wisest owl (wisest_owl) wrote in changelog,
wisest owl
wisest_owl
changelog

[ljcom] r11334: LJSUP-10997: Create privilege to view us...

Committer: gprochaev
LJSUP-10997: Create privilege to view userheads stats

U   trunk/cgi-bin/LJ/Pay/ShopVGift.pm
U   trunk/htdocs/admin/accounts/vgiftsummary.bml
U   trunk/htdocs/admin/userheads/stat.bml
U   trunk/htdocs/admin/vgift/edit.bml
Modified: trunk/cgi-bin/LJ/Pay/ShopVGift.pm
===================================================================
--- trunk/cgi-bin/LJ/Pay/ShopVGift.pm	2012-01-19 15:13:51 UTC (rev 11333)
+++ trunk/cgi-bin/LJ/Pay/ShopVGift.pm	2012-01-19 15:18:25 UTC (rev 11334)
@@ -138,6 +138,11 @@
 
 sub expire_time { time() + 14*86400 }
 
+sub author {
+    my $self = shift;
+    return $self->{'author'};
+}
+
 sub price {
     my $self = shift;
     return $self->is_free ? "0.00" : $self->{price};
@@ -275,7 +280,7 @@
     LJ::ModuleCheck->have("LJ::Pay::ShopVGift::".$opts{perl_class});
 
     my (@fields, @fields_values);
-    for ('vgift_name', 'perl_class', 'price', 'date_start', 'date_end', 'is_hidden', 'is_promo', 'is_disabled', 'is_charity', 'is_sponsored', 'avail_for', 'cnt_for_send', 'min_age', 'max_age', 'is_hidden_for_not_logged_in', 'available_bit') {
+    for ('vgift_name', 'perl_class', 'price', 'date_start', 'date_end', 'is_hidden', 'is_promo', 'is_disabled', 'is_charity', 'is_sponsored', 'avail_for', 'cnt_for_send', 'min_age', 'max_age', 'is_hidden_for_not_logged_in', 'available_bit', 'author') {
         if ( defined $opts{$_} ) {
             push @fields, $_;
             push @fields_values, $opts{$_};
@@ -640,12 +645,16 @@
     my $dbh = LJ::get_db_writer();
     $dbh->do("
         INSERT INTO shop_vgifts (
-            vgift_name, perl_class, price, date_start, date_end, min_age, max_age, is_hidden, is_hidden_for_not_logged_in, is_promo, is_disabled, is_charity, is_sponsored
+            vgift_name, perl_class, price, date_start, date_end, min_age, max_age, is_hidden, 
+            is_hidden_for_not_logged_in, is_promo, is_disabled, is_charity, is_sponsored, author
         ) VALUES (
             ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?
         )
-    ", undef, $opts{vgift_name}, $opts{perl_class}, $opts{price}||undef, $opts{date_start}||undef, $opts{date_end}||undef,$opts{min_age}||undef,$opts{max_age}||undef,
-              $opts{is_hidden}, $opts{is_hidden_for_not_logged_in}||0, $opts{is_promo}, $opts{is_disabled}, $opts{is_charity}, $opts{is_sponsored})||die $dbh->errstr;
+        ", undef, $opts{vgift_name}, $opts{perl_class}, $opts{price} || undef, $opts{date_start} || undef, 
+        $opts{date_end} || undef, $opts{min_age} || undef, $opts{max_age} || undef,
+        $opts{is_hidden}, $opts{is_hidden_for_not_logged_in} || 0, $opts{is_promo}, $opts{is_disabled}, 
+        $opts{is_charity}, $opts{is_sponsored}, $opts{author}
+    ) || die $dbh->errstr;
 
     my $vgift_id = $dbh->last_insert_id (undef, undef, "shop_vgifts", undef);
 

Modified: trunk/htdocs/admin/accounts/vgiftsummary.bml
===================================================================
--- trunk/htdocs/admin/accounts/vgiftsummary.bml	2012-01-19 15:13:51 UTC (rev 11333)
+++ trunk/htdocs/admin/accounts/vgiftsummary.bml	2012-01-19 15:18:25 UTC (rev 11334)
@@ -1,5 +1,6 @@
 <?_code
 {
+#line 4
     use strict;
     use vars qw(%GET);
 
@@ -12,8 +13,11 @@
     return "You must first <a href=\"/login.bml?ret=1\">log in</a>."
         unless $remote;
     return LJ::no_access_error("You don't have access to see this.", "moneyview", '*')
-        unless (LJ::remote_has_priv($remote, "moneyview") ||
-                LJ::check_priv($remote, "admin", "vgift"));
+        unless (
+                LJ::remote_has_priv($remote, "moneyview") ||
+                LJ::check_priv($remote, "admin", "vgift") ||
+                LJ::check_priv($remote, "admin", "vgiftstat")
+               );
 
