Merge pull request #5824 from magento-tsg/2.3.6-develop-pr139

[TSG] Fixes for 2.3 (pr139) (2.3.6-develop)

Author: zakdma

app/code/Magento/Authorization/Model/ResourceModel/Role.php

@@ -119,6 +119,8 @@ protected function _afterDelete(\Magento\Framework\Model\AbstractModel $role)
 
         $connection->delete($this->_ruleTable, ['role_id = ?' => (int)$role->getId()]);
 
+        $this->_cache->clean(\Zend_Cache::CLEANING_MODE_MATCHING_TAG, [\Magento\Backend\Block\Menu::CACHE_TAGS]);
+
         return $this;
     }
 

app/code/Magento/Authorization/Model/Role.php

@@ -33,6 +33,11 @@ class Role extends \Magento\Framework\Model\AbstractModel
      */
     protected $_eventPrefix = 'authorization_roles';
 
+    /**
+     * @var string
+     */
+    protected $_cacheTag = 'user_assigned_role';
+
     /**
      * @param \Magento\Framework\Model\Context $context
      * @param \Magento\Framework\Registry $registry

app/code/Magento/Backend/Model/Auth/Session.php

@@ -5,8 +5,10 @@
  */
 namespace Magento\Backend\Model\Auth;
 
+use Magento\Framework\App\ObjectManager;
 use Magento\Framework\Stdlib\Cookie\CookieMetadataFactory;
 use Magento\Framework\Stdlib\CookieManagerInterface;
+use Magento\Framework\Message\ManagerInterface;
 
 /**
  * Backend Auth session model
@@ -56,6 +58,11 @@ class Session extends \Magento\Framework\Session\SessionManager implements \Mage
      */
     protected $_config;
 
+    /**
+     * @var ManagerInterface
+     */
+    private $messageManager;
+
     /**
      * @param \Magento\Framework\App\Request\Http $request
      * @param \Magento\Framework\Session\SidResolverInterface $sidResolver
@@ -69,6 +76,7 @@ class Session extends \Magento\Framework\Session\SessionManager implements \Mage
      * @param \Magento\Framework\Acl\Builder $aclBuilder
      * @param \Magento\Backend\Model\UrlInterface $backendUrl
      * @param \Magento\Backend\App\ConfigInterface $config
+     * @param ManagerInterface $messageManager
      * @throws \Magento\Framework\Exception\SessionException
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
@@ -84,11 +92,13 @@ public function __construct(
         \Magento\Framework\App\State $appState,
         \Magento\Framework\Acl\Builder $aclBuilder,
         \Magento\Backend\Model\UrlInterface $backendUrl,
-        \Magento\Backend\App\ConfigInterface $config
+        \Magento\Backend\App\ConfigInterface $config,
+        ManagerInterface $messageManager = null
     ) {
         $this->_config = $config;
         $this->_aclBuilder = $aclBuilder;
         $this->_backendUrl = $backendUrl;
+        $this->messageManager = $messageManager ?? ObjectManager::getInstance()->get(ManagerInterface::class);
         parent::__construct(
             $request,
             $sidResolver,
@@ -171,6 +181,25 @@ public function isLoggedIn()
      */
     public function prolong()
     {
+        $sessionUser = $this->getUser();
+        $errorMessage = '';
+        if ($sessionUser !== null) {
+            if ((int)$sessionUser->getIsActive() !== 1) {
+                $errorMessage = 'The account sign-in was incorrect or your account is disabled temporarily. '
+                    . 'Please wait and try again later.';
+            }
+            if (!$sessionUser->hasAssigned2Role($sessionUser->getId())) {
+                $errorMessage = 'More permissions are needed to access this.';
+            }
+
+            if (!empty($errorMessage)) {
+                $this->destroy();
+                $this->messageManager->addErrorMessage(__($errorMessage));
+
+                return;
+            }
+        }
+
         $lifetime = $this->_config->getValue(self::XML_PATH_SESSION_LIFETIME);
         $cookieValue = $this->cookieManager->getCookie($this->getName());
 

app/code/Magento/User/Controller/Adminhtml/User/Role/SaveRole.php

@@ -102,11 +102,12 @@ public function execute()
                 'admin_permissions_role_prepare_save',
                 ['object' => $role, 'request' => $this->getRequest()]
             );
-            $role->save();
-
-            $this->_rulesFactory->create()->setRoleId($role->getId())->setResources($resource)->saveRel();
             $this->processPreviousUsers($role, $oldRoleUsers);
             $this->processCurrentUsers($role, $roleUsers);
+
+            $role->save();
+            $this->_rulesFactory->create()->setRoleId($role->getId())->setResources($resource)->saveRel();
+
             $this->messageManager->addSuccessMessage(__('You saved the role.'));
         } catch (UserLockedException $e) {
             $this->_auth->logout();
@@ -155,6 +156,7 @@ protected function validateUser()
     private function parseRequestVariable($paramName): array
     {
         $value = $this->getRequest()->getParam($paramName, null);
+        // phpcs:ignore Magento2.Functions.DiscouragedFunction
         parse_str($value, $value);
         $value = array_keys($value);
         return $value;

