Page MenuHomeIn-Portal Phabricator

INP-1799 - Add/use "system" user instead of "root" for system initiated activities
Needs ReviewPublic

Authored by erik on Mar 11 2021, 10:47 AM.

Details

Reviewers
alex
Summary

Create SYSTEM user for all Internal / Cron operations

Test Plan

Preparations

In the modules\in-news\units\articles\articles_event_handler.php file replace $resource_ids[] = $category_data['ResourceId']; line with:

$resource_ids[] = $category_data['ResourceId'];
$category = $this->Application->recallObject('c', null, array('skip_autoload' => true));
$category->SetDBField('l1_Name', 'Test_' . time());
$category->SetDBField('ParentId', $category_id);
$category->Create();

In the core\units\categories\categories_config.php file add CreatedById field to the Default grid:

'CreatedById' => array('filter_block' => 'grid_like_filter', 'title' => 'la_fld_CreatedById'),

In the core\units\mailing_lists\mailing_lists_config.php file add PortalUserId field to the Default grid:

'PortalUserId' => Array ('filter_block' => 'grid_like_filter', 'title' => 'la_col_FromUser'),

In the core\units\spam_reports\spam_reports_config.php file add ReportedById field to the Default grid:

'ReportedById' => Array ('filter_block' => 'grid_like_filter', 'title' => 'la_col_FromUser'),

In the themes\advanced\platform\designs\default_design.des.tpl file add after <body> tag:

Created By: <inp2:st_Field name="CreatedById"/>, Modified By: <inp2:st_Field name="ModifiedById"/>.

In the modules\in-commerce\units\products\products_config.php file add CreatedByIdId field to the Default grid:

'CreatedById' => array('filter_block' => 'grid_like_filter', 'title' => 'la_fld_CreatedById'),

In the modules\in-commerce\units\orders\orders_config.php file add CreatedByIdId field to the Default & Search grids:

'PortalUserId' => Array ('filter_block' => 'grid_like_filter', 'title' => 'la_col_FromUser'),

In the tools\run_event.php comment out line:

exit_code(1, 'This script needs to be enabled manually !');

Testing (part 1 - rss feed import as "system" user and "system" user infusion via "Test_" categories for scheduled tasks)

  1. Go to Website & ContentStructure & Data section
  2. Select News category, edit its Properties tab:
    1. set 1 into Update Interval field
    2. set https://wordpress.org/news/feed/ into Source URL field
  3. Enable Use Cron to run Scheduled Tasks system setting in ConfigurationWebsiteAdvanced section
  4. Enable n:OnUpdateRSSArticles scheduled task execution in the ConfigurationWebsiteScheduled Tasks section
  5. Run php tools/cron.php
  6. Confirm that new automatic articles appear with Author = system
  7. Confirm that new categories with names Test_{some number} created under News category, and for that Test_ categories Created By = 'system'
  8. Disable n:OnUpdateRSSArticles scheduled task execution in the ConfigurationWebsiteScheduled Tasks section

Testing (part 2 - the "run_event.php" script infusion of "system" user via "Test_" categories)

  1. Run the php tools/run_event.php n:OnUpdateRSSArticles b674006f3edb1d9cd4d838c150b0567d in the root folder of a project
  2. Confirm that new categories with names Test_{some number} created under News category, and for that Test_ categories Created By = 'system'

Testing (part 3 - system log)

  1. Go to ToolsSystem Tools
  2. do a full cache rebuild (triggers some system log records)
  3. Go to ToolsQuery Database section
  4. Run SQL like UPDATE inp_SystemLog SET LogUserId = -3;
  5. Go to Logs & ReportsSystem Log section
  6. Confirm that no SQL error happens
  7. Confirm that system value is shown in the Username column of the System Logs grid

Testing (part 4 - mailing lists)

  1. Go to User ManagementMailings section
  2. Add some record
  3. Go to ToolsQuery Database section
  4. Run SQL like UPDATE inp_MailingLists SET PortalUserId = -3;
  5. Confirm that system value is shown in the From User column of the Mailings grid

Testing (part 5 - spam reports)

  1. Go to ToolsQuery Database section
  2. Run SQL like INSERT INTO inp_SpamReports VALUES (DEFAULT, 'p', '1', 'Test', UNIX_TIMESTAMP(), '-3');
  3. Go to Logs & ReportsSPAM Reports section
  4. Confirm that system value is shown in the From User column

Testing (part 6 - categories)

  1. Go to ToolsQuery Database section
  2. Run SQL like UPDATE inp_Categories SET CreatedById = -3, ModifiedById = -3 WHERE Template` = 'index';`
  3. Open front-end index page.
  4. Confirm text appeared at the top of the page: Created By: system, Modified By: system.

