Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Api] restrict access to customer account editing #11874

Merged

Conversation

AdamKasp
Copy link
Contributor

Q A
Branch? master
Bug fix? no/yes
New feature? no/yes
BC breaks? no/yes
Deprecations? no
Related tickets part of #11250, based on #11872
License MIT

@AdamKasp AdamKasp requested a review from a team as a code owner September 24, 2020 08:47
@probot-autolabeler probot-autolabeler bot added the API APIs related issues and PRs. label Sep 24, 2020
@AdamKasp AdamKasp changed the title Api restrict access customer account editing [Api] restrict access customer account editing Sep 24, 2020
@AdamKasp AdamKasp changed the title [Api] restrict access customer account editing [Api] restrict access to customer account editing Sep 24, 2020
}

if (
$user instanceof ShopUserInterface &&
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
$user instanceof ShopUserInterface &&
$user instanceof ShopUserInterface &&
in_array('ROLE_USER', $user->getRoles(), true)) &&

@@ -6,10 +6,10 @@ Feature: Editing a customer profile

Background:
Given the store operates on a single channel in "United States"
And there is a customer "Francis Underwood" identified by an email "francis@underwood.com" and a password "whitehouse"
And there is a customer "Francis Underwood" identified by an email "francis@underwood.com" and a password "sylius"
Copy link
Contributor

@Tomanhez Tomanhez Sep 24, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
And there is a customer "Francis Underwood" identified by an email "francis@underwood.com" and a password "sylius"
And there is a customer "Francis Underwood" identified by an email "francis@underwood.com"

IMO its not needed in plain sight

/** @var ShopUserInterface $shopUser */
$shopUser = $this->sharedStorage->get('user');

$this->shopApiSecurityContext->iAmLoggedInAs($email);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is different behaviour than in UI, for now, it's ok, but we should probably think about it in future

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, i will investigate how to save token after customer change login, and i will add new PR with solution or add issue for it.

Comment on lines +99 to +104
->getItem(
CustomerInterface::class,
'2',
Request::METHOD_PUT,
[]
)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One line?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It could be, but in rest of item providers we have similar formating and also IMO it is more readable in this way

@GSadee GSadee merged commit bea35b8 into Sylius:master Sep 24, 2020
@GSadee
Copy link
Member

GSadee commented Sep 24, 2020

Thank you, Adam! 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
API APIs related issues and PRs.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants