MAGETWO-98202: Additional Permissions for Design settings

Author: OlgaVasyltsun

app/code/Magento/Catalog/Model/Category.php

@@ -946,12 +946,9 @@ public function beforeSave()
                 || $userType === UserContextInterface::USER_TYPE_INTEGRATION)
             && !$this->authorization->isAllowed('Magento_Catalog::edit_category_design')
         ) {
-            $this->setData('custom_design', $this->getOrigData('custom_design'));
-            $this->setData('custom_design_from', $this->getOrigData('custom_design_from'));
-            $this->setData('custom_design_to', $this->getOrigData('custom_design_to'));
-            $this->setData('page_layout', $this->getOrigData('page_layout'));
-            $this->setData('custom_layout_update', $this->getOrigData('custom_layout_update'));
-            $this->setData('custom_apply_to_products', $this->getOrigData('custom_apply_to_products'));
+            foreach ($this->_designAttributes as $attributeCode) {
+                $this->setData($attributeCode, $this->getOrigData($attributeCode));
+            }
         }
 
         return parent::beforeSave();

app/code/Magento/Catalog/Model/Category/DataProvider.php

@@ -11,6 +11,7 @@
 use Magento\Eav\Model\Config;
 use Magento\Eav\Model\Entity\Type;
 use Magento\Catalog\Model\ResourceModel\Category\CollectionFactory as CategoryCollectionFactory;
+use Magento\Framework\App\ObjectManager;
 use Magento\Store\Model\Store;
 use Magento\Store\Model\StoreManagerInterface;
 use Magento\Ui\Component\Form\Field;
@@ -116,7 +117,7 @@ class DataProvider extends \Magento\Ui\DataProvider\AbstractDataProvider
     /**
      * @var AuthorizationInterface
      */
-    private $auth;
+    private $authorization;
 
     /**
      * DataProvider constructor
@@ -133,7 +134,7 @@ class DataProvider extends \Magento\Ui\DataProvider\AbstractDataProvider
      * @param CategoryFactory $categoryFactory
      * @param array $meta
      * @param array $data
-     * @param AuthorizationInterface|null $auth
+     * @param AuthorizationInterface|null $authorization
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
@@ -149,7 +150,7 @@ public function __construct(
         CategoryFactory $categoryFactory,
         array $meta = [],
         array $data = [],
-        AuthorizationInterface $auth = null
+        AuthorizationInterface $authorization = null
     ) {
         $this->eavValidationRules = $eavValidationRules;
         $this->collection = $categoryCollectionFactory->create();
@@ -159,7 +160,7 @@ public function __construct(
         $this->storeManager = $storeManager;
         $this->request = $request;
         $this->categoryFactory = $categoryFactory;
-        $this->auth = $auth ?: \Magento\Framework\App\ObjectManager::getInstance()->get(AuthorizationInterface::class);
+        $this->authorization = $authorization ?: ObjectManager::getInstance()->get(AuthorizationInterface::class);
 
         parent::__construct($name, $primaryFieldName, $requestFieldName, $meta, $data);
         $this->meta = $this->prepareMeta($this->meta);
@@ -190,7 +191,7 @@ public function prepareMeta($meta)
      */
     private function prepareFieldsMeta($fieldsMap, $fieldsMeta)
     {
-        $canEditDesign = $this->auth->isAllowed('Magento_Catalog::edit_category_design');
+        $canEditDesign = $this->authorization->isAllowed('Magento_Catalog::edit_category_design');
 
         $result = [];
         foreach ($fieldsMap as $fieldSet => $fields) {

app/code/Magento/Catalog/Model/Product.php

@@ -881,6 +881,9 @@ public function beforeSave()
             $this->setData('page_layout', $this->getOrigData('page_layout'));
             $this->setData('options_container', $this->getOrigData('options_container'));
             $this->setData('custom_layout_update', $this->getOrigData('custom_layout_update'));
+            $this->setData('custom_design_from', $this->getOrigData('custom_design_from'));
+            $this->setData('custom_design_to', $this->getOrigData('custom_design_to'));
+            $this->setData('custom_layout', $this->getOrigData('custom_layout'));
         }
 
         $hasOptions = false;

app/code/Magento/Catalog/Ui/DataProvider/Product/Form/Modifier/Eav.php

@@ -172,7 +172,22 @@ class Eav extends AbstractModifier
     /**
      * @var AuthorizationInterface
      */
-    private $auth;
+    private $authorization;
+
+    /**
+     * Product design attribute codes.
+     *
+     * @var array
+     */
+    private $designAttributeCodes = [
+        'custom_design',
+        'page_layout',
+        'options_container',
+        'custom_layout_update',
+        'custom_design_from',
+        'custom_design_to',
+        'custom_layout',
+    ];
 