Testing (part 7 - system event subscriptions)

  1. Go to ToolsQuery Database section
  2. Run SQL: UPDATE inp_EmailTemplates SET BindToSystemEvent = 'u:OnCreate' WHERE TemplateId = 1
  3. Run SQL: INSERT INTO inp_SystemEventSubscriptions (SubscriptionId, EmailTemplateId, SubscriberEmail, UserId, CategoryId, IncludeSublevels, ItemId, ParentItemId, SubscribedOn) VALUES (NULL, 1, '', '-3', NULL, '1', NULL, NULL, NULL)
  4. Go to User ManagementUser Subscriptions section
  5. Confirm that system value is shown in the User ID and Username columns

Testing (part 8 - orders)

  1. Go to E-commerceOrders section
  2. Create some order
  3. Go to ToolsQuery Database section
  4. Run SQL: UPDATE inp_Orders SET PortalUserId = -3
  5. Go to E-commerceOrders section
  6. Confirm that orders have system value in the Customer Name column and that text isn't a link for user editing

Testing (part 9 - products)

  1. Go to Website & ContentProducts section
  2. Create some product
  3. Go to ToolsQuery Database section
  4. Run SQL: UPDATE inp_Products SET CreatedById = -3
  5. Confirm that products have system value in the Created By column

