Merge remote-tracking branch 'owls/MAGETWO-96009-comment-email-acl' into BugFixPR

Joan He · Joan He · commit 8f08b99ff690 · 2018-12-05T12:23:26.000-06:00
diff --git a/app/code/Magento/Sales/Controller/Adminhtml/Order/AddComment.php b/app/code/Magento/Sales/Controller/Adminhtml/Order/AddComment.php
@@ -1,16 +1,17 @@
 <?php
 /**
- *
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
 namespace Magento\Sales\Controller\Adminhtml\Order;
 
-use Magento\Backend\App\Action;
+use Magento\Framework\App\Action\HttpPostActionInterface;
 use Magento\Sales\Model\Order\Email\Sender\OrderCommentSender;
 
-class AddComment extends \Magento\Sales\Controller\Adminhtml\Order
+/**
+ * Class AddComment
+ */
+class AddComment extends \Magento\Sales\Controller\Adminhtml\Order implements HttpPostActionInterface
 {
     /**
      * Authorization level of a basic admin session
@@ -19,6 +20,11 @@ class AddComment extends \Magento\Sales\Controller\Adminhtml\Order
      */
     const ADMIN_RESOURCE = 'Magento_Sales::comment';
 
+    /**
+     * ACL resource needed to send comment email notification
+     */
+    const ADMIN_SALES_EMAIL_RESOURCE = 'Magento_Sales::emails';
+
     /**
      * Add order comment action
      *
@@ -36,8 +42,12 @@ public function execute()
                     );
                 }
 
-                $notify = isset($data['is_customer_notified']) ? $data['is_customer_notified'] : false;
-                $visible = isset($data['is_visible_on_front']) ? $data['is_visible_on_front'] : false;
+                $notify = $data['is_customer_notified'] ?? false;
+                $visible = $data['is_visible_on_front'] ?? false;
+
+                if ($notify && !$this->_authorization->isAllowed(self::ADMIN_SALES_EMAIL_RESOURCE)) {
+                    $notify = false;
+                }
 
