MAGETWO-98202: Additional Permissions for Design settings

Author: OlgaVasyltsun

app/code/Magento/Catalog/Model/Category.php

@@ -5,9 +5,12 @@
  */
 namespace Magento\Catalog\Model;
 
+use Magento\Authorization\Model\UserContextInterface;
 use Magento\Catalog\Api\CategoryRepositoryInterface;
 use Magento\CatalogUrlRewrite\Model\CategoryUrlRewriteGenerator;
 use Magento\Framework\Api\AttributeValueFactory;
+use Magento\Framework\App\ObjectManager;
+use Magento\Framework\AuthorizationInterface;
 use Magento\Framework\Convert\ConvertArray;
 use Magento\Framework\Exception\NoSuchEntityException;
 use Magento\Framework\Profiler;
@@ -232,6 +235,16 @@ class Category extends \Magento\Catalog\Model\AbstractModel implements
      */
     protected $metadataService;
 
+    /**
+     * @var UserContextInterface
+     */
+    private $userContext;
+
+    /**
+     * @var AuthorizationInterface
+     */
+    private $authorization;
+
     /**
      * @param \Magento\Framework\Model\Context $context
      * @param \Magento\Framework\Registry $registry
@@ -254,6 +267,8 @@ class Category extends \Magento\Catalog\Model\AbstractModel implements
      * @param \Magento\Framework\Model\ResourceModel\AbstractResource $resource
      * @param \Magento\Framework\Data\Collection\AbstractDb $resourceCollection
      * @param array $data
+     * @param UserContextInterface|null $userContext
+     * @param AuthorizationInterface|null $authorization
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
@@ -277,7 +292,9 @@ public function __construct(
         CategoryRepositoryInterface $categoryRepository,
         \Magento\Framework\Model\ResourceModel\AbstractResource $resource = null,
         \Magento\Framework\Data\Collection\AbstractDb $resourceCollection = null,
-        array $data = []
+        array $data = [],
+        UserContextInterface $userContext = null,
+        AuthorizationInterface $authorization = null
     ) {
         $this->metadataService = $metadataService;
         $this->_treeModel = $categoryTreeResource;
@@ -302,6 +319,8 @@ public function __construct(
             $resourceCollection,
             $data
         );
+        $this->userContext = $userContext ?? ObjectManager::getInstance()->get(UserContextInterface::class);
+        $this->authorization = $authorization ?? ObjectManager::getInstance()->get(AuthorizationInterface::class);
     }
 
     /**
@@ -313,10 +332,10 @@ protected function _construct()
     {
         // If Flat Index enabled then use it but only on frontend
         if ($this->flatState->isAvailable()) {
-            $this->_init('Magento\Catalog\Model\ResourceModel\Category\Flat');
+            $this->_init(\Magento\Catalog\Model\ResourceModel\Category\Flat::class);
             $this->_useFlatResource = true;
         } else {
-            $this->_init('Magento\Catalog\Model\ResourceModel\Category');
+            $this->_init(\Magento\Catalog\Model\ResourceModel\Category::class);
         }
     }
 
@@ -916,6 +935,30 @@ public function beforeDelete()
         return parent::beforeDelete();
     }
 
+    /**
+     * @inheritDoc
+     */
+    public function beforeSave()
+    {
+        //Validate changing of design.
+        $userType = $this->userContext->getUserType();
+        if ((
+                $userType === UserContextInterface::USER_TYPE_ADMIN
+                || $userType === UserContextInterface::USER_TYPE_INTEGRATION
+            )
+            && !$this->authorization->isAllowed('Magento_Catalog::edit_category_design')
+        ) {
+            $this->setData('custom_design', $this->getOrigData('custom_design'));
+            $this->setData('custom_design_from', $this->getOrigData('custom_design_from'));
+            $this->setData('custom_design_to', $this->getOrigData('custom_design_to'));
+            $this->setData('page_layout', $this->getOrigData('page_layout'));
+            $this->setData('custom_layout_update', $this->getOrigData('custom_layout_update'));
+            $this->setData('custom_apply_to_products', $this->getOrigData('custom_apply_to_products'));
+        }
+
+        return parent::beforeSave();
+    }
+
     /**
      * Retrieve anchors above
      *

app/code/Magento/Catalog/Model/Category/DataProvider.php

@@ -18,6 +18,7 @@
 use Magento\Catalog\Model\CategoryFactory;
 use Magento\Framework\Exception\NoSuchEntityException;
 use Magento\Catalog\Model\Category\Attribute\Backend\Image as ImageBackendModel;
+use Magento\Framework\AuthorizationInterface;
 