app/code/Magento/User/Model/ResourceModel/User.php

@@ -14,6 +14,7 @@
 use Magento\Framework\Acl\Data\CacheInterface;
 use Magento\Framework\App\ObjectManager;
 use Magento\Framework\Exception\LocalizedException;
+use Magento\Framework\Model\AbstractModel;
 use Magento\User\Model\Backend\Config\ObserverConfig;
 use Magento\User\Model\User as ModelUser;
 
@@ -146,7 +147,7 @@ public function hasAssigned2Role($user)
     {
         if (is_numeric($user)) {
             $userId = $user;
-        } elseif ($user instanceof \Magento\Framework\Model\AbstractModel) {
+        } elseif ($user instanceof AbstractModel) {
             $userId = $user->getUserId();
         } else {
             return null;
@@ -171,13 +172,25 @@ public function hasAssigned2Role($user)
         }
     }
 
+    /**
+     * @inheritDoc
+     */
+    protected function _beforeSave(AbstractModel $user)
+    {
+        if ($user->hasRoleId()) {
+            $user->setReloadAclFlag(1);
+        }
+
+        return parent::_beforeSave($user);
+    }
+
     /**
      * Unserialize user extra data after user save
      *
-     * @param \Magento\Framework\Model\AbstractModel $user
+     * @param AbstractModel $user
      * @return $this
      */
-    protected function _afterSave(\Magento\Framework\Model\AbstractModel $user)
+    protected function _afterSave(AbstractModel $user)
     {
         $user->setExtra($this->getSerializer()->unserialize($user->getExtra()));
         if ($user->hasRoleId()) {
@@ -234,10 +247,10 @@ protected function _createUserRole($parentId, ModelUser $user)
     /**
      * Unserialize user extra data after user load
      *
-     * @param \Magento\Framework\Model\AbstractModel $user
+     * @param AbstractModel $user
      * @return $this
      */
-    protected function _afterLoad(\Magento\Framework\Model\AbstractModel $user)
+    protected function _afterLoad(AbstractModel $user)
     {
         if (is_string($user->getExtra())) {
             $user->setExtra($this->getSerializer()->unserialize($user->getExtra()));
@@ -248,11 +261,11 @@ protected function _afterLoad(\Magento\Framework\Model\AbstractModel $user)
     /**
      * Delete user role record with user
      *
-     * @param \Magento\Framework\Model\AbstractModel $user
+     * @param AbstractModel $user
      * @return bool
      * @throws LocalizedException
      */
-    public function delete(\Magento\Framework\Model\AbstractModel $user)
+    public function delete(AbstractModel $user)
     {
         $uid = $user->getId();
         if (!$uid) {
@@ -284,10 +297,10 @@ public function delete(\Magento\Framework\Model\AbstractModel $user)
     /**
      * Get user roles
      *
-     * @param \Magento\Framework\Model\AbstractModel $user
+     * @param AbstractModel $user
      * @return array
      */
-    public function getRoles(\Magento\Framework\Model\AbstractModel $user)
+    public function getRoles(AbstractModel $user)
     {
         if (!$user->getId()) {
             return [];
@@ -325,10 +338,10 @@ public function getRoles(\Magento\Framework\Model\AbstractModel $user)
     /**
      * Delete user role
      *
-     * @param \Magento\Framework\Model\AbstractModel $user
+     * @param AbstractModel $user
      * @return $this
      */
-    public function deleteFromRole(\Magento\Framework\Model\AbstractModel $user)
+    public function deleteFromRole(AbstractModel $user)
     {
         if ($user->getUserId() <= 0) {
             return $this;
@@ -352,10 +365,10 @@ public function deleteFromRole(\Magento\Framework\Model\AbstractModel $user)
     /**
      * Check if role user exists
      *
-     * @param \Magento\Framework\Model\AbstractModel $user
+     * @param AbstractModel $user
      * @return array
      */
-    public function roleUserExists(\Magento\Framework\Model\AbstractModel $user)
+    public function roleUserExists(AbstractModel $user)
     {
         if ($user->getUserId() > 0) {
             $roleTable = $this->getTable('authorization_role');
@@ -382,10 +395,10 @@ public function roleUserExists(\Magento\Framework\Model\AbstractModel $user)
     /**
      * Check if user exists
      *
-     * @param \Magento\Framework\Model\AbstractModel $user
+     * @param AbstractModel $user
      * @return array
      */
-    public function userExists(\Magento\Framework\Model\AbstractModel $user)
+    public function userExists(AbstractModel $user)
     {
         $connection = $this->getConnection();
         $select = $connection->select();
@@ -410,18 +423,18 @@ public function userExists(\Magento\Framework\Model\AbstractModel $user)
     /**
      * Whether a user's identity is confirmed
      *
-     * @param \Magento\Framework\Model\AbstractModel $user
+     * @param AbstractModel $user
      * @return bool
      */
-    public function isUserUnique(\Magento\Framework\Model\AbstractModel $user)
+    public function isUserUnique(AbstractModel $user)
     {
         return !$this->userExists($user);
     }
 
