Merge remote-tracking branch 'origin/MAGETWO-37981-case-sensitive-actions' into develop

Author: Joan He

app/code/Magento/AdminNotification/Controller/Adminhtml/Notification.php

@@ -14,26 +14,6 @@ class Notification extends \Magento\Backend\App\AbstractAction
      */
     protected function _isAllowed()
     {
-        switch ($this->getRequest()->getActionName()) {
-            case 'markAsRead':
-                $acl = 'Magento_AdminNotification::mark_as_read';
-                break;
-
-            case 'massMarkAsRead':
-                $acl = 'Magento_AdminNotification::mark_as_read';
-                break;
-
-            case 'remove':
-                $acl = 'Magento_AdminNotification::adminnotification_remove';
-                break;
-
-            case 'massRemove':
-                $acl = 'Magento_AdminNotification::adminnotification_remove';
-                break;
-
-            default:
-                $acl = 'Magento_AdminNotification::show_list';
-        }
-        return $this->_authorization->isAllowed($acl);
+        return $this->_authorization->isAllowed('Magento_AdminNotification::show_list');
     }
 }

app/code/Magento/AdminNotification/Controller/Adminhtml/Notification/MarkAsRead.php

@@ -36,4 +36,12 @@ public function execute()
         }
         $this->_redirect('adminhtml/*/');
     }
+
+    /**
+     * @return bool
+     */
+    protected function _isAllowed()
+    {
+        return $this->_authorization->isAllowed('Magento_AdminNotification::mark_as_read');
+    }
 }

app/code/Magento/AdminNotification/Controller/Adminhtml/Notification/MassMarkAsRead.php

@@ -38,4 +38,12 @@ public function execute()
         }
         $this->_redirect('adminhtml/*/');
     }
+
+    /**
+     * @return bool
+     */
+    protected function _isAllowed()
+    {
+        return $this->_authorization->isAllowed('Magento_AdminNotification::mark_as_read');
+    }
 }

app/code/Magento/AdminNotification/Controller/Adminhtml/Notification/MassRemove.php

@@ -33,4 +33,12 @@ public function execute()
         }
         $this->getResponse()->setRedirect($this->_redirect->getRedirectUrl($this->getUrl('*')));
     }
+
+    /**
+     * @return bool
+     */
+    protected function _isAllowed()
+    {
+        return $this->_authorization->isAllowed('Magento_AdminNotification::adminnotification_remove');
+    }
 }

app/code/Magento/AdminNotification/Controller/Adminhtml/Notification/Remove.php

@@ -35,4 +35,12 @@ public function execute()
         }
         $this->_redirect('adminhtml/*/');
     }
+
+    /**
+     * @return bool
+     */
+    protected function _isAllowed()
+    {
+        return $this->_authorization->isAllowed('Magento_AdminNotification::adminnotification_remove');
+    }
 }

app/code/Magento/Sales/Controller/Adminhtml/Order.php

@@ -124,47 +124,10 @@ protected function _initOrder()
     }
 
     /**
-     * Acl check for admin
-     *
      * @return bool
-     * @SuppressWarnings(PHPMD.CyclomaticComplexity)
      */
     protected function _isAllowed()
     {
-        $action = strtolower($this->getRequest()->getActionName());
-        switch ($action) {
-            case 'hold':
-                $aclResource = 'Magento_Sales::hold';
-                break;
-            case 'unhold':
-                $aclResource = 'Magento_Sales::unhold';
-                break;
-            case 'email':
-                $aclResource = 'Magento_Sales::email';
-                break;
-            case 'cancel':
-                $aclResource = 'Magento_Sales::cancel';
-                break;
-            case 'view':
-                $aclResource = 'Magento_Sales::actions_view';
-                break;
-            case 'addcomment':
-                $aclResource = 'Magento_Sales::comment';
-                break;
-            case 'creditmemos':
-                $aclResource = 'Magento_Sales::creditmemo';
-                break;
-            case 'reviewpayment':
-                $aclResource = 'Magento_Sales::review_payment';
-                break;
-            case 'address':
-            case 'addresssave':
-                $aclResource = 'Magento_Sales::actions_edit';
-                break;
-            default:
-                $aclResource = 'Magento_Sales::sales_order';
-                break;
-        }
-        return $this->_authorization->isAllowed($aclResource);
+        return $this->_authorization->isAllowed('Magento_Sales::sales_order');
     }
 }

app/code/Magento/Sales/Controller/Adminhtml/Order/AddComment.php

@@ -57,4 +57,12 @@ public function execute()
         }
         return $this->resultRedirectFactory->create()->setPath('sales/*/');
     }
+
+    /**
+     * @return bool
+     */
+    protected function _isAllowed()
+    {
+        return $this->_authorization->isAllowed('Magento_Sales::comment');
+    }
 }

app/code/Magento/Sales/Controller/Adminhtml/Order/Address.php

@@ -31,4 +31,12 @@ public function execute()
             return $this->resultRedirectFactory->create()->setPath('sales/*/');
         }
     }
+
+    /**
+     * @return bool
+     */
+    protected function _isAllowed()
+    {
+        return $this->_authorization->isAllowed('Magento_Sales::actions_edit');
+    }
 }

app/code/Magento/Sales/Controller/Adminhtml/Order/AddressSave.php

@@ -35,4 +35,12 @@ public function execute()
             return $resultRedirect->setPath('sales/*/');
         }
     }
+
+    /**
+     * @return bool
+     */
+    protected function _isAllowed()
+    {
+        return $this->_authorization->isAllowed('Magento_Sales::actions_edit');
+    }
 }

app/code/Magento/Sales/Controller/Adminhtml/Order/Cancel.php

@@ -31,4 +31,12 @@ public function execute()
         }
         return $resultRedirect->setPath('sales/*/');
     }
+
+    /**
+     * @return bool
+     */
+    protected function _isAllowed()
+    {
+        return $this->_authorization->isAllowed('Magento_Sales::cancel');
+    }
 }