Merge pull request #4165 from magento-tsg/2.1.18-develop-pr73

[TSG] Backporting for 2.1 (pr73) (2.1.18-develop)

Author: zakdma

app/code/Magento/Catalog/Model/Category.php

@@ -5,9 +5,12 @@
  */
 namespace Magento\Catalog\Model;
 
+use Magento\Authorization\Model\UserContextInterface;
 use Magento\Catalog\Api\CategoryRepositoryInterface;
 use Magento\CatalogUrlRewrite\Model\CategoryUrlRewriteGenerator;
 use Magento\Framework\Api\AttributeValueFactory;
+use Magento\Framework\App\ObjectManager;
+use Magento\Framework\AuthorizationInterface;
 use Magento\Framework\Convert\ConvertArray;
 use Magento\Framework\Exception\NoSuchEntityException;
 use Magento\Framework\Profiler;
@@ -232,6 +235,16 @@ class Category extends \Magento\Catalog\Model\AbstractModel implements
      */
     protected $metadataService;
 
+    /**
+     * @var UserContextInterface
+     */
+    private $userContext;
+
+    /**
+     * @var AuthorizationInterface
+     */
+    private $authorization;
+
     /**
      * @param \Magento\Framework\Model\Context $context
      * @param \Magento\Framework\Registry $registry
@@ -254,6 +267,8 @@ class Category extends \Magento\Catalog\Model\AbstractModel implements
      * @param \Magento\Framework\Model\ResourceModel\AbstractResource $resource
      * @param \Magento\Framework\Data\Collection\AbstractDb $resourceCollection
      * @param array $data
+     * @param UserContextInterface|null $userContext
+     * @param AuthorizationInterface|null $authorization
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
@@ -277,7 +292,9 @@ public function __construct(
         CategoryRepositoryInterface $categoryRepository,
         \Magento\Framework\Model\ResourceModel\AbstractResource $resource = null,
         \Magento\Framework\Data\Collection\AbstractDb $resourceCollection = null,
-        array $data = []
+        array $data = [],
+        UserContextInterface $userContext = null,
+        AuthorizationInterface $authorization = null
     ) {
         $this->metadataService = $metadataService;
         $this->_treeModel = $categoryTreeResource;
@@ -302,6 +319,8 @@ public function __construct(
             $resourceCollection,
             $data
         );
+        $this->userContext = $userContext ?: ObjectManager::getInstance()->get(UserContextInterface::class);
+        $this->authorization = $authorization ?: ObjectManager::getInstance()->get(AuthorizationInterface::class);
     }
 
     /**
@@ -313,10 +332,10 @@ protected function _construct()
     {
         // If Flat Index enabled then use it but only on frontend
         if ($this->flatState->isAvailable()) {
-            $this->_init('Magento\Catalog\Model\ResourceModel\Category\Flat');
+            $this->_init(\Magento\Catalog\Model\ResourceModel\Category\Flat::class);
             $this->_useFlatResource = true;
         } else {
-            $this->_init('Magento\Catalog\Model\ResourceModel\Category');
+            $this->_init(\Magento\Catalog\Model\ResourceModel\Category::class);
         }
     }
 
@@ -916,6 +935,31 @@ public function beforeDelete()
         return parent::beforeDelete();
     }
 
+    /**
+     * @inheritdoc
+     */
+    public function beforeSave()
+    {
+        //Validate changing of design.
+        $userType = $this->userContext->getUserType();
+        if (($userType === UserContextInterface::USER_TYPE_ADMIN
+                || $userType === UserContextInterface::USER_TYPE_INTEGRATION)
+            && !$this->authorization->isAllowed('Magento_Catalog::edit_category_design')
+        ) {
+            foreach ($this->_designAttributes as $attributeCode) {
+                $this->setData($attributeCode, $value = $this->getOrigData($attributeCode));
+                if (!empty($this->_data[self::CUSTOM_ATTRIBUTES])
+                    && array_key_exists($attributeCode, $this->_data[self::CUSTOM_ATTRIBUTES])
+                ) {
+                    //In case custom attribute were used to update the entity.
+                    $this->_data[self::CUSTOM_ATTRIBUTES][$attributeCode]->setValue($value);
+                }
+            }
+        }
+
+        return parent::beforeSave();
+    }
+
     /**
      * Retrieve anchors above
      *

app/code/Magento/Catalog/Model/Category/DataProvider.php

@@ -11,13 +11,15 @@
 use Magento\Eav\Model\Config;
 use Magento\Eav\Model\Entity\Type;
 use Magento\Catalog\Model\ResourceModel\Category\CollectionFactory as CategoryCollectionFactory;
+use Magento\Framework\App\ObjectManager;
 use Magento\Store\Model\Store;
 use Magento\Store\Model\StoreManagerInterface;
 use Magento\Ui\Component\Form\Field;
 use Magento\Ui\DataProvider\EavValidationRules;
 use Magento\Catalog\Model\CategoryFactory;
 use Magento\Framework\Exception\NoSuchEntityException;
 use Magento\Catalog\Model\Category\Attribute\Backend\Image as ImageBackendModel;
+use Magento\Framework\AuthorizationInterface;
 
