Limit Access to customers #86

Author: cebe

console/jobs/CreateReportJob.php

@@ -20,9 +20,10 @@ class CreateReportJob extends BaseObject implements RetryableJobInterface
     const TTR = 600; // in seconds
 
     /**
-     * @var int $customer
+     * @var int[] $customer_ids array of customer IDs.
+     * Limits the orders to one or more customers.
      */
-    public int $customer;
+    public array $customer_ids;
 
     /**
      * @var int $userId
@@ -50,9 +51,10 @@ class CreateReportJob extends BaseObject implements RetryableJobInterface
     public bool $items;
 
     /**
-     * @var array if set, the report will be generated on order numbers instead of date range.
+     * @var array|null if set, the report will be generated on order numbers instead of date range.
      */
-    public array $order_nrs;
+    public ?array $order_nrs = null;
+
 
     /**
      * @inheritDoc
@@ -97,9 +99,10 @@ protected function processReport(): string
         if (is_array($this->order_nrs)) {
             $ordersQuery->where(['customer_reference' => $this->order_nrs]);
         } else {
-            $ordersQuery->where(['customer_id' => $this->customer]);
-            $ordersQuery->andWhere(['between', 'created_date', $this->start_date, $this->end_date])
+            $ordersQuery->andWhere(['between', 'created_date', $this->start_date, $this->end_date]);
         }
+        // limit access by customer
+        $ordersQuery->andWhere(['IN', 'customer_id', $this->customer_ids]);
 
 
         $dir = Yii::getAlias('@console') . '/runtime/reports/';

frontend/controllers/ReportController.php

@@ -3,10 +3,8 @@
 namespace frontend\controllers;
 
 use Yii;
-use console\jobs\CreateReportJob;
-use frontend\models\Customer;
 use frontend\models\forms\ReportForm;
-use frontend\models\User;
+use yii\filters\AccessControl;
 
 /**
  * Class ReportController
@@ -20,7 +18,7 @@ public function behaviors()
     {
         return [
             'access' => [
-                'class' => 'yii\filters\AccessControl',
+                'class' => AccessControl::class,
                 'rules' => [
                     [
                         'allow' => true,
@@ -34,7 +32,6 @@ public function behaviors()
     /**
      * Index for creating CSV report
      *
-     * @return string|void
      * @throws \yii\base\InvalidConfigException
      */
     public function actionIndex($scenario = null)
@@ -61,7 +58,6 @@ public function actionIndex($scenario = null)
             }
         }
 
-
         return $this->render(
             'index',
             [

frontend/models/forms/ReportForm.php

@@ -100,7 +100,7 @@ public function pushReportQueueJob()
         switch ($this->scenario) {
             case self::SCENARIO_BY_DATE:
                 $job = new CreateReportJob([
-                    'customer' => $this->customer,
+                    'customer_ids' => [$this->customer],
                     'start_date' => $this->start_date,
                     'end_date' => $this->end_date,
                     'items' => $this->items,
@@ -109,6 +109,7 @@ public function pushReportQueueJob()
             case self::SCENARIO_BY_ORDER_NR:
                 $job = new CreateReportJob([
                     'order_nrs' => $this->getOrderNrs(),
+                    'customer_ids' => array_keys($this->getCustomerList()),
                     'items' => $this->items,
                 ]);
                 break;

tests/unit.suite.yml

@@ -12,4 +12,4 @@ modules:
         - Yii2:
             configFile: 'common/config/test-local.php'
             transaction: false
-    step_decorators: ~        
+    step_decorators: ~

tests/unit/frontend/models/ReportFormTest.php

@@ -64,6 +64,14 @@ public function _orderNrProvider()
 DEF
 
 
+CSV
+                , ['ABC', '123', 'DEF']],
+            [<<<CSV
+ABC,
+ 123  ,
+   DEF
+
+
 CSV
                 , ['ABC', '123', 'DEF']],
         ];