Diff Detail

Repository
rINP In-Portal
Branch
/in-portal/branches/5.2.x
Lint
Lint ErrorsExcuse: Doing all CS fixes is not part of this task.
SeverityLocationCodeMessage
Errorcore/units/categories/categories_config.php:343PHPCS.E.CodingStandard.Arrays.Array.SpaceAfterKeywordCodingStandard.Arrays.Array.SpaceAfterKeyword
Errorcore/units/categories/categories_config.php:343PHPCS.E.Generic.PHP.LowerCaseKeyword.FoundGeneric.PHP.LowerCaseKeyword.Found
Errorcore/units/categories/categories_config.php:344PHPCS.E.CodingStandard.Arrays.Array.SpaceAfterKeywordCodingStandard.Arrays.Array.SpaceAfterKeyword
Errorcore/units/categories/categories_config.php:344PHPCS.E.CodingStandard.Arrays.Array.SpaceAfterKeywordCodingStandard.Arrays.Array.SpaceAfterKeyword
Errorcore/units/categories/categories_config.php:344PHPCS.E.CodingStandard.Arrays.Array.SpaceAfterKeywordCodingStandard.Arrays.Array.SpaceAfterKeyword
Errorcore/units/categories/categories_config.php:344PHPCS.E.CodingStandard.Strings.ConcatenationSpacing.NoSpaceAfterCodingStandard.Strings.ConcatenationSpacing.NoSpaceAfter
Errorcore/units/categories/categories_config.php:344PHPCS.E.CodingStandard.Strings.ConcatenationSpacing.NoSpaceAfterCodingStandard.Strings.ConcatenationSpacing.NoSpaceAfter
Errorcore/units/categories/categories_config.php:344PHPCS.E.CodingStandard.Strings.ConcatenationSpacing.NoSpaceBeforeCodingStandard.Strings.ConcatenationSpacing.NoSpaceBefore
Errorcore/units/categories/categories_config.php:344PHPCS.E.CodingStandard.Strings.ConcatenationSpacing.NoSpaceBeforeCodingStandard.Strings.ConcatenationSpacing.NoSpaceBefore
Errorcore/units/categories/categories_config.php:344PHPCS.E.CodingStandard.WhiteSpace.CommaSpacing.AfterCodingStandard.WhiteSpace.CommaSpacing.After
Errorcore/units/categories/categories_config.php:344PHPCS.E.Generic.PHP.LowerCaseConstant.FoundGeneric.PHP.LowerCaseConstant.Found
Errorcore/units/categories/categories_config.php:344PHPCS.E.Generic.PHP.LowerCaseKeyword.FoundGeneric.PHP.LowerCaseKeyword.Found
Errorcore/units/categories/categories_config.php:344PHPCS.E.Generic.PHP.LowerCaseKeyword.FoundGeneric.PHP.LowerCaseKeyword.Found
Errorcore/units/categories/categories_config.php:344PHPCS.E.Generic.PHP.LowerCaseKeyword.FoundGeneric.PHP.LowerCaseKeyword.Found
Errorcore/units/categories/categories_config.php:345PHPCS.E.CodingStandard.Arrays.Array.SpaceAfterKeywordCodingStandard.Arrays.Array.SpaceAfterKeyword
Errorcore/units/categories/categories_config.php:345PHPCS.E.Generic.PHP.LowerCaseKeyword.FoundGeneric.PHP.LowerCaseKeyword.Found
Errorcore/units/categories/categories_config.php:355PHPCS.E.CodingStandard.Arrays.Array.SpaceAfterKeywordCodingStandard.Arrays.Array.SpaceAfterKeyword
Errorcore/units/categories/categories_config.php:355PHPCS.E.Generic.PHP.LowerCaseKeyword.FoundGeneric.PHP.LowerCaseKeyword.Found
Errorcore/units/categories/categories_config.php:356PHPCS.E.CodingStandard.Arrays.Array.SpaceAfterKeywordCodingStandard.Arrays.Array.SpaceAfterKeyword
Errorcore/units/categories/categories_config.php:356PHPCS.E.CodingStandard.Arrays.Array.SpaceAfterKeywordCodingStandard.Arrays.Array.SpaceAfterKeyword
Errorcore/units/categories/categories_config.php:356PHPCS.E.CodingStandard.Arrays.Array.SpaceAfterKeywordCodingStandard.Arrays.Array.SpaceAfterKeyword
Errorcore/units/categories/categories_config.php:356PHPCS.E.CodingStandard.WhiteSpace.CommaSpacing.AfterCodingStandard.WhiteSpace.CommaSpacing.After
Errorcore/units/categories/categories_config.php:356PHPCS.E.Generic.PHP.LowerCaseKeyword.FoundGeneric.PHP.LowerCaseKeyword.Found
Errorcore/units/categories/categories_config.php:356PHPCS.E.Generic.PHP.LowerCaseKeyword.FoundGeneric.PHP.LowerCaseKeyword.Found
Errorcore/units/categories/categories_config.php:356PHPCS.E.Generic.PHP.LowerCaseKeyword.FoundGeneric.PHP.LowerCaseKeyword.Found
Unit
No Unit Test Coverage
Build Status
Buildable 1030
Build 1030: arc lint + arc unit

Event Timeline

erik created this revision.Mar 11 2021, 10:47 AM
erik requested review of this revision.Mar 11 2021, 10:47 AM
erik updated this revision to Diff 991.Mar 12 2021, 1:54 AM

Added system user check to session LoggedIn method.

alex requested changes to this revision.Mar 12 2021, 5:25 AM
alex added inline comments.
core/kernel/managers/scheduled_task_manager.php
119–120
  1. Since you're at this line please do minimal CS fixing.
  2. Add tests to confirm, that this user is actually used, e.g. scheduled task that creates a record owned by a currently logged-in user should use a system user.
core/kernel/session/session.php
1126–1129

Since you're at this line please do minimal CS fixing.

core/kernel/utility/temp_handler.php
1064–1075 ↗(On Diff #991)

Please revert.


The "system" user can't log in to perform such an activity.

core/units/helpers/page_helper.php
79 ↗(On Diff #991)

Please revert.


The "system" user can't log in to perform such an activity.

core/units/logs/change_logs/change_logs_config.php
88 ↗(On Diff #991)

Please revert.


The "system" user can't log in to perform such an activity.

core/units/logs/session_logs/session_logs_config.php
100 ↗(On Diff #991)

Please revert.


The "system" user can't log in to perform such an activity.

core/units/logs/system_logs/system_logs_config.php
89

For every change like this please update the test plan to include visiting the corresponding section with a non-empty grid to allow checking, that there is no SQL error.

core/units/mailing_lists/mailing_lists_config.php
106

For every change like this please update the test plan to include visiting the corresponding section with a non-empty grid to allow checking (faking DB field value in PMA to have -3 is perfectly fine to see if the "system" word is actually displayed), that there is no SQL error.

core/units/page_revisions/page_revisions_config.php
97 ↗(On Diff #991)

Please revert.


The "system" user can't log in to perform such an activity.

core/units/reviews/reviews_config.php
61–77 ↗(On Diff #991)

Please revert.


The "system" user can't log in to perform such an activity.

134 ↗(On Diff #991)

Please revert.


The "system" user can't log in to perform such an activity.

core/units/visits/visits_config.php
89 ↗(On Diff #991)

Please revert.


The "system" user can't log in to perform such an activity.

92 ↗(On Diff #991)

Please revert.


The "system" user can't log in to perform such an activity.

modules/in-bulletin/units/poll_comments/poll_comments_config.php
67 ↗(On Diff #991)

Please revert.


The "system" user can't log in to perform such an activity.

88 ↗(On Diff #991)

Please revert.


The "system" user can't log in to perform such an activity.

modules/in-commerce/units/affiliates/affiliates_config.php
200 ↗(On Diff #991)

Please revert.


The "system" user can't log in to perform such an activity.

modules/in-commerce/units/coupons/coupons_config.php
123 ↗(On Diff #991)

Please revert.


The "system" user can't log in to perform such an activity.

tools/run_event.php
42

Add tests to confirm, that this user is actually used, e.g. event that creates a record owned by a currently logged-in user should use a system user.

This revision now requires changes to proceed.Mar 12 2021, 5:25 AM
erik marked 7 inline comments as done.Mar 12 2021, 12:17 PM
erik added inline comments.
core/units/reviews/reviews_config.php
61–77 ↗(On Diff #991)
  1. В задании сказано изменять все такого рода "SQLs to resolve user ID from the database into it's name". В принципе, возможен scheduled task, автоматически генерирующий comments/reviews.
  1. Я не нашёл в системе где используются specials 'product' и 'products'. Но код с пустым special - используется.
erik edited the test plan for this revision. (Show Details)Mar 12 2021, 1:00 PM
erik updated this revision to Diff 1002.Mar 15 2021, 10:40 AM
erik marked 10 inline comments as done.
erik edited the test plan for this revision. (Show Details)

QA Fixes

erik edited the test plan for this revision. (Show Details)Mar 15 2021, 10:41 AM
erik added a comment.Mar 15 2021, 10:43 AM

Made QA changes, extended test plan.

Need more test plan writing beyond core and in-commerce modules.

alex edited the test plan for this revision. (Show Details)Mar 16 2021, 5:03 AM
alex added inline comments.Mar 16 2021, 5:21 AM
core/units/reviews/reviews_config.php
61–77 ↗(On Diff #991)

Translating:

  1. this particular code fragment was changed because it was requested so in the task
  2. I haven't found any usages of 'product' and 'products' Specials; However code without Special is used.
alex edited the test plan for this revision. (Show Details)Mar 16 2021, 5:25 AM
alex edited the test plan for this revision. (Show Details)Mar 16 2021, 5:37 AM
alex edited the test plan for this revision. (Show Details)Mar 16 2021, 5:50 AM
alex edited the test plan for this revision. (Show Details)Mar 16 2021, 6:00 AM
alex edited the test plan for this revision. (Show Details)Mar 16 2021, 6:24 AM
alex edited the test plan for this revision. (Show Details)Mar 16 2021, 6:27 AM
alex edited the test plan for this revision. (Show Details)Mar 16 2021, 6:33 AM
alex edited the test plan for this revision. (Show Details)Mar 16 2021, 6:35 AM
alex added inline comments.Mar 16 2021, 6:46 AM
core/kernel/application.php
2607

Code is executed during tests, but I have no idea how to test its result.

core/kernel/session/session.php
1127–1131

Code is executed during tests, but I have no idea how to test its result.

alex added a project: Restricted Project.Mar 16 2021, 6:47 AM
alex added a comment.Mar 16 2021, 7:22 AM

Tested/improved current test plan. Please keep adding new test plan parts for non-tested code (in the modules) so that I can continue reviewing this task.