Merge branch '2.4.1-develop' of https://github.com/magento/magento2ce into 2.4-develop-pr37

Author: dhorytskyi

app/code/Magento/Authorization/Model/ResourceModel/Role.php

@@ -119,6 +119,8 @@ protected function _afterDelete(\Magento\Framework\Model\AbstractModel $role)
 
         $connection->delete($this->_ruleTable, ['role_id = ?' => (int)$role->getId()]);
 
+        $this->_cache->clean(\Zend_Cache::CLEANING_MODE_MATCHING_TAG, [\Magento\Backend\Block\Menu::CACHE_TAGS]);
+
         return $this;
     }
 

app/code/Magento/Authorization/Model/Role.php

@@ -33,6 +33,11 @@ class Role extends \Magento\Framework\Model\AbstractModel
      */
     protected $_eventPrefix = 'authorization_roles';
 
+    /**
+     * @var string
+     */
+    protected $_cacheTag = 'user_assigned_role';
+
     /**
      * @param \Magento\Framework\Model\Context $context
      * @param \Magento\Framework\Registry $registry

app/code/Magento/Backend/Model/Auth/Session.php

@@ -5,8 +5,10 @@
  */
 namespace Magento\Backend\Model\Auth;
 
+use Magento\Framework\App\ObjectManager;
 use Magento\Framework\Stdlib\Cookie\CookieMetadataFactory;
 use Magento\Framework\Stdlib\CookieManagerInterface;
+use Magento\Framework\Message\ManagerInterface;
 
 /**
  * Backend Auth session model
@@ -56,6 +58,11 @@ class Session extends \Magento\Framework\Session\SessionManager implements \Mage
      */
     protected $_config;
 
+    /**
+     * @var ManagerInterface
+     */
+    private $messageManager;
+
     /**
      * @param \Magento\Framework\App\Request\Http $request
      * @param \Magento\Framework\Session\SidResolverInterface $sidResolver
@@ -69,6 +76,7 @@ class Session extends \Magento\Framework\Session\SessionManager implements \Mage
      * @param \Magento\Framework\Acl\Builder $aclBuilder
      * @param \Magento\Backend\Model\UrlInterface $backendUrl
      * @param \Magento\Backend\App\ConfigInterface $config
+     * @param ManagerInterface $messageManager
      * @throws \Magento\Framework\Exception\SessionException
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
@@ -84,11 +92,13 @@ public function __construct(
         \Magento\Framework\App\State $appState,
         \Magento\Framework\Acl\Builder $aclBuilder,
         \Magento\Backend\Model\UrlInterface $backendUrl,
-        \Magento\Backend\App\ConfigInterface $config
+        \Magento\Backend\App\ConfigInterface $config,
+        ManagerInterface $messageManager = null
     ) {
         $this->_config = $config;
         $this->_aclBuilder = $aclBuilder;
         $this->_backendUrl = $backendUrl;
+        $this->messageManager = $messageManager ?? ObjectManager::getInstance()->get(ManagerInterface::class);
         parent::__construct(
             $request,
             $sidResolver,
@@ -171,6 +181,25 @@ public function isLoggedIn()
      */
     public function prolong()
     {
+        $sessionUser = $this->getUser();
+        $errorMessage = '';
+        if ($sessionUser !== null) {
+            if ((int)$sessionUser->getIsActive() !== 1) {
+                $errorMessage = 'The account sign-in was incorrect or your account is disabled temporarily. '
+                    . 'Please wait and try again later.';
+            }
+            if (!$sessionUser->hasAssigned2Role($sessionUser->getId())) {
+                $errorMessage = 'More permissions are needed to access this.';
+            }
+
+            if (!empty($errorMessage)) {
+                $this->destroy();
+                $this->messageManager->addErrorMessage(__($errorMessage));
+
+                return;
+            }
+        }
+
         $lifetime = $this->_config->getValue(self::XML_PATH_SESSION_LIFETIME);
         $cookieValue = $this->cookieManager->getCookie($this->getName());
 

app/code/Magento/Backend/view/adminhtml/web/js/media-uploader.js

@@ -37,14 +37,14 @@ define([
                 progressTmpl = mageTemplate('[data-template="uploader"]'),
                 isResizeEnabled = this.options.isResizeEnabled,
                 resizeConfiguration = {
-                    action: 'resize',
+                    action: 'resizeImage',
                     maxWidth: this.options.maxWidth,
                     maxHeight: this.options.maxHeight
                 };
 
             if (!isResizeEnabled) {
                 resizeConfiguration = {
-                    action: 'resize'
+                    action: 'resizeImage'
                 };
             }
 
