Skip to content

Commit 91f3b68

Browse files
authored
Merge branch '2.4-develop' into patch-4
2 parents f6f7ef2 + 147e077 commit 91f3b68

File tree

9,035 files changed

+170189
-85628
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

9,035 files changed

+170189
-85628
lines changed

.editorconfig

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ trim_trailing_whitespace = false
1414
[*.{yml,yaml,json}]
1515
indent_size = 2
1616

17-
[{composer, auth}.json]
17+
[{composer,auth}.json]
1818
indent_size = 4
1919

2020
[db_schema_whitelist.json]

.github/app-projects-boards-automation.config.yaml

Lines changed: 403 additions & 0 deletions
Large diffs are not rendered by default.

app/code/Magento/AdminAnalytics/Test/Mftf/Test/AdminCheckAnalyticsTrackingTest.xml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
<?xml version="1.0" encoding="UTF-8"?>
22
<!--
33
/**
4-
* Copyright © Magento, Inc. All rights reserved.
5-
* See COPYING.txt for license details.
4+
* Copyright 2025 Adobe
5+
* All Rights Reserved.
66
*/
77
-->
88

@@ -16,6 +16,7 @@
1616
<severity value="MINOR"/>
1717
<testCaseId value="MC-36869"/>
1818
<group value="pr_exclude"/>
19+
<group value="all_bundled_only"/>
1920
</annotations>
2021
<before>
2122
<actionGroup ref="AdminLoginActionGroup" stepKey="LoginAsAdmin"/>
Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
CloseAllDialogBoxes
2+
SelectAdminUsageSetting

app/code/Magento/AdminAnalytics/Test/Unit/Condition/CanViewNotificationTest.php

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
<?php
22
/**
3-
* Copyright © Magento, Inc. All rights reserved.
3+
* Copyright 2024 Adobe
4+
* All rights reserved.
45
* See COPYING.txt for license details.
56
*/
67
declare(strict_types=1);
@@ -75,7 +76,7 @@ public function testIsVisibleLoadDataFromLog($expected, $cacheResponse, $logExis
7576
/**
7677
* @return array
7778
*/
78-
public function isVisibleProvider()
79+
public static function isVisibleProvider()
7980
{
8081
return [
8182
[true, false, false],

app/code/Magento/AdminAnalytics/ViewModel/Metadata.php

Lines changed: 31 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,17 @@
11
<?php
22
/**
3-
* Copyright © Magento, Inc. All rights reserved.
4-
* See COPYING.txt for license details.
3+
* Copyright 2019 Adobe
4+
* All Rights Reserved.
55
*/
66

77
declare(strict_types=1);
88

99
namespace Magento\AdminAnalytics\ViewModel;
1010

1111
use Magento\Config\Model\Config\Backend\Admin\Custom;
12+
use Magento\Csp\Helper\CspNonceProvider;
1213
use Magento\Framework\App\Config\ScopeConfigInterface;
14+
use Magento\Framework\App\ObjectManager;
1315
use Magento\Framework\App\ProductMetadataInterface;
1416
use Magento\Backend\Model\Auth\Session;
1517
use Magento\Framework\App\State;
@@ -21,6 +23,11 @@
2123
*/
2224
class Metadata implements ArgumentInterface
2325
{
26+
/**
27+
* @var string
28+
*/
29+
private $nonce;
30+
2431
/**
2532
* @var State
2633
*/
@@ -41,22 +48,33 @@ class Metadata implements ArgumentInterface
4148
*/
4249
private $config;
4350

51+
/**
52+
* @var CspNonceProvider
53+
*/
54+
private $nonceProvider;
55+
4456
/**
4557
* @param ProductMetadataInterface $productMetadata
4658
* @param Session $authSession
4759
* @param State $appState
4860
* @param ScopeConfigInterface $config
61+
* @param CspNonceProvider|null $nonceProvider
4962
*/
5063
public function __construct(
5164
ProductMetadataInterface $productMetadata,
5265
Session $authSession,
5366
State $appState,
54-
ScopeConfigInterface $config
67+
ScopeConfigInterface $config,
68+
?CspNonceProvider $nonceProvider = null
5569
) {
5670
$this->productMetadata = $productMetadata;
5771
$this->authSession = $authSession;
5872
$this->appState = $appState;
5973
$this->config = $config;
74+
75+
$this->nonceProvider = $nonceProvider ?: ObjectManager::getInstance()->get(CspNonceProvider::class);
76+
77+
$this->nonce = $this->nonceProvider->generateNonce();
6078
}
6179

6280
/**
@@ -156,4 +174,14 @@ public function getCurrentUserRoleName(): string
156174
{
157175
return $this->authSession->getUser()->getRole()->getRoleName();
158176
}
177+
178+
/**
179+
* Get a random nonce for each request.
180+
*
181+
* @return string
182+
*/
183+
public function getNonce(): string
184+
{
185+
return $this->nonce;
186+
}
159187
}

app/code/Magento/AdminAnalytics/composer.json

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,14 @@
55
"sort-packages": true
66
},
77
"require": {
8-
"php": "~8.1.0||~8.2.0||~8.3.0",
8+
"php": "~8.2.0||~8.3.0||~8.4.0",
99
"magento/framework": "*",
1010
"magento/module-backend": "*",
1111
"magento/module-config": "*",
1212
"magento/module-store": "*",
1313
"magento/module-ui": "*",
14-
"magento/module-release-notification": "*"
14+
"magento/module-release-notification": "*",
15+
"magento/module-csp": "*"
1516
},
1617
"type": "magento2-module",
1718
"license": [

app/code/Magento/AdminAnalytics/view/adminhtml/templates/tracking.phtml

Lines changed: 17 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66

77
/**
88
* @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer
9+
* @var \Magento\Framework\Escaper $escaper
910
*/
1011
?>
1112