                 $history = $order->addStatusHistoryComment($data['comment'], $data['status']);
                 $history->setIsVisibleOnFront($visible);
diff --git a/app/code/Magento/Sales/Test/Unit/Controller/Adminhtml/Order/AddCommentTest.php b/app/code/Magento/Sales/Test/Unit/Controller/Adminhtml/Order/AddCommentTest.php
@@ -0,0 +1,176 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Sales\Test\Unit\Controller\Adminhtml\Order;
+
+class AddCommentTest extends \PHPUnit\Framework\TestCase
+{
+    /**
+     * @var \Magento\Sales\Controller\Adminhtml\Order\AddComment
+     */
+    private $addCommentController;
+
+    /**
+     * @var \Magento\Backend\App\Action\Context|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $contextMock;
+
+    /**
+     * @var \Magento\Sales\Model\Order|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $orderMock;
+
+    /**
+     * @var \Magento\Backend\Model\View\Result\RedirectFactory|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $resultRedirectFactoryMock;
+
+    /**
+     * @var \Magento\Backend\Model\View\Result\Redirect|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $resultRedirectMock;
+
+    /**
+     * @var \Magento\Framework\App\Request\Http|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $requestMock;
+
+    /**
+     * @var \Magento\Sales\Api\OrderRepositoryInterface|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $orderRepositoryMock;
+
+    /**
+     * @var \Magento\Framework\AuthorizationInterface|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $authorizationMock;
+
+    /**
+     * @var \Magento\Sales\Model\Order\Status\History|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $statusHistoryCommentMock;
+
+    /**
+     * @var \Magento\Framework\ObjectManagerInterface|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $objectManagerMock;
+
+    /**
+     * Test setup
+     */
+    protected function setUp()
+    {
+        $this->contextMock = $this->createMock(\Magento\Backend\App\Action\Context::class);
+        $this->requestMock = $this->createMock(\Magento\Framework\App\Request\Http::class);
+        $this->orderRepositoryMock = $this->createMock(\Magento\Sales\Api\OrderRepositoryInterface::class);
+        $this->orderMock = $this->createMock(\Magento\Sales\Model\Order::class);
+        $this->resultRedirectFactoryMock = $this->createMock(\Magento\Backend\Model\View\Result\RedirectFactory::class);
+        $this->resultRedirectMock = $this->createMock(\Magento\Backend\Model\View\Result\Redirect::class);
+        $this->authorizationMock = $this->createMock(\Magento\Framework\AuthorizationInterface::class);
+        $this->statusHistoryCommentMock = $this->createMock(\Magento\Sales\Model\Order\Status\History::class);
+        $this->objectManagerMock = $this->createMock(\Magento\Framework\ObjectManagerInterface::class);
+
+        $this->contextMock->expects($this->once())->method('getRequest')->willReturn($this->requestMock);
+
+        $objectManagerHelper = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
+        $this->addCommentController = $objectManagerHelper->getObject(
+            \Magento\Sales\Controller\Adminhtml\Order\AddComment::class,
+            [
+                'context' => $this->contextMock,
+                'orderRepository' => $this->orderRepositoryMock,
+                '_authorization' => $this->authorizationMock,
+                '_objectManager' => $this->objectManagerMock
+            ]
+        );
+    }
+
+    /**
+     * @param array $historyData
+     * @param bool $userHasResource
+     * @param bool $expectedNotify
+     *
+     * @dataProvider executeWillNotifyCustomerDataProvider
+     */
+    public function testExecuteWillNotifyCustomer(array $historyData, bool $userHasResource, bool $expectedNotify)
+    {
+        $orderId = 30;
+        $this->requestMock->expects($this->once())->method('getParam')->with('order_id')->willReturn($orderId);
+        $this->orderRepositoryMock->expects($this->once())
+            ->method('get')
+            ->willReturn($this->orderMock);
+        $this->requestMock->expects($this->once())->method('getPost')->with('history')->willReturn($historyData);
+        $this->authorizationMock->expects($this->any())->method('isAllowed')->willReturn($userHasResource);
+        $this->orderMock->expects($this->once())
+            ->method('addStatusHistoryComment')
+            ->willReturn($this->statusHistoryCommentMock);
+        $this->statusHistoryCommentMock->expects($this->once())->method('setIsCustomerNotified')->with($expectedNotify);
+        $this->objectManagerMock->expects($this->once())->method('create')->willReturn(
+            $this->createMock(\Magento\Sales\Model\Order\Email\Sender\OrderCommentSender::class)
+        );
+
+        $this->addCommentController->execute();
+    }
+
+    /**
+     * @return array
+     */
+    public function executeWillNotifyCustomerDataProvider()
+    {
+        return [
+            'User Has Access - Notify True' => [
+                'postData' => [
+                    'comment' => 'Great Product!',
+                    'is_customer_notified' => true,
+                    'status' => 'Processing'
+                ],
+                'userHasResource' => true,
+                'expectedNotify' => true
+            ],
+            'User Has Access - Notify False' => [
+                'postData' => [
+                    'comment' => 'Great Product!',
+                    'is_customer_notified' => false,
+                    'status' => 'Processing'
+                ],
+                'userHasResource' => true,
+                'expectedNotify' => false
+            ],
+            'User Has Access - Notify Unset' => [
+                'postData' => [
+                    'comment' => 'Great Product!',
+                    'status' => 'Processing'
+                ],
+                'userHasResource' => true,
+                'expectedNotify' => false
+            ],
+            'User No Access - Notify True' => [
+                'postData' => [
+                    'comment' => 'Great Product!',
+                    'is_customer_notified' => true,
+                    'status' => 'Processing'
+                ],
+                'userHasResource' => false,
+                'expectedNotify' => false
+            ],
+            'User No Access - Notify False' => [
+                'postData' => [
+                    'comment' => 'Great Product!',
+                    'is_customer_notified' => false,
+                    'status' => 'Processing'
+                ],
+                'userHasResource' => false,
+                'expectedNotify' => false
+            ],
+            'User No Access - Notify Unset' => [
+                'postData' => [
+                    'comment' => 'Great Product!',
+                    'status' => 'Processing'
+                ],
+                'userHasResource' => false,
+                'expectedNotify' => false
+            ],
+        ];
+    }
+}