 /**
  * Class DataProvider
@@ -112,6 +114,11 @@ class DataProvider extends \Magento\Ui\DataProvider\AbstractDataProvider
      */
     private $categoryFactory;
 
+    /**
+     * @var AuthorizationInterface
+     */
+    private $authorization;
+
     /**
      * DataProvider constructor
      *
@@ -127,6 +134,7 @@ class DataProvider extends \Magento\Ui\DataProvider\AbstractDataProvider
      * @param CategoryFactory $categoryFactory
      * @param array $meta
      * @param array $data
+     * @param AuthorizationInterface|null $authorization
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
@@ -141,7 +149,8 @@ public function __construct(
         \Magento\Framework\App\RequestInterface $request,
         CategoryFactory $categoryFactory,
         array $meta = [],
-        array $data = []
+        array $data = [],
+        AuthorizationInterface $authorization = null
     ) {
         $this->eavValidationRules = $eavValidationRules;
         $this->collection = $categoryCollectionFactory->create();
@@ -151,6 +160,8 @@ public function __construct(
         $this->storeManager = $storeManager;
         $this->request = $request;
         $this->categoryFactory = $categoryFactory;
+        $this->authorization = $authorization ?: ObjectManager::getInstance()->get(AuthorizationInterface::class);
+
         parent::__construct($name, $primaryFieldName, $requestFieldName, $meta, $data);
         $this->meta = $this->prepareMeta($this->meta);
     }
@@ -180,11 +191,20 @@ public function prepareMeta($meta)
      */
     private function prepareFieldsMeta($fieldsMap, $fieldsMeta)
     {
+        $canEditDesign = $this->authorization->isAllowed('Magento_Catalog::edit_category_design');
+
         $result = [];
         foreach ($fieldsMap as $fieldSet => $fields) {
             foreach ($fields as $field) {
                 if (isset($fieldsMeta[$field])) {
-                    $result[$fieldSet]['children'][$field]['arguments']['data']['config'] = $fieldsMeta[$field];
+                    $config = $fieldsMeta[$field];
+                    if (($fieldSet === 'design' || $fieldSet === 'schedule_design_update') && !$canEditDesign) {
+                        $config['required'] = 1;
+                        $config['disabled'] = 1;
+                        $config['serviceDisabled'] = true;
+                    }
+
+                    $result[$fieldSet]['children'][$field]['arguments']['data']['config'] = $config;
                 }
             }
         }

app/code/Magento/Catalog/Model/Product.php

@@ -5,11 +5,14 @@
  */
 namespace Magento\Catalog\Model;
 
+use Magento\Authorization\Model\UserContextInterface;
 use Magento\Catalog\Api\CategoryRepositoryInterface;
 use Magento\Catalog\Api\Data\ProductInterface;
 use Magento\Catalog\Api\ProductLinkRepositoryInterface;
 use Magento\Framework\Api\AttributeValueFactory;
 use Magento\Framework\App\Filesystem\DirectoryList;
+use Magento\Framework\App\ObjectManager;
+use Magento\Framework\AuthorizationInterface;
 use Magento\Framework\DataObject\IdentityInterface;
 use Magento\Framework\Pricing\SaleableInterface;
 use Magento\Catalog\Api\Data\ProductAttributeMediaGalleryEntryInterface;
@@ -347,6 +350,16 @@ class Product extends \Magento\Catalog\Model\AbstractModel implements
      */
     protected $linkTypeProvider;
 