@@ -131,13 +131,13 @@ define([
             });
 
             this.element.find('input[type=file]').fileupload('option', {
-                process: [{
-                    action: 'load',
+                processQueue: [{
+                    action: 'loadImage',
                     fileTypes: /^image\/(gif|jpeg|png)$/
                 },
                 resizeConfiguration,
                 {
-                    action: 'save'
+                    action: 'saveImage'
                 }]
             });
         }

app/code/Magento/Catalog/Ui/Component/Listing/Columns/AttributeSetId.php

@@ -8,7 +8,7 @@
 namespace Magento\Catalog\Ui\Component\Listing\Columns;
 
 /**
- * Attribute set listing column component
+ * AttributeSetId listing column component.
  */
 class AttributeSetId extends \Magento\Ui\Component\Listing\Columns\Column
 {
@@ -23,6 +23,7 @@ protected function applySorting()
             && !empty($sorting['field'])
             && !empty($sorting['direction'])
             && $sorting['field'] === $this->getName()
+            && in_array(strtoupper($sorting['direction']), ['ASC', 'DESC'], true)
         ) {
             $collection = $this->getContext()->getDataProvider()->getCollection();
             $collection->joinField(

app/code/Magento/Catalog/Ui/Component/Listing/Columns/Websites.php

@@ -119,6 +119,7 @@ protected function applySorting()
             && !empty($sorting['field'])
             && !empty($sorting['direction'])
             && $sorting['field'] === $this->getName()
+            && in_array(strtoupper($sorting['direction']), ['ASC', 'DESC'], true)
         ) {
             /** @var \Magento\Framework\Model\ResourceModel\Db\Collection\AbstractCollection $collection */
             $collection = $this->getContext()->getDataProvider()->getCollection();

app/code/Magento/Cms/etc/webapi.xml

@@ -23,19 +23,19 @@
     <route url="/V1/cmsPage" method="POST">
         <service class="Magento\Cms\Api\PageRepositoryInterface" method="save"/>
         <resources>
-            <resource ref="Magento_Cms::page"/>
+            <resource ref="Magento_Cms::save"/>
         </resources>
     </route>
     <route url="/V1/cmsPage/:id" method="PUT">
         <service class="Magento\Cms\Api\PageRepositoryInterface" method="save"/>
         <resources>
-            <resource ref="Magento_Cms::page"/>
+            <resource ref="Magento_Cms::save"/>
         </resources>
     </route>
     <route url="/V1/cmsPage/:pageId" method="DELETE">
         <service class="Magento\Cms\Api\PageRepositoryInterface" method="deleteById"/>
         <resources>
-            <resource ref="Magento_Cms::page"/>
+            <resource ref="Magento_Cms::page_delete"/>
         </resources>
     </route>
     <!-- Cms Block -->

app/code/Magento/Customer/Test/Mftf/Section/AdminCustomerShoppingCartSection/AdminCustomerShoppingCartProductItemSection.xml

@@ -14,5 +14,6 @@
         <element name="firstProductCheckbox" type="checkbox" selector="//*[@id='source_products_table']/tbody/tr[1]//*[@name='source_products']"/>
         <element name="addSelectionsToMyCartButton" type="button" selector="//*[@id='products_search']/div[1]//*[text()='Add selections to my cart']"/>
         <element name="addedProductName" type="text" selector="//*[@id='order-items_grid']//*[text()='{{var}}']" parameterized="true"/>
+        <element name="addedProductQty" type="input" selector="//*[@id='order-items_grid']//*[text()='{{var}}']//..//..//*[@class='col-qty']//input" parameterized="true"/>
     </section>
 </sections>

app/code/Magento/Customer/etc/webapi.xml

@@ -227,7 +227,7 @@
     <route url="/V1/customers/:customerId" method="DELETE">
         <service class="Magento\Customer\Api\CustomerRepositoryInterface" method="deleteById"/>
         <resources>
-            <resource ref="Magento_Customer::manage"/>
+            <resource ref="Magento_Customer::delete"/>
         </resources>
     </route>
     <route url="/V1/customers/isEmailAvailable" method="POST">

app/code/Magento/ImportExport/Block/Adminhtml/Import/Frame/Result.php

@@ -102,7 +102,7 @@ public function addError($message)
                 $this->addError($row);
             }
         } else {
-            $this->_messages['error'][] = $message;
+            $this->_messages['error'][] = $this->escapeHtml($message);
         }
         return $this;
     }
@@ -140,7 +140,8 @@ public function addSuccess($message, $appendImportButton = false)
                 $this->addSuccess($row);
             }
         } else {
-            $this->_messages['success'][] = $message . ($appendImportButton ? $this->getImportButtonHtml() : '');
+            $escapedMessage = $this->escapeHtml($message);
+            $this->_messages['success'][] = $escapedMessage . ($appendImportButton ? $this->getImportButtonHtml() : '');
         }
         return $this;
     }