From 53401963f02f593bbf555b4b321fdaeb59e03a53 Mon Sep 17 00:00:00 2001 From: Danny Situ Date: Fri, 2 Feb 2024 17:42:37 -0800 Subject: [PATCH] LPD-16000 Make sure to check supplier order --- ...erceOrderModelResourcePermissionLogic.java | 41 ++++++++++++++----- ...ceOrderModelResourcePermissionWrapper.java | 5 ++- 2 files changed, 34 insertions(+), 12 deletions(-) diff --git a/modules/apps/commerce/commerce-service/src/main/java/com/liferay/commerce/internal/security/permission/resource/CommerceOrderModelResourcePermissionLogic.java b/modules/apps/commerce/commerce-service/src/main/java/com/liferay/commerce/internal/security/permission/resource/CommerceOrderModelResourcePermissionLogic.java index 708ce68fbc8ee0..a81d49c748a69c 100644 --- a/modules/apps/commerce/commerce-service/src/main/java/com/liferay/commerce/internal/security/permission/resource/CommerceOrderModelResourcePermissionLogic.java +++ b/modules/apps/commerce/commerce-service/src/main/java/com/liferay/commerce/internal/security/permission/resource/CommerceOrderModelResourcePermissionLogic.java @@ -14,6 +14,7 @@ import com.liferay.commerce.model.CommerceOrder; import com.liferay.commerce.product.model.CommerceChannel; import com.liferay.commerce.product.service.CommerceChannelLocalService; +import com.liferay.commerce.service.CommerceOrderLocalService; import com.liferay.petra.string.StringPool; import com.liferay.portal.configuration.module.configuration.ConfigurationProvider; import com.liferay.portal.kernel.dao.orm.QueryUtil; @@ -41,6 +42,7 @@ public class CommerceOrderModelResourcePermissionLogic public CommerceOrderModelResourcePermissionLogic( AccountEntryLocalService accountEntryLocalService, CommerceChannelLocalService commerceChannelLocalService, + CommerceOrderLocalService commerceOrderLocalService, ConfigurationProvider configurationProvider, GroupLocalService groupLocalService, PortletResourcePermission portletResourcePermission, @@ -49,6 +51,7 @@ public CommerceOrderModelResourcePermissionLogic( _accountEntryLocalService = accountEntryLocalService; _commerceChannelLocalService = commerceChannelLocalService; + _commerceOrderLocalService = commerceOrderLocalService; _configurationProvider = configurationProvider; _groupLocalService = groupLocalService; _portletResourcePermission = portletResourcePermission; @@ -476,16 +479,6 @@ private boolean _hasRoleAccountSupplier( PermissionChecker permissionChecker, CommerceOrder commerceOrder) throws PortalException { - CommerceChannel commerceChannel = - _commerceChannelLocalService.fetchCommerceChannelByGroupClassPK( - commerceOrder.getGroupId()); - - if ((commerceChannel != null) && - (commerceChannel.getAccountEntryId() == 0)) { - - return false; - } - List accountEntries = _accountEntryLocalService.getUserAccountEntries( permissionChecker.getUserId(), 0L, StringPool.BLANK, @@ -493,6 +486,10 @@ private boolean _hasRoleAccountSupplier( QueryUtil.ALL_POS, QueryUtil.ALL_POS); for (AccountEntry accountEntry : accountEntries) { + CommerceChannel commerceChannel = + _commerceChannelLocalService.fetchCommerceChannelByGroupClassPK( + commerceOrder.getGroupId()); + if ((accountEntry.getAccountEntryId() == commerceChannel.getAccountEntryId()) && _userGroupRoleLocalService.hasUserGroupRole( @@ -502,6 +499,29 @@ private boolean _hasRoleAccountSupplier( return true; } + + for (long commerceOrderIds : + commerceOrder.getSupplierCommerceOrderIds()) { + + CommerceOrder supplierCommerceOrder = + _commerceOrderLocalService.getCommerceOrder( + commerceOrderIds); + + commerceChannel = + _commerceChannelLocalService. + fetchCommerceChannelByGroupClassPK( + supplierCommerceOrder.getGroupId()); + + if ((accountEntry.getAccountEntryId() == + commerceChannel.getAccountEntryId()) && + _userGroupRoleLocalService.hasUserGroupRole( + permissionChecker.getUserId(), + accountEntry.getAccountEntryGroupId(), + AccountRoleConstants.ROLE_NAME_ACCOUNT_SUPPLIER)) { + + return true; + } + } } return false; @@ -509,6 +529,7 @@ private boolean _hasRoleAccountSupplier( private final AccountEntryLocalService _accountEntryLocalService; private final CommerceChannelLocalService _commerceChannelLocalService; + private final CommerceOrderLocalService _commerceOrderLocalService; private final ConfigurationProvider _configurationProvider; private final GroupLocalService _groupLocalService; private final PortletResourcePermission _portletResourcePermission; diff --git a/modules/apps/commerce/commerce-service/src/main/java/com/liferay/commerce/internal/security/permission/resource/CommerceOrderModelResourcePermissionWrapper.java b/modules/apps/commerce/commerce-service/src/main/java/com/liferay/commerce/internal/security/permission/resource/CommerceOrderModelResourcePermissionWrapper.java index 8df234606ff6b0..d2bf3bd5a3407d 100644 --- a/modules/apps/commerce/commerce-service/src/main/java/com/liferay/commerce/internal/security/permission/resource/CommerceOrderModelResourcePermissionWrapper.java +++ b/modules/apps/commerce/commerce-service/src/main/java/com/liferay/commerce/internal/security/permission/resource/CommerceOrderModelResourcePermissionWrapper.java @@ -49,8 +49,9 @@ public class CommerceOrderModelResourcePermissionWrapper consumer.accept( new CommerceOrderModelResourcePermissionLogic( _accountEntryLocalService, _commerceChannelLocalService, - _configurationProvider, _groupLocalService, - _portletResourcePermission, _userGroupRoleLocalService, + _commerceOrderLocalService, _configurationProvider, + _groupLocalService, _portletResourcePermission, + _userGroupRoleLocalService, _workflowDefinitionLinkLocalService)); }); }