Committer: gprochaev
LJSUP-10997: Create privilege to view userheads statsU trunk/cgi-bin/LJ/Pay/ShopVGift.pm U trunk/htdocs/admin/accounts/vgiftsummary.bml U trunk/htdocs/admin/userheads/stat.bml U trunk/htdocs/admin/vgift/edit.bml
Modified: trunk/cgi-bin/LJ/Pay/ShopVGift.pm
===================================================================
--- trunk/cgi-bin/LJ/Pay/ShopVGift.pm 2012-01-19 15:13:51 UTC (rev 11333)
+++ trunk/cgi-bin/LJ/Pay/ShopVGift.pm 2012-01-19 15:18:25 UTC (rev 11334)
@@ -138,6 +138,11 @@
sub expire_time { time() + 14*86400 }
+sub author {
+ my $self = shift;
+ return $self->{'author'};
+}
+
sub price {
my $self = shift;
return $self->is_free ? "0.00" : $self->{price};
@@ -275,7 +280,7 @@
LJ::ModuleCheck->have("LJ::Pay::ShopVGift::".$opts{perl_class});
my (@fields, @fields_values);
- for ('vgift_name', 'perl_class', 'price', 'date_start', 'date_end', 'is_hidden', 'is_promo', 'is_disabled', 'is_charity', 'is_sponsored', 'avail_for', 'cnt_for_send', 'min_age', 'max_age', 'is_hidden_for_not_logged_in', 'available_bit') {
+ for ('vgift_name', 'perl_class', 'price', 'date_start', 'date_end', 'is_hidden', 'is_promo', 'is_disabled', 'is_charity', 'is_sponsored', 'avail_for', 'cnt_for_send', 'min_age', 'max_age', 'is_hidden_for_not_logged_in', 'available_bit', 'author') {
if ( defined $opts{$_} ) {
push @fields, $_;
push @fields_values, $opts{$_};
@@ -640,12 +645,16 @@
my $dbh = LJ::get_db_writer();
$dbh->do("
INSERT INTO shop_vgifts (
- vgift_name, perl_class, price, date_start, date_end, min_age, max_age, is_hidden, is_hidden_for_not_logged_in, is_promo, is_disabled, is_charity, is_sponsored
+ vgift_name, perl_class, price, date_start, date_end, min_age, max_age, is_hidden,
+ is_hidden_for_not_logged_in, is_promo, is_disabled, is_charity, is_sponsored, author
) VALUES (
?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?
)
- ", undef, $opts{vgift_name}, $opts{perl_class}, $opts{price}||undef, $opts{date_start}||undef, $opts{date_end}||undef,$opts{min_age}||undef,$opts{max_age}||undef,
- $opts{is_hidden}, $opts{is_hidden_for_not_logged_in}||0, $opts{is_promo}, $opts{is_disabled}, $opts{is_charity}, $opts{is_sponsored})||die $dbh->errstr;
+ ", undef, $opts{vgift_name}, $opts{perl_class}, $opts{price} || undef, $opts{date_start} || undef,
+ $opts{date_end} || undef, $opts{min_age} || undef, $opts{max_age} || undef,
+ $opts{is_hidden}, $opts{is_hidden_for_not_logged_in} || 0, $opts{is_promo}, $opts{is_disabled},
+ $opts{is_charity}, $opts{is_sponsored}, $opts{author}
+ ) || die $dbh->errstr;
my $vgift_id = $dbh->last_insert_id (undef, undef, "shop_vgifts", undef);
Modified: trunk/htdocs/admin/accounts/vgiftsummary.bml
===================================================================
--- trunk/htdocs/admin/accounts/vgiftsummary.bml 2012-01-19 15:13:51 UTC (rev 11333)
+++ trunk/htdocs/admin/accounts/vgiftsummary.bml 2012-01-19 15:18:25 UTC (rev 11334)
@@ -1,5 +1,6 @@
<?_code
{
+#line 4
use strict;
use vars qw(%GET);
@@ -12,8 +13,11 @@
return "You must first <a href=\"/login.bml?ret=1\">log in</a>."
unless $remote;
return LJ::no_access_error("You don't have access to see this.", "moneyview", '*')
- unless (LJ::remote_has_priv($remote, "moneyview") ||
- LJ::check_priv($remote, "admin", "vgift"));
+ unless (
+ LJ::remote_has_priv($remote, "moneyview") ||
+ LJ::check_priv($remote, "admin", "vgift") ||
+ LJ::check_priv($remote, "admin", "vgiftstat")
+ );
# Try slow role, falling back to slave, then master (eww)
my $dbh = LJ::get_dbh("slow", "slave", "master")
@@ -234,7 +238,23 @@
sub get_payitems {
my $payments_ref = shift;
return ({}, {}, {}) unless $payments_ref && scalar(keys %$payments_ref);
- my $sql = 'SELECT * FROM payitems WHERE item="vgift" AND payid IN (' . join(',', keys %$payments_ref) . ')';
+
+ ## Is we need to filter vgifts?
