '@salesforce/schema/Account.Name'; import commonError from '@salesforce/label/c.commonError'; import commonUnknownError from '@salesforce/label/c.commonUnknownError'; -import getDataImportSettings from '@salesforce/apex/UTIL_CustomSettingsFacade.getDataImportSettings'; +import getDataImportSettings from '@salesforce/apex/GE_GiftEntryController.getDataImportSettings'; import getGiftEntrySettings from '@salesforce/apex/GE_GiftEntryController.getGiftEntrySettings'; From 3047082eb26b677f198aba32bcfe8ac6f4ba36a0 Mon Sep 17 00:00:00 2001 From: Luke Parrott Date: Wed, 19 Apr 2023 17:00:15 -0500 Subject: [PATCH 13/14] Updating Permission check for Gift Entry --- force-app/main/default/classes/GE_GiftEntryController.cls | 4 ++-- .../default/lwc/utilTemplateBuilder/utilTemplateBuilder.js | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/force-app/main/default/classes/GE_GiftEntryController.cls b/force-app/main/default/classes/GE_GiftEntryController.cls index 133a7b0a39..04cb1f04be 100644 --- a/force-app/main/default/classes/GE_GiftEntryController.cls +++ b/force-app/main/default/classes/GE_GiftEntryController.cls @@ -1337,8 +1337,8 @@ public with sharing class GE_GiftEntryController { @AuraEnabled public static Data_Import_Settings__c getDataImportSettings() { - if (!UTIL_Describe.getObjectDescribe('DataImportBatch__c').isUpdateable()) { - throw new AuraHandledException(Label.commonInsufficientPermissions); + if (!UTIL_Permissions.canRead(UTIL_Namespace.StrTokenNSPrefix('Data_Import_Settings__c'), false)) { + return null; } return UTIL_CustomSettingsFacade.getDataImportSettings(); diff --git a/force-app/main/default/lwc/utilTemplateBuilder/utilTemplateBuilder.js b/force-app/main/default/lwc/utilTemplateBuilder/utilTemplateBuilder.js index f6a84d951a..8266cd41b3 100644 --- a/force-app/main/default/lwc/utilTemplateBuilder/utilTemplateBuilder.js +++ b/force-app/main/default/lwc/utilTemplateBuilder/utilTemplateBuilder.js @@ -504,7 +504,7 @@ const setRecordValuesOnTemplate = (templateSections, fieldMappings, record) => { const getPageAccess = async () => { const dataImportSettings = await getDataImportSettings(); const giftEntryGateSettings = await getGiftEntrySettings(); - const isAdvancedMappingOn = + const isAdvancedMappingOn = dataImportSettings && dataImportSettings[FIELD_MAPPING_METHOD_FIELD_INFO.fieldApiName] === ADVANCED_MAPPING; const isGiftEntryEnabled = giftEntryGateSettings[GIFT_ENTRY_FEATURE_GATE_INFO.fieldApiName]; return isAdvancedMappingOn && isGiftEntryEnabled; From 38e727a70a9f7405b8479ef83d797304f7d27132 Mon Sep 17 00:00:00 2001 From: Luke Parrott Date: Mon, 26 Jun 2023 09:39:13 -0500 Subject: [PATCH 14/14] Updating Elevate Validation to ignore newly added Payments --- .../default/classes/PMT_ValidationService.cls | 6 +++- .../classes/PMT_ValidationService_TEST.cls | 35 +++++++++++++++++++ 2 files changed, 40 insertions(+), 1 deletion(-) diff --git a/force-app/main/default/classes/PMT_ValidationService.cls b/force-app/main/default/classes/PMT_ValidationService.cls index be2451eb79..a68b423927 100644 --- a/force-app/main/default/classes/PMT_ValidationService.cls +++ b/force-app/main/default/classes/PMT_ValidationService.cls @@ -187,7 +187,11 @@ public inherited sharing class PMT_ValidationService { } private void validateElevatePayments(npe01__OppPayment__c payment, npe01__OppPayment__c oldPayment) { - if (String.isBlank(payment.Elevate_Payment_ID__c) || !config.isIntegrationEnabled() || config.hasIntegrationPermissions()) { + if (String.isBlank(payment.Elevate_Payment_ID__c) + || String.isBlank(oldPayment.Elevate_Payment_ID__c) + || !config.isIntegrationEnabled() + || config.hasIntegrationPermissions() + ) { return; } diff --git a/force-app/main/default/classes/PMT_ValidationService_TEST.cls b/force-app/main/default/classes/PMT_ValidationService_TEST.cls index 238ed7ab99..88e4f22f71 100644 --- a/force-app/main/default/classes/PMT_ValidationService_TEST.cls +++ b/force-app/main/default/classes/PMT_ValidationService_TEST.cls @@ -431,6 +431,41 @@ public with sharing class PMT_ValidationService_TEST { 'Cannot update Elevate payment without integrationPermission'); } + @IsTest + private static void verifyAddingPaymentToElevateWillNotRunValidation() { + npe01__OppPayment__c originalPayment = new npe01__OppPayment__c( + Id = UTIL_UnitTestData_TEST.mockId(npe01__OppPayment__c.SObjectType), + npe01__Payment_Amount__c = 10, + npe01__Paid__c = true + ); + + npe01__OppPayment__c updatedPayment = originalPayment.clone(true); + updatedPayment.Elevate_Payment_ID__c = 'Random'; + + PMT_ValidationService validationService = new PMT_ValidationService( + new List{updatedPayment}, + new List{originalPayment}, + TDTM_Runnable.Action.BeforeUpdate + ); + + validationService.isEnforceAccountingDataConsistency = false; + PS_IntegrationServiceConfig_TEST.Stub configStub = new PS_IntegrationServiceConfig_TEST.Stub() + .withIsIntegrationEnabled(true) + .withHasIntegrationPermissions(false); + + PMT_ValidationService.config = (PS_IntegrationServiceConfig) Test.createStub( + PS_IntegrationServiceConfig.class, + configStub + ); + + Test.startTest(); + List errorRecords = validationService.validate().getErrors(); + Test.stopTest(); + + System.assertEquals(0, errorRecords.size(), + 'Expecting Elevate validation should not run against newly added Elevate payment.'); + } + @IsTest private static void verifyElevateRefundWillNotBeValidate() { npe01__OppPayment__c originalPayment = new npe01__OppPayment__c(