 /**
  * Class DataProvider
@@ -112,6 +113,11 @@ class DataProvider extends \Magento\Ui\DataProvider\AbstractDataProvider
      */
     private $categoryFactory;
 
+    /**
+     * @var AuthorizationInterface
+     */
+    private $auth;
+
     /**
      * DataProvider constructor
      *
@@ -127,6 +133,7 @@ class DataProvider extends \Magento\Ui\DataProvider\AbstractDataProvider
      * @param CategoryFactory $categoryFactory
      * @param array $meta
      * @param array $data
+     * @param AuthorizationInterface|null $auth
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
@@ -141,7 +148,8 @@ public function __construct(
         \Magento\Framework\App\RequestInterface $request,
         CategoryFactory $categoryFactory,
         array $meta = [],
-        array $data = []
+        array $data = [],
+        AuthorizationInterface $auth = null
     ) {
         $this->eavValidationRules = $eavValidationRules;
         $this->collection = $categoryCollectionFactory->create();
@@ -151,6 +159,8 @@ public function __construct(
         $this->storeManager = $storeManager;
         $this->request = $request;
         $this->categoryFactory = $categoryFactory;
+        $this->auth = $auth ?? \Magento\Framework\App\ObjectManager::getInstance()->get(AuthorizationInterface::class);
+
         parent::__construct($name, $primaryFieldName, $requestFieldName, $meta, $data);
         $this->meta = $this->prepareMeta($this->meta);
     }
@@ -180,11 +190,20 @@ public function prepareMeta($meta)
      */
     private function prepareFieldsMeta($fieldsMap, $fieldsMeta)
     {
+        $canEditDesign = $this->auth->isAllowed('Magento_Catalog::edit_category_design');
+
         $result = [];
         foreach ($fieldsMap as $fieldSet => $fields) {
             foreach ($fields as $field) {
                 if (isset($fieldsMeta[$field])) {
-                    $result[$fieldSet]['children'][$field]['arguments']['data']['config'] = $fieldsMeta[$field];
+                    $config = $fieldsMeta[$field];
+                    if (($fieldSet === 'design' || $fieldSet === 'schedule_design_update') && !$canEditDesign) {
+                        $config['required'] = 1;
+                        $config['disabled'] = 1;
+                        $config['serviceDisabled'] = true;
+                    }
+
+                    $result[$fieldSet]['children'][$field]['arguments']['data']['config'] = $config;
                 }
             }
         }

app/code/Magento/Catalog/Model/Product.php

@@ -5,11 +5,14 @@
  */
 namespace Magento\Catalog\Model;
 
+use Magento\Authorization\Model\UserContextInterface;
 use Magento\Catalog\Api\CategoryRepositoryInterface;
 use Magento\Catalog\Api\Data\ProductInterface;
 use Magento\Catalog\Api\ProductLinkRepositoryInterface;
 use Magento\Framework\Api\AttributeValueFactory;
 use Magento\Framework\App\Filesystem\DirectoryList;
+use Magento\Framework\App\ObjectManager;
+use Magento\Framework\AuthorizationInterface;
 use Magento\Framework\DataObject\IdentityInterface;
 use Magento\Framework\Pricing\SaleableInterface;
 use Magento\Catalog\Api\Data\ProductAttributeMediaGalleryEntryInterface;
@@ -347,6 +350,16 @@ class Product extends \Magento\Catalog\Model\AbstractModel implements
      */
     protected $linkTypeProvider;
 
