[Magento Community Engineering] Community Contributions - 2.4-develop

 - merged latest code from mainline branch

Author: magento-engcom-team

app/code/Magento/AdminAnalytics/Test/Mftf/Test/TrackingScriptTest.xml

@@ -7,13 +7,16 @@
 
 namespace Magento\Catalog\Test\Unit\Ui\DataProvider\Product\Form\Modifier;
 
-use Magento\Catalog\Model\ResourceModel\Category\Collection as CategoryCollection;
-use Magento\Catalog\Model\ResourceModel\Category\CollectionFactory as CategoryCollectionFactory;
 use Magento\Catalog\Ui\DataProvider\Product\Form\Modifier\Categories;
+use Magento\Catalog\Model\ResourceModel\Category\CollectionFactory as CategoryCollectionFactory;
+use Magento\Catalog\Model\ResourceModel\Category\Collection as CategoryCollection;
 use Magento\Framework\AuthorizationInterface;
 use Magento\Framework\DB\Helper as DbHelper;
 use Magento\Framework\UrlInterface;
 use Magento\Store\Model\Store;
+use Magento\Backend\Model\Auth\Session;
+use Magento\Authorization\Model\Role;
+use Magento\User\Model\User;
 use PHPUnit\Framework\MockObject\MockObject;
 
 /**
@@ -51,6 +54,11 @@ class CategoriesTest extends AbstractModifierTest
      */
     private $authorizationMock;
 
+    /**
+     * @var Session|MockObject
+     */
+    private $sessionMock;
+
     protected function setUp(): void
     {
         parent::setUp();
@@ -72,7 +80,10 @@ protected function setUp(): void
         $this->authorizationMock = $this->getMockBuilder(AuthorizationInterface::class)
             ->disableOriginalConstructor()
             ->getMockForAbstractClass();
-
+        $this->sessionMock = $this->getMockBuilder(Session::class)
+            ->setMethods(['getUser'])
+            ->disableOriginalConstructor()
+            ->getMock();
         $this->categoryCollectionFactoryMock->expects($this->any())
             ->method('create')
             ->willReturn($this->categoryCollectionMock);
@@ -88,6 +99,26 @@ protected function setUp(): void
         $this->categoryCollectionMock->expects($this->any())
             ->method('getIterator')
             ->willReturn(new \ArrayIterator([]));
+
+        $roleAdmin = $this->getMockBuilder(Role::class)
+            ->setMethods(['getId'])
+            ->disableOriginalConstructor()
+            ->getMock();
+        $roleAdmin->expects($this->any())
+            ->method('getId')
+            ->willReturn(0);
+
+        $userAdmin = $this->getMockBuilder(User::class)
+            ->setMethods(['getRole'])
+            ->disableOriginalConstructor()
+            ->getMock();
+        $userAdmin->expects($this->any())
+            ->method('getRole')
+            ->willReturn($roleAdmin);
+
+        $this->sessionMock->expects($this->any())
+            ->method('getUser')
+            ->willReturn($userAdmin);
     }
 
     /**
@@ -101,11 +132,28 @@ protected function createModel()
                 'locator' => $this->locatorMock,
                 'categoryCollectionFactory' => $this->categoryCollectionFactoryMock,
                 'arrayManager' => $this->arrayManagerMock,
-                'authorization' => $this->authorizationMock
+                'authorization' => $this->authorizationMock,
+                'session' => $this->sessionMock
             ]
         );
     }
 
