Fix admin ACL mismatch for OAuth (#3272) (#3274)

Co-authored-by: Ng Kiat Siong <kiatsiong.ng@gmail.com>
Co-authored-by: Fabrizio Balliano <fabrizio.balliano@gmail.com>

Author: 3 people

.all-contributorsrc

@@ -1391,7 +1391,16 @@
       "contributions": [
         "code"
       ]
-    }
+    },
+    {
+      "login": "Tomasz-Silpion",
+      "name": "Tomasz Gregorczyk",
+      "avatar_url": "https://avatars.githubusercontent.com/u/5328659?v=4",
+      "profile": "https://github.com/Tomasz-Silpion",
+      "contributions": [
+        "code"
+      ]
+    },
   ],
   "contributorsPerLine": 7
 }

app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/Admin/TokenController.php

@@ -155,6 +155,6 @@ protected function _isAllowed()
     {
         /** @var Mage_Admin_Model_Session $session */
         $session = Mage::getSingleton('admin/session');
-        return $session->isAllowed('system/acl/admin_token');
+        return $session->isAllowed('system/api/oauth_admin_token');
     }
 }

app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizedTokensController.php

@@ -149,7 +149,7 @@ protected function _isAllowed()
     {
         /** @var Mage_Admin_Model_Session $session */
         $session = Mage::getSingleton('admin/session');
-        return $session->isAllowed('system/oauth/authorizedTokens');
+        return $session->isAllowed('system/api/oauth_authorized_tokens');
     }
 
     /**

app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/ConsumerController.php

@@ -240,7 +240,7 @@ protected function _isAllowed()
         }
         /** @var Mage_Admin_Model_Session $session */
         $session = Mage::getSingleton('admin/session');
-        return $session->isAllowed('system/oauth/consumer' . $action);
+        return $session->isAllowed('system/api/oauth_consumer' . $action);
     }
 
     /**

app/code/core/Mage/Oauth/data/oauth_setup/upgrade-1.0.0.0-1.0.0.1.php

@@ -0,0 +1,35 @@
+<?php
+/**
+ * OpenMage
+ *
+ * This source file is subject to the Open Software License (OSL 3.0)
+ * that is bundled with this package in the file LICENSE.txt.
+ * It is also available at https://opensource.org/license/osl-3-0-php
+ *
+ * @category   Mage
+ * @package    Mage_Admin
+ * @copyright  Copyright (c) 2023 The OpenMage Contributors (https://www.openmage.org)
+ * @license    https://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
+ */
+
+/** @var Mage_Core_Model_Resource_Setup $installer */
+$installer = $this;
+$installer->startSetup();
+
+$table = $installer->getTable('admin/rule');
+$resourceIds = [
+    'admin/system/api/consumer' => 'admin/system/api/oauth_consumer',
+    'admin/system/api/consumer/delete' => 'admin/system/api/oauth_consumer/delete',
+    'admin/system/api/consumer/edit' => 'admin/system/api/oauth_consumer/edit',
+    'admin/system/api/authorizedTokens' => 'admin/system/api/oauth_authorized_tokens'
+];
+
+foreach ($resourceIds as $oldId => $newId) {
+    $installer->getConnection()->update(
+        $table,
+        ['resource_id' => $newId],
+        ['resource_id = ?' => $oldId]
+    );
+}
+
+$installer->endSetup();

app/code/core/Mage/Oauth/etc/adminhtml.xml

@@ -23,7 +23,7 @@
                         <children>
                             <api>
                                 <children>
-                                    <consumer translate="title" module="oauth">
+                                    <oauth_consumer translate="title" module="oauth">
                                         <title>OAuth Consumers</title>
                                         <sort_order>20</sort_order>
                                         <children>
@@ -36,11 +36,11 @@
                                                 <sort_order>40</sort_order>
                                             </delete>
                                         </children>
-                                    </consumer>
-                                    <authorizedTokens translate="title" module="oauth">
+                                    </oauth_consumer>
+                                    <oauth_authorized_tokens translate="title" module="oauth">
                                         <title>OAuth Authorized Tokens</title>
                                         <sort_order>30</sort_order>
-                                    </authorizedTokens>
+                                    </oauth_authorized_tokens>
                                     <oauth_admin_token translate="title" module="oauth">
                                         <title>OAuth Admin My Apps</title>
                                         <sort_order>40</sort_order>

app/code/core/Mage/Oauth/etc/config.xml

@@ -17,7 +17,7 @@
 <config>
     <modules>
         <Mage_Oauth>
-            <version>1.0.0.0</version>
+            <version>1.0.0.1</version>
         </Mage_Oauth>
     </modules>
     <global>