Committer: gprochaev
LJSUP-10997: Create privilege to view userheads statsU trunk/cgi-bin/LJ/Pay/ShopVGift.pm U trunk/htdocs/admin/accounts/vgiftsummary.bml U trunk/htdocs/admin/userheads/stat.bml U trunk/htdocs/admin/vgift/edit.bml
Modified: trunk/cgi-bin/LJ/Pay/ShopVGift.pm =================================================================== --- trunk/cgi-bin/LJ/Pay/ShopVGift.pm 2012-01-19 15:13:51 UTC (rev 11333) +++ trunk/cgi-bin/LJ/Pay/ShopVGift.pm 2012-01-19 15:18:25 UTC (rev 11334) @@ -138,6 +138,11 @@ sub expire_time { time() + 14*86400 } +sub author { + my $self = shift; + return $self->{'author'}; +} + sub price { my $self = shift; return $self->is_free ? "0.00" : $self->{price}; @@ -275,7 +280,7 @@ LJ::ModuleCheck->have("LJ::Pay::ShopVGift::".$opts{perl_class}); my (@fields, @fields_values); - for ('vgift_name', 'perl_class', 'price', 'date_start', 'date_end', 'is_hidden', 'is_promo', 'is_disabled', 'is_charity', 'is_sponsored', 'avail_for', 'cnt_for_send', 'min_age', 'max_age', 'is_hidden_for_not_logged_in', 'available_bit') { + for ('vgift_name', 'perl_class', 'price', 'date_start', 'date_end', 'is_hidden', 'is_promo', 'is_disabled', 'is_charity', 'is_sponsored', 'avail_for', 'cnt_for_send', 'min_age', 'max_age', 'is_hidden_for_not_logged_in', 'available_bit', 'author') { if ( defined $opts{$_} ) { push @fields, $_; push @fields_values, $opts{$_}; @@ -640,12 +645,16 @@ my $dbh = LJ::get_db_writer(); $dbh->do(" INSERT INTO shop_vgifts ( - vgift_name, perl_class, price, date_start, date_end, min_age, max_age, is_hidden, is_hidden_for_not_logged_in, is_promo, is_disabled, is_charity, is_sponsored + vgift_name, perl_class, price, date_start, date_end, min_age, max_age, is_hidden, + is_hidden_for_not_logged_in, is_promo, is_disabled, is_charity, is_sponsored, author ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) - ", undef, $opts{vgift_name}, $opts{perl_class}, $opts{price}||undef, $opts{date_start}||undef, $opts{date_end}||undef,$opts{min_age}||undef,$opts{max_age}||undef, - $opts{is_hidden}, $opts{is_hidden_for_not_logged_in}||0, $opts{is_promo}, $opts{is_disabled}, $opts{is_charity}, $opts{is_sponsored})||die $dbh->errstr; + ", undef, $opts{vgift_name}, $opts{perl_class}, $opts{price} || undef, $opts{date_start} || undef, + $opts{date_end} || undef, $opts{min_age} || undef, $opts{max_age} || undef, + $opts{is_hidden}, $opts{is_hidden_for_not_logged_in} || 0, $opts{is_promo}, $opts{is_disabled}, + $opts{is_charity}, $opts{is_sponsored}, $opts{author} + ) || die $dbh->errstr; my $vgift_id = $dbh->last_insert_id (undef, undef, "shop_vgifts", undef); Modified: trunk/htdocs/admin/accounts/vgiftsummary.bml =================================================================== --- trunk/htdocs/admin/accounts/vgiftsummary.bml 2012-01-19 15:13:51 UTC (rev 11333) +++ trunk/htdocs/admin/accounts/vgiftsummary.bml 2012-01-19 15:18:25 UTC (rev 11334) @@ -1,5 +1,6 @@ <?_code { +#line 4 use strict; use vars qw(%GET); @@ -12,8 +13,11 @@ return "You must first <a href=\"/login.bml?ret=1\">log in</a>." unless $remote; return LJ::no_access_error("You don't have access to see this.", "moneyview", '*') - unless (LJ::remote_has_priv($remote, "moneyview") || - LJ::check_priv($remote, "admin", "vgift")); + unless ( + LJ::remote_has_priv($remote, "moneyview") || + LJ::check_priv($remote, "admin", "vgift") || + LJ::check_priv($remote, "admin", "vgiftstat") + ); # Try slow role, falling back to slave, then master (eww) my $dbh = LJ::get_dbh("slow", "slave", "master") @@ -234,7 +238,23 @@ sub get_payitems { my $payments_ref = shift; return ({}, {}, {}) unless $payments_ref && scalar(keys %$payments_ref); - my $sql = 'SELECT * FROM payitems WHERE item="vgift" AND payid IN (' . join(',', keys %$payments_ref) . ')'; + + ## Is we need to filter vgifts? + my $vgift_names_filter = ""; + if (LJ::check_priv($remote, "admin", "vgiftstat")) { + my $vgift_names = $dbh->selectcol_arrayref ("SELECT vgift_name FROM shop_vgifts WHERE author = ?", undef, $remote->user); + die $dbh->errstr if $dbh->err; + if (@$vgift_names) { + $vgift_names_filter = " AND subitem IN('" . join ("','", @$vgift_names) . "') "; + } else { + ## User has a vgiftstat priv but not an author. It is error. + ## Privs have been loaded in check_priv + return ({}, {}, {}) + unless $remote->{'_priv'}->{"admin"}->{"*"}; + } + } + + my $sql = 'SELECT * FROM payitems WHERE item="vgift" AND payid IN (' . join(',', keys %$payments_ref) . ')' . " " . $vgift_names_filter; $sth = $dbh->prepare($sql); $sth->execute; $sth->{mysql_use_result} = 1; Modified: trunk/htdocs/admin/userheads/stat.bml =================================================================== --- trunk/htdocs/admin/userheads/stat.bml 2012-01-19 15:13:51 UTC (rev 11333) +++ trunk/htdocs/admin/userheads/stat.bml 2012-01-19 15:18:25 UTC (rev 11334) @@ -14,7 +14,7 @@ my $remote = LJ::get_remote(); return "<b>Error:</b> not logged in" unless $remote; return "<b>Error:</b> no access" - unless $LJ::IS_DEV_SERVER || LJ::check_priv($remote, "admin", "userheads"); + unless $LJ::IS_DEV_SERVER || LJ::check_priv($remote, "admin", "userheads") || LJ::check_priv($remote, "admin", "vgiftstat"); my $domain = LJ::Lang::get_dom("general"); my $lang = $LJ::DEFAULT_LANG; @@ -87,6 +87,9 @@ my ($uh_id) = $item =~ m#uh-(\d+)#; next unless $uh_id; my $uh = LJ::UserHead->get_userhead ($uh_id); + next if LJ::check_priv($remote, "admin", "vgiftstat") + and !$remote->{'_priv'}->{"admin"}->{"*"} + and $uh->get_uh_author ne $remote->user; $ret .= "<tr><td>".$uh_id."</td><td><img src='".$uh->get_uh_img."'></td><td>".$uh->get_price."</td><td>".$uh->get_uh_author."</td><td>".$uh_stat{$item}{qty}."</td><td>".$uh_stat{$item}{amt}."</td></tr>" if $uh; } $ret .= "<tr><th colspan='4'>Total:</th><th>".$uh_stat{total}{qty}."</th><th>".$uh_stat{total}{amt}."</th></tr>"; Modified: trunk/htdocs/admin/vgift/edit.bml =================================================================== --- trunk/htdocs/admin/vgift/edit.bml 2012-01-19 15:13:51 UTC (rev 11333) +++ trunk/htdocs/admin/vgift/edit.bml 2012-01-19 15:18:25 UTC (rev 11334) @@ -136,6 +136,7 @@ $ret .= "<tr><td>Is Hidden</td><td><input type='checkbox' name='is_hidden'" . ($vgift->is_hidden eq '1' ? " checked = 'checked' " : "") . "></td></tr>"; $ret .= "<tr><td>Is Hidden for not logged in</td><td><input type='checkbox' name='is_hidden_for_not_logged_in'" . ($vgift->{is_hidden_for_not_logged_in} eq '1' ? " checked = 'checked' " : "") . "></td></tr>"; $ret .= "<tr><td>VGift name</td><td><input type='text' name='vgift_name' value='" . $vgift->keyname . "'" . ($GET{vgift_id} ? " disabled='disabled'" : "") . "></td></tr>"; + $ret .= "<tr><td>VGift author</td><td><input type='text' name='author' value='" . $vgift->author . "'></td></tr>"; $ret .= "<tr><td>Is Promo</td><td><input type='checkbox' name='is_promo'" . ($vgift->is_promo eq '1' ? " checked = 'checked' " : "") . "></td></tr>"; $ret .= "<tr><td>Is Disabled</td><td><input type='checkbox' name='is_disabled'" . ($vgift->is_disabled eq '1' ? " checked = 'checked' " : "") . "></td></tr>"; $ret .= "<tr><td>Is Charity</td><td><input type='checkbox' name='is_charity'" . ($vgift->is_charity eq '1' ? " checked = 'checked' " : "") . "></td></tr>";