+    /**
+     * @param object $object
+     * @param string $method
+     * @param array $args
+     * @return mixed
+     * @throws \ReflectionException
+     */
+    private function invokeMethod($object, $method, $args = [])
+    {
+        $class = new \ReflectionClass(Categories::class);
+        $method = $class->getMethod($method);
+        $method->setAccessible(true);
+
+        return $method->invokeArgs($object, $args);
+    }
+
     public function testModifyData()
     {
         $this->assertSame([], $this->getModel()->modifyData([]));
@@ -176,4 +224,44 @@ public function modifyMetaLockedDataProvider()
     {
         return [[true], [false]];
     }
+
+    /**
+     * Asserts that a user with an ACL role ID of 0 and a user with an ACL role ID of 1 do not have the same cache IDs
+     * Assumes a store ID of 0
+     *
+     * @throws \ReflectionException
+     */
+    public function testAclCacheIds()
+    {
+        $categoriesAdmin = $this->createModel();
+        $cacheIdAdmin = $this->invokeMethod($categoriesAdmin, 'getCategoriesTreeCacheId', [0]);
+
+        $roleAclUser = $this->getMockBuilder(Role::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+        $roleAclUser->expects($this->any())
+            ->method('getId')
+            ->willReturn(1);
+
+        $userAclUser = $this->getMockBuilder(User::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+        $userAclUser->expects($this->any())
+            ->method('getRole')
+            ->will($this->returnValue($roleAclUser));
+
+        $this->sessionMock = $this->getMockBuilder(Session::class)
+            ->setMethods(['getUser'])
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        $this->sessionMock->expects($this->any())
+            ->method('getUser')
+            ->will($this->returnValue($userAclUser));
+
+        $categoriesAclUser = $this->createModel();
+        $cacheIdAclUser = $this->invokeMethod($categoriesAclUser, 'getCategoriesTreeCacheId', [0]);
+
+        $this->assertNotEquals($cacheIdAdmin, $cacheIdAclUser);
+    }
 }

app/code/Magento/Catalog/Test/Unit/Ui/DataProvider/Product/Form/Modifier/CategoriesTest.php

@@ -18,12 +18,14 @@
 use Magento\Framework\UrlInterface;
 use Magento\Framework\Stdlib\ArrayManager;
 use Magento\Framework\AuthorizationInterface;
+use Magento\Backend\Model\Auth\Session;
 
 /**
  * Data provider for categories field of product page
  *
  * @api
  * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ * @SuppressWarnings(PHPMD.CookieAndSessionMisuse)
  * @since 101.0.0
  */
 class Categories extends AbstractModifier
@@ -86,6 +88,11 @@ class Categories extends AbstractModifier
      */
     private $authorization;
 
+    /**
+     * @var Session
+     */
+    private $session;
+
     /**
      * @param LocatorInterface $locator
      * @param CategoryCollectionFactory $categoryCollectionFactory
@@ -94,6 +101,7 @@ class Categories extends AbstractModifier
      * @param ArrayManager $arrayManager
      * @param SerializerInterface $serializer
      * @param AuthorizationInterface $authorization
+     * @param Session $session
      */
     public function __construct(
         LocatorInterface $locator,
@@ -102,7 +110,8 @@ public function __construct(
         UrlInterface $urlBuilder,
         ArrayManager $arrayManager,
         SerializerInterface $serializer = null,
-        AuthorizationInterface $authorization = null
+        AuthorizationInterface $authorization = null,
+        Session $session = null
     ) {
         $this->locator = $locator;
         $this->categoryCollectionFactory = $categoryCollectionFactory;
@@ -111,6 +120,7 @@ public function __construct(
         $this->arrayManager = $arrayManager;
         $this->serializer = $serializer ?: ObjectManager::getInstance()->get(SerializerInterface::class);
         $this->authorization = $authorization ?: ObjectManager::getInstance()->get(AuthorizationInterface::class);
+        $this->session = $session ?: ObjectManager::getInstance()->get(Session::class);
     }
 
     /**
@@ -370,10 +380,16 @@ protected function getCategoriesTree($filter = null)
      * @param string $filter
      * @return string
      */
-    private function getCategoriesTreeCacheId(int $storeId, string $filter = '') : string
+    private function getCategoriesTreeCacheId(int $storeId, string $filter = ''): string
     {
+        if ($this->session->getUser() !== null) {
+            return self::CATEGORY_TREE_ID
+                . '_' . (string)$storeId
+                . '_' . $this->session->getUser()->getAclRole()
+                . '_' . $filter;
+        }
         return self::CATEGORY_TREE_ID
-            . '_' . (string) $storeId
+            . '_' . (string)$storeId
             . '_' . $filter;
     }
 

app/code/Magento/Catalog/Ui/DataProvider/Product/Form/Modifier/Categories.php

@@ -7,6 +7,7 @@
 
 namespace Magento\CmsUrlRewrite\Plugin\Cms\Model\Store;
 