+    /**
+     * @var UserContextInterface
+     */
+    private $userContext;
+
+    /**
+     * @var AuthorizationInterface
+     */
+    private $authorization;
+
     /**
      * Product constructor.
      * @param \Magento\Framework\Model\Context $context
@@ -384,6 +397,8 @@ class Product extends \Magento\Catalog\Model\AbstractModel implements
      * @param \Magento\Framework\Api\DataObjectHelper $dataObjectHelper
      * @param \Magento\Framework\Api\ExtensionAttribute\JoinProcessorInterface $joinProcessor
      * @param array $data
+     * @param UserContextInterface|null $userContext
+     * @param AuthorizationInterface|null $authorization
      *
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      * @SuppressWarnings(PHPMD.UnusedFormalParameter)
@@ -423,7 +438,9 @@ public function __construct(
         EntryConverterPool $mediaGalleryEntryConverterPool,
         \Magento\Framework\Api\DataObjectHelper $dataObjectHelper,
         \Magento\Framework\Api\ExtensionAttribute\JoinProcessorInterface $joinProcessor,
-        array $data = []
+        array $data = [],
+        UserContextInterface $userContext = null,
+        AuthorizationInterface $authorization = null
     ) {
         $this->metadataService = $metadataService;
         $this->_itemOptionFactory = $itemOptionFactory;
@@ -462,6 +479,8 @@ public function __construct(
             $resourceCollection,
             $data
         );
+        $this->userContext = $userContext ?? ObjectManager::getInstance()->get(UserContextInterface::class);
+        $this->authorization = $authorization ?? ObjectManager::getInstance()->get(AuthorizationInterface::class);
     }
 
     /**
@@ -471,7 +490,7 @@ public function __construct(
      */
     protected function _construct()
     {
-        $this->_init('Magento\Catalog\Model\ResourceModel\Product');
+        $this->_init(\Magento\Catalog\Model\ResourceModel\Product::class);
     }
 
     /**
@@ -852,6 +871,20 @@ public function beforeSave()
 
         $this->getTypeInstance()->beforeSave($this);
 
+        //Validate changing of design.
+        $userType = $this->userContext->getUserType();
+        if ((
+                $userType === UserContextInterface::USER_TYPE_ADMIN
+                || $userType === UserContextInterface::USER_TYPE_INTEGRATION
+            )
+            && !$this->authorization->isAllowed('Magento_Catalog::edit_product_design')
+        ) {
+            $this->setData('custom_design', $this->getOrigData('custom_design'));
+            $this->setData('page_layout', $this->getOrigData('page_layout'));
+            $this->setData('options_container', $this->getOrigData('options_container'));
+            $this->setData('custom_layout_update', $this->getOrigData('custom_layout_update'));
+        }
+
         $hasOptions = false;
         $hasRequiredOptions = false;
 

app/code/Magento/Catalog/Model/ResourceModel/Category.php

@@ -13,6 +13,7 @@
 
 use Magento\Framework\EntityManager\EntityManager;
 use Magento\Catalog\Api\Data\CategoryInterface;
+use Magento\Catalog\Model\Category as CategoryEntity;
 
 /**
  * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
@@ -983,7 +984,7 @@ protected function _processPositions($category, $newParent, $afterCategoryId)
         if ($afterCategoryId) {
             $select = $connection->select()->from($table, 'position')->where('entity_id = :entity_id');
             $position = $connection->fetchOne($select, ['entity_id' => $afterCategoryId]);
-            $position += 1;
+            $position++;
         } else {
             $position = 1;
         }
@@ -1076,4 +1077,19 @@ private function getAggregateCount()
         }
         return $this->aggregateCount;
     }
+
+    /**
+     * @inheritdoc
+     *
+     * @param CategoryEntity|\Magento\Framework\DataObject $object
+     */
+    public function validate($object)
+    {
+        $isValid = parent::validate($object);
+        if ($isValid !== true) {
+            return $isValid;
+        }
+
+        return true;
+    }
 }

