fix: managed tickets

smarcet · smarcet · commit 479547f49311 · 2024-08-27T17:04:16.000-03:00
get extra questions
diff --git a/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitOrderExtraQuestionTypeApiController.php b/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitOrderExtraQuestionTypeApiController.php
@@ -483,10 +483,10 @@ public function getOwnAttendeeAllowedExtraQuestions($summit_id)
     public function getAttendeeExtraQuestions($summit_id, $attendee_id)
     {
         $summit = SummitFinderStrategyFactory::build($this->getSummitRepository(), $this->getResourceServerContext())->find($summit_id);
-        if (is_null($summit)) return $this->error404("Summit not found");
+        if (is_null($summit)) return $this->error404("Summit not found.");
 
         $attendee = $summit->getAttendeeById(intval($attendee_id));
-        if (is_null($attendee)) return $this->error404("Attendee not found");
+        if (is_null($attendee)) return $this->error404("Attendee not found.");
 
         // authz
         // check that we have a current member ( not service account )
@@ -499,7 +499,12 @@ public function getAttendeeExtraQuestions($summit_id, $attendee_id)
 
         if(!$auth){
             // check if current member is the attendee
-            $auth = $attendee->getEmail() == $current_member->getEmail() || $attendee->getMemberId() == $current_member->getId();
+            $auth = (
+                    $attendee->getEmail() == $current_member->getEmail()
+                    || $attendee->getMemberId() == $current_member->getId()
+                    || $attendee->isManagedBy($current_member)
+            );
+
             if(!$auth){
                 // check if the attendee is under some order of the current member
                 foreach($current_member->getPadRegistrationOrdersForSummit($summit) as $order){
@@ -513,7 +518,7 @@ public function getAttendeeExtraQuestions($summit_id, $attendee_id)
         }
 
         if(!$auth)
-            return $this->error401();
+            return $this->error403("You are not Authorized.");
 
         return $this->_getAll(
             function () {
diff --git a/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitOrdersApiController.php b/app/Http/Controllers/Apis/Protected/Summit/OAuth2SummitOrdersApiController.php
@@ -468,7 +468,7 @@ public function getMyTicketById($order_id, $ticket_id)
             $current_user = $this->getResourceServerContext()->getCurrentUser();
 
             if (is_null($current_user))
-                return $this->error403();
+                return $this->error401();
 
             if (!$order instanceof SummitOrder)
                 throw new EntityNotFoundException("Order not found.");
diff --git a/app/ModelSerializers/Summit/Registration/BaseSummitAttendeeTicketSerializer.php b/app/ModelSerializers/Summit/Registration/BaseSummitAttendeeTicketSerializer.php
@@ -12,7 +12,6 @@
  * limitations under the License.
  **/
 
-use App\ModelSerializers\Traits\RequestScopedCache;
 use Libs\ModelSerializers\Many2OneExpandSerializer;
 use Libs\ModelSerializers\One2ManyExpandSerializer;
 use models\summit\SummitAttendeeTicket;
@@ -100,8 +99,6 @@ class BaseSummitAttendeeTicketSerializer extends SilverStripeSerializer
         ],
     ];
 
-    use RequestScopedCache;
-
     /**
      * @param null $expand
      * @param array $fields
@@ -111,37 +108,28 @@ class BaseSummitAttendeeTicketSerializer extends SilverStripeSerializer
      */
     public function serialize($expand = null, array $fields = [], array $relations = [], array $params = [])
     {
-        return $this->cache(
-            $this->getRequestKey
-            (
-                "BaseSummitAttendeeTicketSerializer",
-                $this->object->getIdentifier(),
-                $expand,
-                $fields,
-                $relations
-            ), function () use ($expand, $fields, $relations, $params) {
 
-            $ticket = $this->object;
-            if (!$ticket instanceof SummitAttendeeTicket) return [];
-            $values = parent::serialize($expand, $fields, $relations, $params);
+        $ticket = $this->object;
+        if (!$ticket instanceof SummitAttendeeTicket) return [];
+        $values = parent::serialize($expand, $fields, $relations, $params);
 
-            if (in_array('applied_taxes', $relations) && !isset($values['applied_taxes'])) {
-                $applied_taxes = [];
-                foreach ($ticket->getAppliedTaxes() as $tax) {
-                    $applied_taxes[] = $tax->getId();
-                }
-                $values['applied_taxes'] = $applied_taxes;
+        if (in_array('applied_taxes', $relations) && !isset($values['applied_taxes'])) {
+            $applied_taxes = [];
+            foreach ($ticket->getAppliedTaxes() as $tax) {
+                $applied_taxes[] = $tax->getId();
             }
+            $values['applied_taxes'] = $applied_taxes;
+        }
 
-            if (in_array('refund_requests', $relations) && !isset($values['refund_requests'])) {
-                $refund_requests = [];
-                foreach ($ticket->getRefundedRequests() as $request) {
-                    $refund_requests[] = $request->getId();
-                }
-                $values['refund_requests'] = $refund_requests;
+        if (in_array('refund_requests', $relations) && !isset($values['refund_requests'])) {
+            $refund_requests = [];
+            foreach ($ticket->getRefundedRequests() as $request) {
+                $refund_requests[] = $request->getId();
             }
+            $values['refund_requests'] = $refund_requests;
+        }
+
+        return $values;
 
-            return $values;
-        });
     }
 }
diff --git a/app/ModelSerializers/Summit/Registration/SummitAttendeeSerializer.php b/app/ModelSerializers/Summit/Registration/SummitAttendeeSerializer.php