     /**
      * @param LocatorInterface $locator
@@ -194,7 +209,7 @@ class Eav extends AbstractModifier
      * @param DataPersistorInterface $dataPersistor
      * @param array $attributesToDisable
      * @param array $attributesToEliminate
-     * @param AuthorizationInterface|null $auth
+     * @param AuthorizationInterface|null $authorization
      *
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
@@ -218,7 +233,7 @@ public function __construct(
         DataPersistorInterface $dataPersistor,
         $attributesToDisable = [],
         $attributesToEliminate = [],
-        AuthorizationInterface $auth = null
+        AuthorizationInterface $authorization = null
     ) {
         $this->locator = $locator;
         $this->catalogEavValidationRules = $catalogEavValidationRules;
@@ -239,7 +254,7 @@ public function __construct(
         $this->dataPersistor = $dataPersistor;
         $this->attributesToDisable = $attributesToDisable;
         $this->attributesToEliminate = $attributesToEliminate;
-        $this->auth = $auth ?: ObjectManager::getInstance()->get(AuthorizationInterface::class);
+        $this->authorization = $authorization ?: ObjectManager::getInstance()->get(AuthorizationInterface::class);
     }
 
     /**
@@ -636,9 +651,8 @@ public function setupAttributeMeta(ProductAttributeInterface $attribute, $groupC
         }
 
         //Checking access to design config.
-        $designAttributeCodes = ['custom_design', 'page_layout', 'options_container', 'custom_layout_update'];
-        if (in_array($attributeCode, $designAttributeCodes, true)) {
-            if (!$this->auth->isAllowed('Magento_Catalog::edit_product_design')) {
+        if (in_array($attributeCode, $this->designAttributeCodes, true)) {
+            if (!$this->authorization->isAllowed('Magento_Catalog::edit_product_design')) {
                 $meta = $this->arrayManager->merge(
                     $configPath,
                     $meta,

app/code/Magento/Cms/Model/Page/DataProvider.php

@@ -33,7 +33,7 @@ class DataProvider extends \Magento\Ui\DataProvider\AbstractDataProvider
     /**
      * @var AuthorizationInterface
      */
-    protected $auth;
+    private $authorization;
 
     /**
      * @param string $name
@@ -43,7 +43,7 @@ class DataProvider extends \Magento\Ui\DataProvider\AbstractDataProvider
      * @param DataPersistorInterface $dataPersistor
      * @param array $meta
      * @param array $data
-     * @param AuthorizationInterface|null $auth
+     * @param AuthorizationInterface|null $authorization
      */
     public function __construct(
         $name,
@@ -53,12 +53,12 @@ public function __construct(
         DataPersistorInterface $dataPersistor,
         array $meta = [],
         array $data = [],
-        AuthorizationInterface $auth = null
+        AuthorizationInterface $authorization = null
     ) {
         $this->collection = $pageCollectionFactory->create();
         $this->dataPersistor = $dataPersistor;
         parent::__construct($name, $primaryFieldName, $requestFieldName, $meta, $data);
-        $this->auth = $auth ?: ObjectManager::getInstance()->get(AuthorizationInterface::class);
+        $this->authorization = $authorization ?: ObjectManager::getInstance()->get(AuthorizationInterface::class);
         $this->meta = $this->prepareMeta($this->meta);
     }
 
@@ -107,7 +107,7 @@ public function getMeta()
     {
         $meta = parent::getMeta();
 
-        if (!$this->auth->isAllowed('Magento_Cms::save_design')) {
+        if (!$this->authorization->isAllowed('Magento_Cms::save_design')) {
             $designMeta = [
                 'design' => [
                     'arguments' => [
@@ -118,6 +118,15 @@ public function getMeta()
                         ],
                     ],
                 ],
+                'custom_design_update' => [
+                    'arguments' => [
+                        'data' => [
+                            'config' => [
+                                'disabled' => true,
+                            ],
+                        ],
+                    ],
+                ],
             ];
             $meta = array_merge_recursive($meta, $designMeta);
         }

app/code/Magento/Cms/Model/PageRepository.php

@@ -139,12 +139,18 @@ public function save(\Magento\Cms\Api\Data\PageInterface $page)
                     $page->setPageLayout(null);
                     $page->setCustomTheme(null);
                     $page->setCustomLayoutUpdateXml(null);
+                    $page->setCustomRootTemplate(null);
+                    $page->setCustomThemeFrom(null);
+                    $page->setCustomThemeTo(null);
                 } else {
                     $savedPage = $this->getById($page->getId());
                     $page->setLayoutUpdateXml($savedPage->getLayoutUpdateXml());
                     $page->setPageLayout($savedPage->getPageLayout());
                     $page->setCustomTheme($savedPage->getCustomTheme());
                     $page->setCustomLayoutUpdateXml($savedPage->getCustomLayoutUpdateXml());
+                    $page->setCustomRootTemplate($savedPage->getCustomRootTemplate());
+                    $page->setCustomThemeFrom($savedPage->getCustomThemeFrom());
+                    $page->setCustomThemeTo($savedPage->getCustomThemeTo());
                 }
             }
 

dev/tests/integration/testsuite/Magento/Catalog/Model/CategoryRepositoryTest.php

@@ -27,7 +27,7 @@ class CategoryRepositoryTest extends \PHPUnit_Framework_TestCase
     /**
      * @var Auth
      */
-    private $auth;
+    private $authorization;
 