@@ -22,18 +23,25 @@
2223
<?php
2324
/** @var \Magento\AdminAnalytics\ViewModel\Metadata $metadata */
2425
$metadata = $block->getMetadata();
26+
$nonce = $escaper->escapeJs($metadata->getNonce());
2527
$scriptString = '
2628
var adminAnalyticsMetadata = {
27-
"secure_base_url": "' . $block->escapeJs($metadata->getSecureBaseUrlForScope()) . '",
28-
"version": "' . $block->escapeJs($metadata->getMagentoVersion()) . '",
29-
"product_edition": "' . $block->escapeJs($metadata->getProductEdition()) . '",
30-
"user": "' . $block->escapeJs($metadata->getCurrentUser()) . '",
31-
"mode": "' . $block->escapeJs($metadata->getMode()) . '",
32-
"store_name_default": "' . $block->escapeJs($metadata->getStoreNameForScope()) . '",
33-
"admin_user_created": "' . $block->escapeJs($metadata->getCurrentUserCreatedDate()) . '",
34-
"admin_user_logdate": "' . $block->escapeJs($metadata->getCurrentUserLogDate()) . '",
35-
"admin_user_role_name": "' . $block->escapeJs($metadata->getCurrentUserRoleName()) . '"
29+
"secure_base_url": "' . $escaper->escapeJs($metadata->getSecureBaseUrlForScope()) . '",
30+
"version": "' . $escaper->escapeJs($metadata->getMagentoVersion()) . '",
31+
"product_edition": "' . $escaper->escapeJs($metadata->getProductEdition()) . '",
32+
"user": "' . $escaper->escapeJs($metadata->getCurrentUser()) . '",
33+
"mode": "' . $escaper->escapeJs($metadata->getMode()) . '",
34+
"store_name_default": "' . $escaper->escapeJs($metadata->getStoreNameForScope()) . '",
35+
"admin_user_created": "' . $escaper->escapeJs($metadata->getCurrentUserCreatedDate()) . '",
36+
"admin_user_logdate": "' . $escaper->escapeJs($metadata->getCurrentUserLogDate()) . '",
37+
"admin_user_role_name": "' . $escaper->escapeJs($metadata->getCurrentUserRoleName()) . '"
3638
};
39+
40+
var digitalData = {
41+
"nonce": "' . $nonce . '"
42+
};
43+
44+
var cspNonce = "' . $nonce . '";
3745
';
3846
?>
3947
<?= /* @noEscape */ $secureRenderer->renderTag('script', [], $scriptString, false); ?>
Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
<?php
2+
/**
3+
* Copyright © Magento, Inc. All rights reserved.
4+
* See COPYING.txt for license details.
5+
*/
6+
declare(strict_types=1);
7+
8+
namespace Magento\AdminNotification\Block\Grid\MassAction;
9+
10+
use Magento\AdminNotification\Controller\Adminhtml\Notification\MarkAsRead;
11+
use Magento\Backend\Block\Widget\Grid\Massaction\VisibilityCheckerInterface;
12+
use Magento\Framework\AuthorizationInterface;
13+
14+
/**
15+
* Class checks if mark as read action can be displayed on massaction list
16+
*/
17+
class MarkAsReadVisibility implements VisibilityCheckerInterface
18+
{
19+
/**
20+
* @var AuthorizationInterface
21+
*/
22+
private $authorization;
23+
24+
/**
25+
* @param AuthorizationInterface $authorizationInterface
26+
*/
27+
public function __construct(AuthorizationInterface $authorizationInterface)
28+
{
29+
$this->authorization = $authorizationInterface;
30+
}
31+
32+
/**
33+
* @inheritdoc
34+
*/
35+
public function isVisible()
36+
{
37+
return $this->authorization->isAllowed(MarkAsRead::ADMIN_RESOURCE);
38+
}
39+
}
Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
<?php
2+
/**
3+
* Copyright © Magento, Inc. All rights reserved.
4+
* See COPYING.txt for license details.
5+
*/
6+
declare(strict_types=1);
7+
8+
namespace Magento\AdminNotification\Block\Grid\MassAction;
9+
10+
use Magento\AdminNotification\Controller\Adminhtml\Notification\Remove;
11+
use Magento\Backend\Block\Widget\Grid\Massaction\VisibilityCheckerInterface;
12+
use Magento\Framework\AuthorizationInterface;
13+
14+
/**
15+
* Class checks if remove action can be displayed on massaction list
16+
*/
17+
class RemoveVisibility implements VisibilityCheckerInterface
18+
{
19+
/**
20+
* @var AuthorizationInterface
21+
*/
22+
private $authorization;
23+
24+
/**
25+
* @param AuthorizationInterface $authorizationInterface
26+
*/
27+
public function __construct(AuthorizationInterface $authorizationInterface)
28+
{
29+
$this->authorization = $authorizationInterface;
30+
}
31+
32+
/**
33+
* @inheritdoc
34+
*/
35+
public function isVisible()
36+
{
37+
return $this->authorization->isAllowed(Remove::ADMIN_RESOURCE);
38+
}
39+
}

0 commit comments

Comments
 (0)