+ my $vgift_names_filter = "";
+ if (LJ::check_priv($remote, "admin", "vgiftstat")) {
+ my $vgift_names = $dbh->selectcol_arrayref ("SELECT vgift_name FROM shop_vgifts WHERE author = ?", undef, $remote->user);
+ die $dbh->errstr if $dbh->err;
+ if (@$vgift_names) {
+ $vgift_names_filter = " AND subitem IN('" . join ("','", @$vgift_names) . "') ";
+ } else {
+ ## User has a vgiftstat priv but not an author. It is error.
+ ## Privs have been loaded in check_priv
+ return ({}, {}, {})
+ unless $remote->{'_priv'}->{"admin"}->{"*"};
+ }
+ }
+
+ my $sql = 'SELECT * FROM payitems WHERE item="vgift" AND payid IN (' . join(',', keys %$payments_ref) . ')' . " " . $vgift_names_filter;
$sth = $dbh->prepare($sql);
$sth->execute;
$sth->{mysql_use_result} = 1;
Modified: trunk/htdocs/admin/userheads/stat.bml
===================================================================
--- trunk/htdocs/admin/userheads/stat.bml 2012-01-19 15:13:51 UTC (rev 11333)
+++ trunk/htdocs/admin/userheads/stat.bml 2012-01-19 15:18:25 UTC (rev 11334)
@@ -14,7 +14,7 @@
my $remote = LJ::get_remote();
return "<b>Error:</b> not logged in" unless $remote;
return "<b>Error:</b> no access"
- unless $LJ::IS_DEV_SERVER || LJ::check_priv($remote, "admin", "userheads");
+ unless $LJ::IS_DEV_SERVER || LJ::check_priv($remote, "admin", "userheads") || LJ::check_priv($remote, "admin", "vgiftstat");
my $domain = LJ::Lang::get_dom("general");
my $lang = $LJ::DEFAULT_LANG;
@@ -87,6 +87,9 @@
my ($uh_id) = $item =~ m#uh-(\d+)#;
next unless $uh_id;
my $uh = LJ::UserHead->get_userhead ($uh_id);
+ next if LJ::check_priv($remote, "admin", "vgiftstat")
+ and !$remote->{'_priv'}->{"admin"}->{"*"}
+ and $uh->get_uh_author ne $remote->user;
$ret .= "<tr><td>".$uh_id."</td><td><img src='".$uh->get_uh_img."'></td><td>".$uh->get_price."</td><td>".$uh->get_uh_author."</td><td>".$uh_stat{$item}{qty}."</td><td>".$uh_stat{$item}{amt}."</td></tr>" if $uh;
}
$ret .= "<tr><th colspan='4'>Total:</th><th>".$uh_stat{total}{qty}."</th><th>".$uh_stat{total}{amt}."</th></tr>";
Modified: trunk/htdocs/admin/vgift/edit.bml
===================================================================
--- trunk/htdocs/admin/vgift/edit.bml 2012-01-19 15:13:51 UTC (rev 11333)
+++ trunk/htdocs/admin/vgift/edit.bml 2012-01-19 15:18:25 UTC (rev 11334)
@@ -136,6 +136,7 @@
$ret .= "<tr><td>Is Hidden</td><td><input type='checkbox' name='is_hidden'" . ($vgift->is_hidden eq '1' ? " checked = 'checked' " : "") . "></td></tr>";
$ret .= "<tr><td>Is Hidden for not logged in</td><td><input type='checkbox' name='is_hidden_for_not_logged_in'" . ($vgift->{is_hidden_for_not_logged_in} eq '1' ? " checked = 'checked' " : "") . "></td></tr>";
$ret .= "<tr><td>VGift name</td><td><input type='text' name='vgift_name' value='" . $vgift->keyname . "'" . ($GET{vgift_id} ? " disabled='disabled'" : "") . "></td></tr>";
+ $ret .= "<tr><td>VGift author</td><td><input type='text' name='author' value='" . $vgift->author . "'></td></tr>";
$ret .= "<tr><td>Is Promo</td><td><input type='checkbox' name='is_promo'" . ($vgift->is_promo eq '1' ? " checked = 'checked' " : "") . "></td></tr>";
$ret .= "<tr><td>Is Disabled</td><td><input type='checkbox' name='is_disabled'" . ($vgift->is_disabled eq '1' ? " checked = 'checked' " : "") . "></td></tr>";
$ret .= "<tr><td>Is Charity</td><td><input type='checkbox' name='is_charity'" . ($vgift->is_charity eq '1' ? " checked = 'checked' " : "") . "></td></tr>";
