Merge remote-tracking branch 'origin' into ac1955new

Author: glo82145

app/code/Magento/AdvancedSearch/Block/SearchDataInterface.php

@@ -3,11 +3,14 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+declare(strict_types=1);
+
 namespace Magento\AdvancedSearch\Block;
 
 /**
  * Interface \Magento\AdvancedSearch\Block\SearchDataInterface
  *
+ * @api
  */
 interface SearchDataInterface
 {

app/code/Magento/Analytics/Api/Data/LinkInterface.php

@@ -3,10 +3,14 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+declare(strict_types=1);
+
 namespace Magento\Analytics\Api\Data;
 
 /**
  * Represents link with collected data and initialized vector for decryption.
+ *
+ * @api
  */
 interface LinkInterface
 {

app/code/Magento/Analytics/Api/LinkProviderInterface.php

@@ -3,10 +3,14 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+declare(strict_types=1);
+
 namespace Magento\Analytics\Api;
 
 /**
  * Provides link to file with collected report data.
+ *
+ * @api
  */
 interface LinkProviderInterface
 {

app/code/Magento/Analytics/Model/Connector/CommandInterface.php

@@ -3,11 +3,15 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+declare(strict_types=1);
+
 namespace Magento\Analytics\Model\Connector;
 
 /**
  * Introduces family of integration calls.
  * Each implementation represents call to external service.
+ *
+ * @api
  */
 interface CommandInterface
 {

app/code/Magento/Analytics/Model/ExportDataHandlerInterface.php

@@ -3,10 +3,14 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+declare(strict_types=1);
+
 namespace Magento\Analytics\Model;
 
 /**
  * The interface represents the type of classes that handling of a new data collection for MBI.
+ *
+ * @api
  */
 interface ExportDataHandlerInterface
 {

app/code/Magento/Analytics/Model/ReportWriterInterface.php

@@ -3,6 +3,8 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+declare(strict_types=1);
+
 namespace Magento\Analytics\Model;
 
 use Magento\Framework\Filesystem\Directory\WriteInterface;
@@ -14,6 +16,8 @@
  * Executes export of collected data
  * Iterates registered providers @see etc/analytics.xml
  * Collects data (to TMP folder)
+ *
+ * @api
  */
 interface ReportWriterInterface
 {

app/code/Magento/Analytics/ReportXml/DB/Assembler/AssemblerInterface.php

@@ -3,6 +3,8 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+declare(strict_types=1);
+
 namespace Magento\Analytics\ReportXml\DB\Assembler;
 
 use Magento\Analytics\ReportXml\DB\SelectBuilder;
@@ -13,6 +15,8 @@
  * Introduces family of SQL assemblers
  * Each assembler populates SelectBuilder with config information
  * @see usage examples at \Magento\Analytics\ReportXml\QueryFactory
+ *
+ * @api
  */
 interface AssemblerInterface
 {

app/code/Magento/Analytics/ReportXml/DB/SelectBuilder.php

@@ -13,6 +13,8 @@
  * Responsible for Select object creation, works as a builder. Returns Select as result;
  *
  * Used in SQL assemblers.
+ *
+ * @api
  */
 class SelectBuilder
 {

app/code/Magento/AsynchronousOperations/Model/MassPublisher.php

@@ -79,7 +79,7 @@ public function __construct(
     }
 
     /**
-     * {@inheritdoc}
+     * @inheritdoc
      */
     public function publish($topicName, $data)
     {
@@ -91,6 +91,7 @@ public function publish($topicName, $data)
                 [
                     'body' => $message,
                     'properties' => [
+                        'topic_name' => $topicName,
                         'delivery_mode' => 2,
                         'message_id' => $this->messageIdGenerator->generate($topicName),
                     ]

app/code/Magento/Authorization/Model/Acl/Loader/Rule.php

@@ -7,6 +7,7 @@
 
 namespace Magento\Authorization\Model\Acl\Loader;
 
+use Magento\Framework\Acl;
 use Magento\Framework\Acl\Data\CacheInterface;
 use Magento\Framework\Acl\LoaderInterface;
 use Magento\Framework\Acl\RootResource;
@@ -21,7 +22,12 @@ class Rule implements LoaderInterface
     /**
      * Rules array cache key
      */
-    const ACL_RULE_CACHE_KEY = 'authorization_rule_cached_data';
+    public const ACL_RULE_CACHE_KEY = 'authorization_rule_cached_data';
+
+    /**
+     * Allow everything resource id
+     */
+    private const ALLOW_EVERYTHING = 'Magento_Backend::all';
 
     /**
      * @var ResourceConnection
@@ -75,27 +81,74 @@ public function __construct(
     /**
      * Populate ACL with rules from external storage
      *
-     * @param \Magento\Framework\Acl $acl
+     * @param Acl $acl
      * @return void
      */
-    public function populateAcl(\Magento\Framework\Acl $acl)
+    public function populateAcl(Acl $acl)
     {
+        $result = $this->applyPermissionsAccordingToRules($acl);
+        $this->applyDenyPermissionsForMissingRules($acl, ...$result);
+    }
+
+    /**
+     * Apply ACL with rules
+     *
+     * @param Acl $acl
+     * @return array[]
+     */
+    private function applyPermissionsAccordingToRules(Acl $acl): array
+    {
+        $foundResources = $foundDeniedRoles = [];
         foreach ($this->getRulesArray() as $rule) {
             $role = $rule['role_id'];
             $resource = $rule['resource_id'];
             $privileges = !empty($rule['privileges']) ? explode(',', $rule['privileges']) : null;
 
             if ($acl->has($resource)) {
+                $foundResources[$resource] = $resource;
                 if ($rule['permission'] == 'allow') {
                     if ($resource === $this->_rootResource->getId()) {
                         $acl->allow($role, null, $privileges);
                     }
                     $acl->allow($role, $resource, $privileges);
                 } elseif ($rule['permission'] == 'deny') {
+                    $foundDeniedRoles[$role] = $role;
                     $acl->deny($role, $resource, $privileges);
                 }
             }
         }
+        return [$foundResources, $foundDeniedRoles];
+    }
+
+    /**
+     * Apply deny permissions for missing rules
+     *
+     * For all rules that were not regenerated in authorization_rule table,
+     * when adding a new module and without re-saving all roles,
+     * consider not present rules with deny permissions
+     *
+     * @param Acl $acl
+     * @param array $resources
+     * @param array $deniedRoles
+     * @return void
+     */
+    private function applyDenyPermissionsForMissingRules(
+        Acl $acl,
+        array $resources,
+        array $deniedRoles
+    ) {
+        if (count($resources) && count($deniedRoles)
+            //ignore denying missing permission if all are allowed
+            && !(count($resources) === 1 && isset($resources[static::ALLOW_EVERYTHING]))
+        ) {
+            foreach ($acl->getResources() as $resource) {
+                if (!isset($resources[$resource])) {
+                    foreach ($deniedRoles as $role) {
+                        $acl->deny($role, $resource, null);
+                    }
+                }
+            }
+        }
     }
 
     /**