     /**
      * @var Builder
@@ -42,7 +42,7 @@ class CategoryRepositoryTest extends \PHPUnit_Framework_TestCase
     protected function setUp()
     {
         $this->repository = Bootstrap::getObjectManager()->create(CategoryRepositoryInterface::class);
-        $this->auth = Bootstrap::getObjectManager()->get(Auth::class);
+        $this->authorization = Bootstrap::getObjectManager()->get(Auth::class);
         $this->aclBuilder = Bootstrap::getObjectManager()->get(Builder::class);
     }
 
@@ -53,7 +53,7 @@ protected function tearDown()
     {
         parent::tearDown();
 
-        $this->auth->logout();
+        $this->authorization->logout();
     }
 
     /**
@@ -67,7 +67,7 @@ protected function tearDown()
     public function testSaveDesign()
     {
         $category = $this->repository->get(333);
-        $this->auth->login(TestBootstrap::ADMIN_NAME, TestBootstrap::ADMIN_PASSWORD);
+        $this->authorization->login(TestBootstrap::ADMIN_NAME, TestBootstrap::ADMIN_PASSWORD);
 
         //Admin doesn't have access to category's design.
         $this->aclBuilder->getAcl()->deny(null, 'Magento_Catalog::edit_category_design');

dev/tests/integration/testsuite/Magento/Catalog/Model/ProductRepositoryTest.php

@@ -30,7 +30,7 @@ class ProductRepositoryTest extends \PHPUnit_Framework_TestCase
     /**
      * @var Auth
      */
-    private $auth;
+    private $authorization;
 
     /**
      * @var Builder
@@ -43,7 +43,7 @@ class ProductRepositoryTest extends \PHPUnit_Framework_TestCase
     protected function setUp()
     {
         $this->productRepository = Bootstrap::getObjectManager()->get(ProductRepositoryInterface::class);
-        $this->auth = Bootstrap::getObjectManager()->get(Auth::class);
+        $this->authorization = Bootstrap::getObjectManager()->get(Auth::class);
         $this->aclBuilder = Bootstrap::getObjectManager()->get(Builder::class);
     }
 
@@ -54,7 +54,7 @@ protected function tearDown()
     {
         parent::tearDown();
 
-        $this->auth->logout();
+        $this->authorization->logout();
     }
 
     /**
@@ -66,7 +66,7 @@ protected function tearDown()
     public function testSaveDesign()
     {
         $product = $this->productRepository->get('simple');
-        $this->auth->login(TestBootstrap::ADMIN_NAME, TestBootstrap::ADMIN_PASSWORD);
+        $this->authorization->login(TestBootstrap::ADMIN_NAME, TestBootstrap::ADMIN_PASSWORD);
 
         //Admin doesn't have access to product's design.
         $this->aclBuilder->getAcl()->deny(null, 'Magento_Catalog::edit_product_design');

dev/tests/integration/testsuite/Magento/Cms/Model/PageRepositoryTest.php

@@ -29,7 +29,7 @@ class PageRepositoryTest extends \PHPUnit_Framework_TestCase
     /**
      * @var Auth
      */
-    private $auth;
+    private $authorization;
 
     /**
      * @var SearchCriteriaBuilder
@@ -54,7 +54,7 @@ class PageRepositoryTest extends \PHPUnit_Framework_TestCase
     protected function setUp()
     {
         $this->repository = Bootstrap::getObjectManager()->create(PageRepositoryInterface::class);
-        $this->auth = Bootstrap::getObjectManager()->get(Auth::class);
+        $this->authorization = Bootstrap::getObjectManager()->get(Auth::class);
         $this->criteriaBuilder = Bootstrap::getObjectManager()->get(SearchCriteriaBuilder::class);
         $this->aclBuilder = Bootstrap::getObjectManager()->get(Builder::class);
         $this->pageCollectionFactory = Bootstrap::getObjectManager()->get(PageCollectionFactory::class);
@@ -67,7 +67,7 @@ protected function tearDown()
     {
         parent::tearDown();
 
-        $this->auth->logout();
+        $this->authorization->logout();
     }
 
     /**
@@ -84,7 +84,7 @@ public function testSaveDesign()
         $pagesCollection->addFieldToFilter('identifier', ['eq' => 'page_design_blank']);
         $page = $pagesCollection->getFirstItem();
 
-        $this->auth->login(TestBootstrap::ADMIN_NAME, TestBootstrap::ADMIN_PASSWORD);
+        $this->authorization->login(TestBootstrap::ADMIN_NAME, TestBootstrap::ADMIN_PASSWORD);
 
         //Admin doesn't have access to page's design.
         $this->aclBuilder->getAcl()->deny(null, 'Magento_Cms::save_design');