app/code/Magento/Catalog/Ui/DataProvider/Product/Form/Modifier/Eav.php

@@ -18,8 +18,10 @@
 use Magento\Eav\Model\ResourceModel\Entity\Attribute\Group\CollectionFactory as GroupCollectionFactory;
 use Magento\Framework\Api\SearchCriteriaBuilder;
 use Magento\Framework\Api\SortOrderBuilder;
+use Magento\Framework\App\ObjectManager;
 use Magento\Framework\App\Request\DataPersistorInterface;
 use Magento\Framework\App\RequestInterface;
+use Magento\Framework\AuthorizationInterface;
 use Magento\Framework\Filter\Translit;
 use Magento\Framework\Stdlib\ArrayManager;
 use Magento\Store\Model\StoreManagerInterface;
@@ -167,6 +169,11 @@ class Eav extends AbstractModifier
      */
     private $localeCurrency;
 
+    /**
+     * @var AuthorizationInterface
+     */
+    private $auth;
+
     /**
      * @param LocatorInterface $locator
      * @param CatalogEavValidationRules $catalogEavValidationRules
@@ -187,6 +194,8 @@ class Eav extends AbstractModifier
      * @param DataPersistorInterface $dataPersistor
      * @param array $attributesToDisable
      * @param array $attributesToEliminate
+     * @param AuthorizationInterface|null $auth
+     *
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
@@ -208,7 +217,8 @@ public function __construct(
         ScopeOverriddenValue $scopeOverriddenValue,
         DataPersistorInterface $dataPersistor,
         $attributesToDisable = [],
-        $attributesToEliminate = []
+        $attributesToEliminate = [],
+        AuthorizationInterface $auth = null
     ) {
         $this->locator = $locator;
         $this->catalogEavValidationRules = $catalogEavValidationRules;
@@ -229,6 +239,7 @@ public function __construct(
         $this->dataPersistor = $dataPersistor;
         $this->attributesToDisable = $attributesToDisable;
         $this->attributesToEliminate = $attributesToEliminate;
+        $this->auth = $auth ?: ObjectManager::getInstance()->get(AuthorizationInterface::class);
     }
 
     /**
@@ -549,6 +560,7 @@ private function isProductExists()
     public function setupAttributeMeta(ProductAttributeInterface $attribute, $groupCode, $sortOrder)
     {
         $configPath = ltrim(static::META_CONFIG_PATH, ArrayManager::DEFAULT_PATH_DELIMITER);
+        $attributeCode = $attribute->getAttributeCode();
 
         $meta = $this->arrayManager->set($configPath, [], [
             'dataType' => $attribute->getFrontendInput(),
@@ -558,7 +570,7 @@ public function setupAttributeMeta(ProductAttributeInterface $attribute, $groupC
             'notice' => $attribute->getNote(),
             'default' => (!$this->isProductExists()) ? $attribute->getDefaultValue() : null,
             'label' => __($attribute->getDefaultFrontendLabel()),
-            'code' => $attribute->getAttributeCode(),
+            'code' => $attributeCode,
             'source' => $groupCode,
             'scopeLabel' => $this->getScopeLabel($attribute),
             'globalScope' => $this->isScopeGlobal($attribute),
@@ -591,7 +603,7 @@ public function setupAttributeMeta(ProductAttributeInterface $attribute, $groupC
             ]);
         }
 
-        if (in_array($attribute->getAttributeCode(), $this->attributesToDisable)) {
+        if (in_array($attributeCode, $this->attributesToDisable)) {
             $meta = $this->arrayManager->merge($configPath, $meta, [
                 'disabled' => true,
             ]);
@@ -623,6 +635,23 @@ public function setupAttributeMeta(ProductAttributeInterface $attribute, $groupC
                 break;
         }
 
+        //Checking access to design config.
+        $designAttributeCodes = ['custom_design', 'page_layout', 'options_container', 'custom_layout_update'];
+        if (in_array($attributeCode, $designAttributeCodes, true)) {
+            if (!$this->auth->isAllowed('Magento_Catalog::edit_product_design')) {
+                $meta = $this->arrayManager->merge(
+                    $configPath,
+                    $meta,
+                    [
+                        'disabled' => true,
+                        'validation' => ['required' => false],
+                        'required' => false,
+                        'serviceDisabled' => true,
+                    ]
+                );
+            }
+        }
+
         return $meta;
     }