     /**
      * Save user extra data
      *
-     * @param \Magento\Framework\Model\AbstractModel $object
+     * @param AbstractModel $object
      * @param string $data
      * @return $this
      */

app/code/Magento/User/Model/User.php

@@ -38,32 +38,37 @@
 class User extends AbstractModel implements StorageInterface, UserInterface
 {
     /**
-     * @deprecated
+     * @deprecated New functionality has been added. It isn't used anymore
      * @see \Magento\User\Model\Spi\NotificatorInterface
      */
     const XML_PATH_FORGOT_EMAIL_TEMPLATE = 'admin/emails/forgot_email_template';
 
     /**
-     * @deprecated
+     * @deprecated New functionality has been added. It isn't used anymore
      * @see \Magento\User\Model\Spi\NotificatorInterface
      */
     const XML_PATH_FORGOT_EMAIL_IDENTITY = 'admin/emails/forgot_email_identity';
 
     /**
-     * @deprecated
+     * @deprecated New functionality has been added. It isn't used anymore
      * @see \Magento\User\Model\Spi\NotificatorInterface
      */
     const XML_PATH_USER_NOTIFICATION_TEMPLATE = 'admin/emails/user_notification_template';
 
     /**
      * Configuration paths for admin user reset password email template
      *
-     * @deprecated
+     * @deprecated New functionality has been added. It isn't used anymore
      */
     const XML_PATH_RESET_PASSWORD_TEMPLATE = 'admin/emails/reset_password_template';
 
     const MESSAGE_ID_PASSWORD_EXPIRED = 'magento_user_password_expired';
 
+    /**
+     * Tag to use for user assigned role caching.
+     */
+    private const CACHE_TAG = 'user_assigned_role';
+
     /**
      * Model event prefix
      *
@@ -148,6 +153,14 @@ class User extends AbstractModel implements StorageInterface, UserInterface
      */
     private $deploymentConfig;
 
+    /**
+     * @var array
+     */
+    protected $_cacheTag = [
+        \Magento\Backend\Block\Menu::CACHE_TAGS,
+        self::CACHE_TAG,
+    ];
+
     /**
      * @param \Magento\Framework\Model\Context $context
      * @param \Magento\Framework\Registry $registry
@@ -683,7 +696,27 @@ public function loadByUsername($username)
      */
     public function hasAssigned2Role($user)
     {
-        return $this->getResource()->hasAssigned2Role($user);
+        if ($user instanceof AbstractModel) {
+            $userId = $user->getUserId();
+        } elseif (is_numeric($user) && (int)$user !== 0) {
+            $userId = $user;
+        } else {
+            return null;
+        }
+        $data = $this->_cacheManager->load('assigned_role_' . $userId);
+        if (false === $data) {
+            $data = $this->getResource()->hasAssigned2Role($user);
+
+            $this->_cacheManager->save(
+                $this->serializer->serialize($data),
+                'assigned_role_' . $userId,
+                [self::CACHE_TAG]
+            );
+        } else {
+            $data = $this->serializer->unserialize($data);
+        }
+
+        return $data;
     }
 
     /**

dev/tests/integration/testsuite/Magento/Framework/Error/ProcessorTest.php

@@ -31,7 +31,10 @@ protected function setUp()
     protected function tearDown()
     {
         $reportDir = $this->processor->_reportDir;
-        $this->removeDirRecursively($reportDir);
+
+        if (is_dir($reportDir)) {
+            $this->removeDirRecursively($reportDir);
+        }
     }
 
     /**
@@ -137,4 +140,16 @@ private function removeDirRecursively(string $dir, int $i = 0): bool
         }
         return rmdir($dir);
     }
+
+    /**
+     * @return void
+     */
+    public function testGetViewFileUrl(): void
+    {
+        $this->processor->_indexDir = __DIR__ . '/version1/magento2';
+        $this->processor->_errorDir = __DIR__ . '/version2/magento2';
+
+        $this->assertNotContains('version2/magento2', $this->processor->getViewFileUrl());
+        $this->assertContains('pub/errors/', $this->processor->getViewFileUrl());
+    }
 }