How cart and checkout internally works in Hybris? - sap-commerce-cloud

Can anyone explain how cart and checkout work internally?
means when you click on ADD to cart button what exactly will happen?

It's not possible to explain everything here, better you ask with the specific problem. Refer how do I ask a good question?
Now coming to your question
When you click on ADD to cart button what exactly will happen?
An add to cart form is submitted through ajax call(.ajaxForm), you can find the code inside acc.product.js. This invokes addToCart method of AddToCartController, as /cart/add request mapped with it. Furthur this controller invoke facads to add selected product to cart and return AddToCartPopup.jsp as JSON response, which help to render AddToCartPopup on the screen.

You can start firstly to read pages which are on helphybris.
Small Explanation :
Cart & Checkout (formerly called Order Management Module) is a set of services that enable you to define your own business process steps such as: authorize payment, capture payment, and cancellation.
Cart & Checkout is a template business process definition for you to extend and integrate with Order Management Services or 3rd party Order Management Systems.
If you have a access
: https://help.hybris.com/6.7.0/hcd/8c20e24d86691014ba61d588779202ae.html
Another way is making debug. You can put a break point to AddToCartController for debugging to press "add to bag" button on frontend .

Related

POST request in controller for custom contact form via AJAX

I've build a custom form which action redirects to a confirm page. In the controller of this page I get the POST values via $request->request->get('fieldName');
To enhance the user experience I'd like to stay on the same page as the form and add a success message to the page. I guess this can be done via AJAX? I tried to follow this guide since it kind of seems to describe what I'm trying to achieve, but I struggle to understand the custom component part. It seems this is only for the backend?
Any help would be appreciated.
The guide you shared is about the administration, if you want to add your functionality to the storefront instead you should be able to follow this guide.
For an overview of how the administration and storefront differs, you can read up the concepts behind those two areas here.

Programmatically create order in shopware plugin

I need to create ShopWare 6 plugin that creates new orders from products that are received via AJAX POST request. I don't know how to do that. I googled and checked documentation but I couldn't find any info on how can it be done.
Does someone know how can it be done?
In my opinion, the best solution would be to create Cart object from products that you get from request probably you know context token so you can use the current customer's cart and add products to it, but also you can create a new cart and then call \Shopware\Core\Checkout\Cart\Order\OrderPersister::persist() method to persist order from your cart.
Take a look here how to load/create a Cart
\Shopware\Core\Checkout\Cart\SalesChannel\CartLoadRoute::load()

SharePoint Graph API - There is no update page endpoint - looking for suggestions on best way to do this

I am currently working with The SharePoint Graph API.
This is the scenario I need to achieve:
Somehow call page by name not ID
If page called my_page_name.aspx exists
update it
else
create the page
As far as I can work out, there is no update page end point in the documentation here:
https://learn.microsoft.com/en-us/graph/api/resources/search-api-overview?view=graph-rest-beta
The only thing I can think of to do it the following:
Call the page by name
delete it
create a new page with the same name with the new content I want to update
Any help on how I achieve what I need would be great
Yes, As of now we don't have any 'Update Page' endpoint feature and there is already a uservoice for this here. Please upvote this uservoice so that this feature could be developed in future. And also remember that since the pages endpoint is in beta these are subjected to change and its not recommended to use for production purpose.

Spring Data Rest Frontend deep linking

So i have been struggling with this one question some time now:
How to handle details Page or deep linking on the Frontend.
So, say, we got a paged collection endpoint with user entities in it and a React App consuming the endpoint.
The flow would be, user authenticates, gets collections, clicks on an item and is either:
Redirected to a new Url say: webapp.com/users/userid
A modal opens with the user details.
Say we got a scenario were two people working with the webapp, Person 1 wants to share a link with Person 2. Person 2 should do some updates on a specific user, which is identified by the link.
The link should be something like : https://www.webapp.com/users/{slug or id}
With Option 2 this functionality is not mappable.
With Option 1 we got to expose the ids in the response to identify the resource, which may work, but we would still need to hardcode the url, as the findById method is not exported as a Uri Template.
So, my Solution would be to add a slug for the resources, implement a search method by the slug, and then get the user, if found, by its self-link.
Sounds like a good solution for me, but on the other hand, I would have to add an extra frontend id(the slug here) which would need to be also unique, to the database model.
So how do you guys handle a problem like this, or is there anybody using spring data rest in this way or in production mode where you have the handle situations like this?
Should mention that this isn’t a primary problem with spring data rest but rather with hateoas itself.
thanks in advance
Florian
You don't need to hardcode URL template. Spring data rest will generate links for each resource.
You can refer to it from front end by some format like: {your_user_object}._links.self.href

Disable the edit of ?id= in url jsf

before write the question sorry for my english. My question is this:
I have an web application in jsf, the application have new, edit and delete Categories, outgoings, Budgets, users, etc.
When open the edit page i have the url like this:
http://localhost:8080/Practica3/faces/usuarios/edit.xhtml?id=2
the problem is if the user change the number 2 for another number, and the another number exists in the dababase, the page change the data of the id 2 to the data of the new id.
The problem is if the id number X is of a data of another user, and the user that change the id is not in conditions to see that data.
How disable the edit of the id, or denied to show the data to the another user?
Thanks, and i hope have a response.
Just check in service layer if the current user is allowed to edit the requested entity. If not, then throw some security exception for which you could if necessary configure a custom error page in web.xml.
The technical problem has nothing to do with HTTP/JSF. If you "fix" it alone in JSF side, then you still have a gaping security hole in service layer which would affect any other frontend using it. The frontend is not responsible for business restrictions in service layer itself.
The problem is not stopping the editing of the ID. That is on the client side/browser and you cannot stop this value from being edited.
You need to implement propery Access Security Controls. When you get any response back, you need to check if the user can perform the action they specified (read, update, delete, etc.) as well as checking to make sure they have permission to the data they want to perform the action on.
These two topics are on the OWASP Top 10:
A4-Insecure Direct Object References
A7-Missing Function Level Access Control
The pages will tell you what the problem is, mitigation stragegies, and different ways of testing for that in your application.
I would also become familiar with the other Top 10 categories (this is not an all inclusive list but a good starting point).

Resources