+use Magento\Cms\Api\Data\PageInterface;
 use Magento\Cms\Api\PageRepositoryInterface;
 use Magento\CmsUrlRewrite\Model\CmsPageUrlRewriteGenerator;
 use Magento\Framework\Api\SearchCriteriaBuilder;
@@ -21,6 +22,8 @@
  */
 class View
 {
+    private const ALL_STORE_VIEWS = '0';
+
     /**
      * @var UrlPersistInterface
      */
@@ -89,14 +92,27 @@ private function generateCmsPagesUrls(int $storeId): array
     {
         $rewrites = [];
         $urls = [];
-        $searchCriteria = $this->searchCriteriaBuilder->create();
-        $cmsPagesCollection = $this->pageRepository->getList($searchCriteria)->getItems();
-        foreach ($cmsPagesCollection as $page) {
+
+        foreach ($this->getCmsPageItems() as $page) {
             $page->setStoreId($storeId);
             $rewrites[] = $this->cmsPageUrlRewriteGenerator->generate($page);
         }
         $urls = array_merge($urls, ...$rewrites);
 
         return $urls;
     }
+
+    /**
+     * Return cms page items for all store view
+     *
+     * @return PageInterface[]
+     */
+    private function getCmsPageItems(): array
+    {
+        $searchCriteria = $this->searchCriteriaBuilder->addFilter('store_id', self::ALL_STORE_VIEWS)
+            ->create();
+        $list = $this->pageRepository->getList($searchCriteria);
+
+        return $list->getItems();
+    }
 }

app/code/Magento/CmsUrlRewrite/Plugin/Cms/Model/Store/View.php

@@ -7,7 +7,10 @@
 namespace Magento\Customer\Model\Plugin;
 
 use Magento\Authorization\Model\UserContextInterface;
+use Magento\Customer\Model\CustomerFactory;
+use Magento\Customer\Model\ResourceModel\Customer as CustomerResource;
 use Magento\Integration\Api\AuthorizationServiceInterface as AuthorizationService;
+use Magento\Store\Model\StoreManagerInterface;
 
 /**
  * Plugin around \Magento\Framework\Authorization::isAllowed
@@ -19,16 +22,41 @@ class CustomerAuthorization
     /**
      * @var UserContextInterface
      */
-    protected $userContext;
+    private $userContext;
+
+    /**
+     * @var CustomerFactory
+     */
+    private $customerFactory;
+
+    /**
+     * @var CustomerResource
+     */
+    private $customerResource;
+
+    /**
+     * @var StoreManagerInterface
+     */
+    private $storeManager;
 
     /**
      * Inject dependencies.
      *
      * @param UserContextInterface $userContext
+     * @param CustomerFactory $customerFactory
+     * @param CustomerResource $customerResource
+     * @param StoreManagerInterface $storeManager
      */
-    public function __construct(UserContextInterface $userContext)
-    {
+    public function __construct(
+        UserContextInterface $userContext,
+        CustomerFactory $customerFactory,
+        CustomerResource $customerResource,
+        StoreManagerInterface $storeManager
+    ) {
         $this->userContext = $userContext;
+        $this->customerFactory = $customerFactory;
+        $this->customerResource = $customerResource;
+        $this->storeManager = $storeManager;
     }
 
     /**
@@ -53,9 +81,15 @@ public function aroundIsAllowed(
             && $this->userContext->getUserId()
             && $this->userContext->getUserType() === UserContextInterface::USER_TYPE_CUSTOMER
         ) {
-            return true;
-        } else {
-            return $proceed($resource, $privilege);
+            $customer = $this->customerFactory->create();
+            $this->customerResource->load($customer, $this->userContext->getUserId());
+            $currentStoreId = $this->storeManager->getStore()->getId();
+            $sharedStoreIds = $customer->getSharedStoreIds();
+            if (in_array($currentStoreId, $sharedStoreIds)) {
+                return true;
+            }
         }
+
+        return $proceed($resource, $privilege);
     }
 }

app/code/Magento/Customer/Model/Plugin/CustomerAuthorization.php

@@ -3,6 +3,7 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+declare(strict_types=1);
 
 namespace %moduleName%\Setup\Patch\%patchType%;
 
@@ -36,20 +37,18 @@ class %class% implements %implementsInterfaces%
     }
 %revertFunction%
     /**
-     * {@inheritdoc}
+     * @inheritdoc
      */
     public function getAliases()
     {
         return [];
     }
 
     /**
-     * {@inheritdoc}
+     * @inheritdoc
      */
     public static function getDependencies()
     {
-        return [
-
-        ];
+        return [];
     }
 }