Refactored flow for new authorization check logic

rogyar · rogyar · commit 5c0bcfd2160d · 2018-11-02T11:58:47.000+02:00
diff --git a/app/code/Magento/QuoteGraphQl/Model/Resolver/CartAddress.php b/app/code/Magento/QuoteGraphQl/Model/Resolver/CartAddress.php
@@ -8,15 +8,11 @@
 namespace Magento\QuoteGraphQl\Model\Resolver;
 
 use Magento\Framework\Exception\LocalizedException;
-use Magento\Framework\Exception\NoSuchEntityException;
 use Magento\Framework\GraphQl\Config\Element\Field;
-use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException;
-use Magento\Framework\GraphQl\Exception\GraphQlNoSuchEntityException;
 use Magento\Framework\GraphQl\Query\ResolverInterface;
 use Magento\Framework\GraphQl\Schema\Type\ResolveInfo;
 use Magento\Quote\Api\CartRepositoryInterface;
 use Magento\Quote\Model\MaskedQuoteIdToQuoteId;
-use Magento\QuoteGraphQl\Model\Authorization\IsCartMutationAllowedForCurrentUser;
 use Magento\QuoteGraphQl\Model\Resolver\Address\AddressDataProvider;
 
 /**
@@ -29,11 +25,6 @@ class CartAddress implements ResolverInterface
      */
     private $addressDataProvider;
 
-    /**
-     * @var IsCartMutationAllowedForCurrentUser
-     */
-    private $isCartMutationAllowedForCurrentUser;
-
     /**
      * @var CartRepositoryInterface
      */
@@ -50,58 +41,28 @@ class CartAddress implements ResolverInterface
      * @param MaskedQuoteIdToQuoteId $maskedQuoteIdToQuoteId
      * @param CartRepositoryInterface $cartRepository
      * @param AddressDataProvider $addressDataProvider
-     * @param IsCartMutationAllowedForCurrentUser $isCartMutationAllowedForCurrentUser
      */
     public function __construct(
         MaskedQuoteIdToQuoteId $maskedQuoteIdToQuoteId,
         CartRepositoryInterface $cartRepository,
-        AddressDataProvider $addressDataProvider,
-        IsCartMutationAllowedForCurrentUser $isCartMutationAllowedForCurrentUser
+        AddressDataProvider $addressDataProvider
     ) {
         $this->maskedQuoteIdToQuoteId = $maskedQuoteIdToQuoteId;
         $this->cartRepository = $cartRepository;
         $this->addressDataProvider = $addressDataProvider;
-        $this->isCartMutationAllowedForCurrentUser = $isCartMutationAllowedForCurrentUser;
     }
 
     /**
      * @inheritdoc
      */
     public function resolve(Field $field, $context, ResolveInfo $info, array $value = null, array $args = null)
     {
-        /* The cart_id is used instead of the model because some parent resolvers do not work
-           with cart model */
-        if (!isset($value['cart_id'])) {
-            throw new LocalizedException(__('"cart_id" value should be specified'));
+        if (!isset($value['model'])) {
+            throw new LocalizedException(__('"model" value should be specified'));
         }
 
-        $maskedCartId = $value['cart_id'];
-
-        try {
-            $quoteId = $this->maskedQuoteIdToQuoteId->execute($maskedCartId);
-        } catch (NoSuchEntityException $exception) {
-            throw new GraphQlNoSuchEntityException(
-                __('Could not find a cart with ID "%masked_cart_id"', ['masked_cart_id' => $maskedCartId])
-            );
-        }
-
-        if (false === $this->isCartMutationAllowedForCurrentUser->execute($quoteId)) {
-            throw new GraphQlAuthorizationException(
-                __(
-                    'The current user cannot perform operations on cart "%masked_cart_id"',
-                    ['masked_cart_id' => $maskedCartId]
-                )
-            );
-        }
-
-        try {
-            $quote = $this->cartRepository->get($quoteId);
-        } catch (NoSuchEntityException $exception) {
-            throw new GraphQlNoSuchEntityException(
-                __('Could not find a cart with ID "%quote_id"', ['quote_id' => $quoteId])
-            );
-        }
+        $cart = $value['model'];
 
-        return $this->addressDataProvider->getCartAddresses($quote);
+        return $this->addressDataProvider->getCartAddresses($cart);
     }
 }
diff --git a/app/code/Magento/QuoteGraphQl/Model/Resolver/ShippingMethod/SetShippingMethodsOnCart.php b/app/code/Magento/QuoteGraphQl/Model/Resolver/ShippingMethod/SetShippingMethodsOnCart.php
@@ -12,18 +12,16 @@
 use Magento\Framework\Exception\InputException;
 use Magento\Framework\Exception\NoSuchEntityException;
 use Magento\Framework\Exception\StateException;
-use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException;
 use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 use Magento\Framework\GraphQl\Exception\GraphQlNoSuchEntityException;
 use Magento\Framework\GraphQl\Query\ResolverInterface;
 use Magento\Framework\GraphQl\Config\Element\Field;
 use Magento\Framework\GraphQl\Schema\Type\ResolveInfo;
 use Magento\Framework\Stdlib\ArrayManager;
-use Magento\Quote\Model\MaskedQuoteIdToQuoteIdInterface;
-use Magento\QuoteGraphQl\Model\Authorization\IsCartMutationAllowedForCurrentUser;
 use Magento\Quote\Model\Quote\AddressFactory as QuoteAddressFactory;
 use Magento\Quote\Model\ResourceModel\Quote\Address as QuoteAddressResource;
 use Magento\Checkout\Model\ShippingInformationFactory;
+use Magento\QuoteGraphQl\Model\Cart\GetCartForUser;
 