     # Try slow role, falling back to slave, then master (eww)
     my $dbh = LJ::get_dbh("slow", "slave", "master")
@@ -234,7 +238,23 @@
     sub get_payitems {
         my $payments_ref = shift;
         return ({}, {}, {}) unless $payments_ref && scalar(keys %$payments_ref);
-        my $sql = 'SELECT * FROM payitems WHERE item="vgift" AND payid IN (' . join(',', keys %$payments_ref) . ')';
+
+        ## Is we need to filter vgifts?
+        my $vgift_names_filter = "";
+        if (LJ::check_priv($remote, "admin", "vgiftstat")) {
+            my $vgift_names = $dbh->selectcol_arrayref ("SELECT vgift_name FROM shop_vgifts WHERE author = ?", undef, $remote->user);
+            die $dbh->errstr if $dbh->err;
+            if (@$vgift_names) {
+                $vgift_names_filter = " AND subitem IN('" . join ("','", @$vgift_names) . "') ";
+            } else {
+                ## User has a vgiftstat priv but not an author. It is error.
+                ## Privs have been loaded in check_priv
+                return ({}, {}, {})
+                    unless $remote->{'_priv'}->{"admin"}->{"*"};
+            }
+        }
+
+        my $sql = 'SELECT * FROM payitems WHERE item="vgift" AND payid IN (' . join(',', keys %$payments_ref) . ')' . " " . $vgift_names_filter;
         $sth = $dbh->prepare($sql);
         $sth->execute;
         $sth->{mysql_use_result} = 1;

Modified: trunk/htdocs/admin/userheads/stat.bml
===================================================================
--- trunk/htdocs/admin/userheads/stat.bml	2012-01-19 15:13:51 UTC (rev 11333)
+++ trunk/htdocs/admin/userheads/stat.bml	2012-01-19 15:18:25 UTC (rev 11334)
@@ -14,7 +14,7 @@
 my $remote = LJ::get_remote();
 return "<b>Error:</b> not logged in" unless $remote;
 return "<b>Error:</b> no access"
-    unless $LJ::IS_DEV_SERVER || LJ::check_priv($remote, "admin", "userheads");
+    unless $LJ::IS_DEV_SERVER || LJ::check_priv($remote, "admin", "userheads") || LJ::check_priv($remote, "admin", "vgiftstat");
 
 my $domain = LJ::Lang::get_dom("general");
 my $lang = $LJ::DEFAULT_LANG;
@@ -87,6 +87,9 @@
         my ($uh_id) = $item =~ m#uh-(\d+)#;
         next unless $uh_id;
         my $uh = LJ::UserHead->get_userhead ($uh_id);
+        next if     LJ::check_priv($remote, "admin", "vgiftstat")
+                and !$remote->{'_priv'}->{"admin"}->{"*"}
+                and $uh->get_uh_author ne $remote->user;
         $ret .= "<tr><td>".$uh_id."</td><td><img src='".$uh->get_uh_img."'></td><td>".$uh->get_price."</td><td>".$uh->get_uh_author."</td><td>".$uh_stat{$item}{qty}."</td><td>".$uh_stat{$item}{amt}."</td></tr>" if $uh;
     }
     $ret .= "<tr><th colspan='4'>Total:</th><th>".$uh_stat{total}{qty}."</th><th>".$uh_stat{total}{amt}."</th></tr>";

Modified: trunk/htdocs/admin/vgift/edit.bml
===================================================================
--- trunk/htdocs/admin/vgift/edit.bml	2012-01-19 15:13:51 UTC (rev 11333)
+++ trunk/htdocs/admin/vgift/edit.bml	2012-01-19 15:18:25 UTC (rev 11334)
@@ -136,6 +136,7 @@
 	$ret .= "<tr><td>Is Hidden</td><td><input type='checkbox' name='is_hidden'" . ($vgift->is_hidden eq '1' ? " checked = 'checked' " : "") . "></td></tr>";
 	$ret .= "<tr><td>Is Hidden for not logged in</td><td><input type='checkbox' name='is_hidden_for_not_logged_in'" . ($vgift->{is_hidden_for_not_logged_in} eq '1' ? " checked = 'checked' " : "") . "></td></tr>";
 	$ret .= "<tr><td>VGift name</td><td><input type='text' name='vgift_name' value='" . $vgift->keyname . "'" . ($GET{vgift_id} ? " disabled='disabled'" : "") . "></td></tr>";
+    $ret .= "<tr><td>VGift author</td><td><input type='text' name='author' value='" . $vgift->author . "'></td></tr>";
 	$ret .= "<tr><td>Is Promo</td><td><input type='checkbox' name='is_promo'" . ($vgift->is_promo eq '1' ? " checked = 'checked' " : "") . "></td></tr>";
 	$ret .= "<tr><td>Is Disabled</td><td><input type='checkbox' name='is_disabled'" . ($vgift->is_disabled eq '1' ? " checked = 'checked' " : "") . "></td></tr>";
 	$ret .= "<tr><td>Is Charity</td><td><input type='checkbox' name='is_charity'" . ($vgift->is_charity eq '1' ? " checked = 'checked' " : "") . "></td></tr>";

Tags: bml, gprochaev, ljcom, pm, wisest-owl
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments