From 146871f798aa8c7384273d1582e7c4a29985b630 Mon Sep 17 00:00:00 2001 From: Antoine Charette Date: Tue, 1 Oct 2024 16:07:54 -0400 Subject: [PATCH] Adding pcsda --- .../api/models/wishlist/actions/create.js | 2 ++ .../api/models/wishlist/actions/delete.js | 2 ++ .../api/models/wishlist/actions/update.js | 15 +++++++++++---- .../api/models/wishlistItem/actions/create.js | 2 ++ .../api/models/wishlistItem/actions/delete.js | 2 ++ .../api/models/wishlistItem/actions/update.js | 2 ++ .../wishlists/src/components/NewWishlist.jsx | 1 - 7 files changed, 21 insertions(+), 5 deletions(-) diff --git a/shopify/wishlist-template/api/models/wishlist/actions/create.js b/shopify/wishlist-template/api/models/wishlist/actions/create.js index 3e1d566e..5491146a 100755 --- a/shopify/wishlist-template/api/models/wishlist/actions/create.js +++ b/shopify/wishlist-template/api/models/wishlist/actions/create.js @@ -3,6 +3,7 @@ import { save, ActionOptions, CreateWishlistActionContext, + preventCrossShopDataAccess, } from "gadget-server"; import { updateWishlistMetafield } from "../../../utilities"; @@ -11,6 +12,7 @@ import { updateWishlistMetafield } from "../../../utilities"; */ export async function run({ params, record, logger, api, connections }) { applyParams(params, record); + await preventCrossShopDataAccess(params, record); await save(record); } diff --git a/shopify/wishlist-template/api/models/wishlist/actions/delete.js b/shopify/wishlist-template/api/models/wishlist/actions/delete.js index 979367db..6c45ba39 100755 --- a/shopify/wishlist-template/api/models/wishlist/actions/delete.js +++ b/shopify/wishlist-template/api/models/wishlist/actions/delete.js @@ -2,6 +2,7 @@ import { deleteRecord, ActionOptions, DeleteWishlistActionContext, + preventCrossShopDataAccess, } from "gadget-server"; import { updateWishlistMetafield } from "../../../utilities"; @@ -9,6 +10,7 @@ import { updateWishlistMetafield } from "../../../utilities"; * @param { DeleteWishlistActionContext } context */ export async function run({ params, record, logger, api, connections }) { + await preventCrossShopDataAccess(params, record); await deleteRecord(record); } diff --git a/shopify/wishlist-template/api/models/wishlist/actions/update.js b/shopify/wishlist-template/api/models/wishlist/actions/update.js index bb2ff370..cf690609 100755 --- a/shopify/wishlist-template/api/models/wishlist/actions/update.js +++ b/shopify/wishlist-template/api/models/wishlist/actions/update.js @@ -1,21 +1,28 @@ -import { applyParams, save, ActionOptions, UpdateWishlistActionContext } from "gadget-server"; +import { + applyParams, + save, + ActionOptions, + UpdateWishlistActionContext, + preventCrossShopDataAccess, +} from "gadget-server"; /** * @param { UpdateWishlistActionContext } context */ export async function run({ params, record, logger, api, connections }) { applyParams(params, record); + await preventCrossShopDataAccess(params, record); await save(record); -}; +} /** * @param { UpdateWishlistActionContext } context */ export async function onSuccess({ params, record, logger, api, connections }) { // Your logic goes here -}; +} /** @type { ActionOptions } */ export const options = { - actionType: "update" + actionType: "update", }; diff --git a/shopify/wishlist-template/api/models/wishlistItem/actions/create.js b/shopify/wishlist-template/api/models/wishlistItem/actions/create.js index d9ab3a94..d5bfb2c1 100755 --- a/shopify/wishlist-template/api/models/wishlistItem/actions/create.js +++ b/shopify/wishlist-template/api/models/wishlistItem/actions/create.js @@ -3,6 +3,7 @@ import { save, ActionOptions, CreateWishlistItemActionContext, + preventCrossShopDataAccess, } from "gadget-server"; import { updateWishlistMetafield } from "../../../utilities"; @@ -11,6 +12,7 @@ import { updateWishlistMetafield } from "../../../utilities"; */ export async function run({ params, record, logger, api, connections }) { applyParams(params, record); + await preventCrossShopDataAccess(params, record); await save(record); } diff --git a/shopify/wishlist-template/api/models/wishlistItem/actions/delete.js b/shopify/wishlist-template/api/models/wishlistItem/actions/delete.js index de67516c..18d24693 100755 --- a/shopify/wishlist-template/api/models/wishlistItem/actions/delete.js +++ b/shopify/wishlist-template/api/models/wishlistItem/actions/delete.js @@ -2,6 +2,7 @@ import { deleteRecord, ActionOptions, DeleteWishlistItemActionContext, + preventCrossShopDataAccess, } from "gadget-server"; import { updateWishlistMetafield } from "../../../utilities"; @@ -9,6 +10,7 @@ import { updateWishlistMetafield } from "../../../utilities"; * @param { DeleteWishlistItemActionContext } context */ export async function run({ params, record, logger, api, connections }) { + await preventCrossShopDataAccess(params, record); await deleteRecord(record); } diff --git a/shopify/wishlist-template/api/models/wishlistItem/actions/update.js b/shopify/wishlist-template/api/models/wishlistItem/actions/update.js index bef06442..9eb29f2f 100755 --- a/shopify/wishlist-template/api/models/wishlistItem/actions/update.js +++ b/shopify/wishlist-template/api/models/wishlistItem/actions/update.js @@ -3,6 +3,7 @@ import { save, ActionOptions, UpdateWishlistItemActionContext, + preventCrossShopDataAccess, } from "gadget-server"; import { updateWishlistMetafield } from "../../../utilities"; @@ -11,6 +12,7 @@ import { updateWishlistMetafield } from "../../../utilities"; */ export async function run({ params, record, logger, api, connections }) { applyParams(params, record); + await preventCrossShopDataAccess(params, record); await save(record); } diff --git a/shopify/wishlist-template/extensions/wishlists/src/components/NewWishlist.jsx b/shopify/wishlist-template/extensions/wishlists/src/components/NewWishlist.jsx index d085753a..3e9169a9 100644 --- a/shopify/wishlist-template/extensions/wishlists/src/components/NewWishlist.jsx +++ b/shopify/wishlist-template/extensions/wishlists/src/components/NewWishlist.jsx @@ -24,7 +24,6 @@ export default ({ wishlists }) => { defaultValues: { wishlist: { name: "", - shopId: shop?.id, customerId: shop?.customers?.edges[0]?.node.id, }, },