 /**
  * Class SetShippingMethodsOnCart
@@ -47,20 +45,15 @@ class SetShippingMethodsOnCart implements ResolverInterface
      */
     private $quoteAddressResource;
 
-    /**
-     * @var MaskedQuoteIdToQuoteIdInterface
-     */
-    private $maskedQuoteIdToQuoteId;
-
     /**
      * @var ArrayManager
      */
     private $arrayManager;
 
     /**
-     * @var IsCartMutationAllowedForCurrentUser
+     * @var GetCartForUser
      */
-    private $isCartMutationAllowedForCurrentUser;
+    private $getCartForUser;
 
     /**
      * @var ShippingInformationManagementInterface
@@ -70,27 +63,23 @@ class SetShippingMethodsOnCart implements ResolverInterface
     /**
      * SetShippingMethodsOnCart constructor.
      * @param ArrayManager $arrayManager
-     * @param MaskedQuoteIdToQuoteIdInterface $maskedQuoteIdToQuoteId
-     * @param IsCartMutationAllowedForCurrentUser $isCartMutationAllowedForCurrentUser
+     * @param GetCartForUser $getCartForUser
      * @param ShippingInformationManagementInterface $shippingInformationManagement
      * @param QuoteAddressFactory $quoteAddressFactory
      * @param QuoteAddressResource $quoteAddressResource
      * @param ShippingInformationFactory $shippingInformationFactory
      */
     public function __construct(
         ArrayManager $arrayManager,
-        MaskedQuoteIdToQuoteIdInterface $maskedQuoteIdToQuoteId,
-        IsCartMutationAllowedForCurrentUser $isCartMutationAllowedForCurrentUser,
+        GetCartForUser $getCartForUser,
         ShippingInformationManagementInterface $shippingInformationManagement,
         QuoteAddressFactory $quoteAddressFactory,
         QuoteAddressResource $quoteAddressResource,
         ShippingInformationFactory $shippingInformationFactory
     ) {
         $this->arrayManager = $arrayManager;
-        $this->maskedQuoteIdToQuoteId = $maskedQuoteIdToQuoteId;
-        $this->isCartMutationAllowedForCurrentUser = $isCartMutationAllowedForCurrentUser;
+        $this->getCartForUser = $getCartForUser;
         $this->shippingInformationManagement = $shippingInformationManagement;
-
         $this->quoteAddressResource = $quoteAddressResource;
         $this->quoteAddressFactory = $quoteAddressFactory;
         $this->shippingInformationFactory = $shippingInformationFactory;
@@ -111,34 +100,20 @@ public function resolve(Field $field, $context, ResolveInfo $info, array $value
             throw new GraphQlInputException(__('Required parameter "shipping_methods" is missing'));
         }
 
-        $shippingMethod = reset($shippingMethods); // TODO: provide implementation for multishipping
+        $shippingMethod = reset($shippingMethods);
 
         if (!$shippingMethod['cart_address_id']) {
             throw new GraphQlInputException(__('Required parameter "cart_address_id" is missing'));
         }
-        if (!$shippingMethod['shipping_carrier_code']) { // FIXME: check the E_WARNING here
+        if (!$shippingMethod['shipping_carrier_code']) {
             throw new GraphQlInputException(__('Required parameter "shipping_carrier_code" is missing'));
         }
-        if (!$shippingMethod['shipping_method_code']) { // FIXME: check the E_WARNING here
+        if (!$shippingMethod['shipping_method_code']) {
             throw new GraphQlInputException(__('Required parameter "shipping_method_code" is missing'));
         }
 
-        try {
-            $cartId = $this->maskedQuoteIdToQuoteId->execute((string) $maskedCartId);
-        } catch (NoSuchEntityException $exception) {
-            throw new GraphQlNoSuchEntityException(
-                __('Could not find a cart with ID "%masked_cart_id"', ['masked_cart_id' => $maskedCartId])
-            );
-        }
-
-        if (false === $this->isCartMutationAllowedForCurrentUser->execute($cartId)) {
-            throw new GraphQlAuthorizationException(
-                __(
-                    'The current user cannot perform operations on cart "%masked_cart_id"',
-                    ['masked_cart_id' => $maskedCartId]
-                )
-            );
-        }
+        $userId = $context->getUserId();
+        $cart = $this->getCartForUser->execute((string) $maskedCartId, $userId);
 
         $quoteAddress = $this->quoteAddressFactory->create();
         $this->quoteAddressResource->load($quoteAddress, $shippingMethod['cart_address_id']);
@@ -153,7 +128,7 @@ public function resolve(Field $field, $context, ResolveInfo $info, array $value
         $shippingInformation->setShippingMethodCode($shippingMethod['shipping_method_code']);
 
         try {
-            $this->shippingInformationManagement->saveAddressInformation($cartId, $shippingInformation);
+            $this->shippingInformationManagement->saveAddressInformation($cart->getId(), $shippingInformation);
         } catch (NoSuchEntityException $exception) {
             throw new GraphQlNoSuchEntityException(__($exception->getMessage()));
         } catch (StateException $exception) {
@@ -164,7 +139,8 @@ public function resolve(Field $field, $context, ResolveInfo $info, array $value
 
         return [
             'cart' => [
-                'cart_id' => $maskedCartId
+                'cart_id' => $maskedCartId,
+                'model' => $cart
             ]
         ];
     }
