CRM-21693 show Display Name in online pay now UI #11571
Conversation
magnolia61
changed the title
magnolia61
changed the title
|
Makes sense to me - any chance you can squash the 2 commits into one (git rebase -i origin/master) & add the JIRA issue to the commit message @jitendrapurohit @agh1 @JoeMurray is there any downside to this? Could it 'leak data' or is that protected by a checksum? |
|
@eileenmcnaughton I never did what you suppose before (the squash/rebase thing). |
|
@magnolia61 try git pull --rebase upstream master first (to make sure it's clean before you start) |
|
So I don't know much about the pay now feature, but this has one of two problems:
|
| @@ -91,7 +91,7 @@ | |||
| {elseif !empty($ccid)} | |||
| {if $lineItem && $priceSetID && !$is_quick_config} | |||
| <div class="header-dark"> | |||
| {ts}Contribution Information{/ts} | |||
| {ts}Contribution Information{/ts} - {ts 1=$display_name}%1{/ts} | |||
There was a problem hiding this comment.
It appears that you have two spaces ahead of the hyphen--there should be just one. Also, shouldn't this be an en dash (–)?
|
hmm - it's still got tonnes in - you need to do a clean rebase over the upstream master branch first & push that up with git push -f yourrepo yourbranch |
|
trying and messing with my local git, git pull --rebase upstream master gives some errors. |
magnolia61
force-pushed
the
CRM-21693_Show_Name_in_OnlinePayNow_UI
branch
4 times, most recently
from
7354847
to
d856052
Compare
|
ok, learned some more on all kind of git commands. Think the PR is ok now ;-) |
|
well done! Did you have any thoughts on #11571 (comment) |
| @@ -91,7 +91,7 @@ | |||
| {elseif !empty($ccid)} | |||
| {if $lineItem && $priceSetID && !$is_quick_config} | |||
| <div class="header-dark"> | |||
| {ts}Contribution Information{/ts} | |||
| {ts}Contribution Information{/ts} – {ts 1=$display_name}%1{/ts} | |||
There was a problem hiding this comment.
Sorry, I should've noticed this earlier: your {ts} isn't wrapping any string to translate--just a variable to drop in as-is. You could either:
-
get rid of the
tsand just drop it in as{ts}Contribution Information{/ts} – {$display_name} -
or wrap the whole thing in a
tslike{ts 1=$display_name}Contribution Information – %1{/ts}
The latter causes more work for our translators (since it introduces a new string to translate), but it allows for localization of how the header is ordered and punctuated. I don't know which is preferred as a general rule.
There was a problem hiding this comment.
(and this may depend upon how you address the other concern about whether the $display_name is populated)
|
@agh1 The Pay Now form can only be accessed by a special link which includes the checksum, contribution id and (optionally) cid. It cannot be accessed anonymously. Aside of that, for the purpose of this PR I haven't analysed the underlying mechanisms and checks on preventing disclosures I must admit. This PR only focuses on adding the display name ;-) |
magnolia61
force-pushed
the
CRM-21693_Show_Name_in_OnlinePayNow_UI
branch
from
d856052
to
c3e97ca
Compare
|
@magnolia61 glad to know you can only get there authenticated. The code on the online contribution forms is so jam-packed with all the tangentially-related available features that it wasn't really clear what happens when Thanks for your improvement! |
magnolia61
force-pushed
the
CRM-21693_Show_Name_in_OnlinePayNow_UI
branch
from
c3e97ca
to
1bb88ea
Compare
|
@agh1 ;-( unfortunately I just figured out the constructed link can also be used anonymously. In that case the Display Name is not retrieved. Also when both the checksum and the contact id are being omitted, the contribution strangly moves to user 1, which I think should not happen and is a bug. |
|
@magnolia61 is user 1 your logged in user? or are you testing logged out? |
|
No, this happens when I am not logged in, eg. when I use the PayNow link in a new private window. When using the PayNow button when logged in (from the contact dashboard) only the contribution id and contribution page are in the url. I think the corresponding contact ID and checksum should also be in that url and be required. Maybe even use a uniform url that also includes the checksum when logged in. So enforce the url to look like: https://www.ourdomain.nl/civicrm/contribute/transact?reset=1&id=7&ccid=3887&cs=986e9c03ddf2b4b980a929a_1492524606_1440&cid=316 PS. moving this info to the related issue so the discussion is in the right place BTW. being able to mail the Pay Now link to users that still have to pay something is great, lots of our participants pay this way. I even think it would be awesome to include this next to the email invoice button, or include the PayNow link in that email) |
|
@magnolia61 well, the way I see it, your change is neither causing the bug, exacerbating the bug, nor exposing private information due to the bug, so I don't see any reason to hold this change up just because it uncovered the other issue. |
|
I guess arguably it is valid to send a pay now link to someone (e,g your mum) to make a payment for you & for (not easy to come up with reasons in this scenario) your mum is not you so should not see your name. |
|
BTW. shall I remove the dash so it will look whether the displayname is shown or not? |
|
@magnolia61 I think it would be best to wrap the display name and dash in a conditional, e.g. {ts}Contribution Information{/ts}{if $display_name} – {$display_name}{/if} |
magnolia61
force-pushed
the
CRM-21693_Show_Name_in_OnlinePayNow_UI
branch
2 times, most recently
from
f6e72b7
to
1bb88ea
Compare
magnolia61
force-pushed
the
CRM-21693_Show_Name_in_OnlinePayNow_UI
branch
from
1bb88ea
to
3265f68
Compare
|
I changed it to be conditional but when I think about it, I think the changed Jitendra made to solve the other issues with the PayNow link, assure the contact id is always set and thus the display name is always known. What do you think? #11578 |
|
It doesn't hurt to have the condition here, especially since you have ambitions to make it work properly for anonymous visitors later. |
|
ok to merge? |
|
I'm happy with the review this has gotten. Yes. |
mlutfy
changed the title
|
I think we should change this PR. It works ok in almost all scenarios, except when an admin accesses the Pay Now payment screen via the user dashboard. I think we should change this so that the displayed name is that of the owner of the contribution and not the logged in user. Now sure if that would be simple though. |
Overview
Show the Display Name in the Online Pay Now UI
JIRA: https://issues.civicrm.org/jira/browse/CRM-21693
Before
Using the special constructed PayNow link it was not clear for which person the payment was for. This, In our case, especially confused parents who needed to make a payment and had been mailed several payment links.
After
The Online Pay Now form is still extremely basic but shows the Display Name that belongs to the person the contribution belongs to.
Technical Details
Just inserted the display name in case !empty($ccid)
Comments
Currently the price set of the contribution is shown. All other fields (name, email) are hidden.
Ideally the form UI should also show the 'reason' for the contribution.
For an event that would be the event name, for a membership the membership type.
This gives the person who is about to pay the confidence that all details of the payment are correct which means he or she is more likely to proceed.