+    /**
+     * @var UserContextInterface
+     */
+    private $userContext;
+
+    /**
+     * @var AuthorizationInterface
+     */
+    private $authorization;
+
     /**
      * Product constructor.
      * @param \Magento\Framework\Model\Context $context
@@ -384,6 +397,8 @@ class Product extends \Magento\Catalog\Model\AbstractModel implements
      * @param \Magento\Framework\Api\DataObjectHelper $dataObjectHelper
      * @param \Magento\Framework\Api\ExtensionAttribute\JoinProcessorInterface $joinProcessor
      * @param array $data
+     * @param UserContextInterface|null $userContext
+     * @param AuthorizationInterface|null $authorization
      *
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      * @SuppressWarnings(PHPMD.UnusedFormalParameter)
@@ -423,7 +438,9 @@ public function __construct(
         EntryConverterPool $mediaGalleryEntryConverterPool,
         \Magento\Framework\Api\DataObjectHelper $dataObjectHelper,
         \Magento\Framework\Api\ExtensionAttribute\JoinProcessorInterface $joinProcessor,
-        array $data = []
+        array $data = [],
+        UserContextInterface $userContext = null,
+        AuthorizationInterface $authorization = null
     ) {
         $this->metadataService = $metadataService;
         $this->_itemOptionFactory = $itemOptionFactory;
@@ -462,6 +479,8 @@ public function __construct(
             $resourceCollection,
             $data
         );
+        $this->userContext = $userContext ?: ObjectManager::getInstance()->get(UserContextInterface::class);
+        $this->authorization = $authorization ?: ObjectManager::getInstance()->get(AuthorizationInterface::class);
     }
 
     /**
@@ -471,7 +490,7 @@ public function __construct(
      */
     protected function _construct()
     {
-        $this->_init('Magento\Catalog\Model\ResourceModel\Product');
+        $this->_init(\Magento\Catalog\Model\ResourceModel\Product::class);
     }
 
     /**
@@ -852,6 +871,21 @@ public function beforeSave()
 
         $this->getTypeInstance()->beforeSave($this);
 
+        //Validate changing of design.
+        $userType = $this->userContext->getUserType();
+        if (($userType === UserContextInterface::USER_TYPE_ADMIN
+                || $userType === UserContextInterface::USER_TYPE_INTEGRATION)
+            && !$this->authorization->isAllowed('Magento_Catalog::edit_product_design')
+        ) {
+            $this->setData('custom_design', $this->getOrigData('custom_design'));
+            $this->setData('page_layout', $this->getOrigData('page_layout'));
+            $this->setData('options_container', $this->getOrigData('options_container'));
+            $this->setData('custom_layout_update', $this->getOrigData('custom_layout_update'));
+            $this->setData('custom_design_from', $this->getOrigData('custom_design_from'));
+            $this->setData('custom_design_to', $this->getOrigData('custom_design_to'));
+            $this->setData('custom_layout', $this->getOrigData('custom_layout'));
+        }
+
         $hasOptions = false;
         $hasRequiredOptions = false;
 

app/code/Magento/Catalog/Model/ResourceModel/Category.php

@@ -983,7 +983,7 @@ protected function _processPositions($category, $newParent, $afterCategoryId)
         if ($afterCategoryId) {
             $select = $connection->select()->from($table, 'position')->where('entity_id = :entity_id');
             $position = $connection->fetchOne($select, ['entity_id' => $afterCategoryId]);
-            $position += 1;
+            $position++;
         } else {
             $position = 1;
         }

app/code/Magento/Catalog/Ui/DataProvider/Product/Form/Modifier/Eav.php

@@ -18,8 +18,10 @@
 use Magento\Eav\Model\ResourceModel\Entity\Attribute\Group\CollectionFactory as GroupCollectionFactory;
 use Magento\Framework\Api\SearchCriteriaBuilder;
 use Magento\Framework\Api\SortOrderBuilder;
+use Magento\Framework\App\ObjectManager;
 use Magento\Framework\App\Request\DataPersistorInterface;
 use Magento\Framework\App\RequestInterface;
+use Magento\Framework\AuthorizationInterface;
 use Magento\Framework\Filter\Translit;
 use Magento\Framework\Stdlib\ArrayManager;
 use Magento\Store\Model\StoreManagerInterface;
@@ -167,6 +169,26 @@ class Eav extends AbstractModifier
      */
     private $localeCurrency;
 
+    /**
+     * @var AuthorizationInterface
+     */
+    private $authorization;
+
+    /**
+     * Product design attribute codes.
+     *
+     * @var array
+     */
+    private $designAttributeCodes = [
+        'custom_design',
+        'page_layout',
+        'options_container',
+        'custom_layout_update',
+        'custom_design_from',
+        'custom_design_to',
+        'custom_layout',
+    ];
+
     /**
      * @param LocatorInterface $locator
      * @param CatalogEavValidationRules $catalogEavValidationRules
@@ -187,6 +209,8 @@ class Eav extends AbstractModifier
      * @param DataPersistorInterface $dataPersistor
      * @param array $attributesToDisable
      * @param array $attributesToEliminate
+     * @param AuthorizationInterface|null $authorization
+     *
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
@@ -208,7 +232,8 @@ public function __construct(
         ScopeOverriddenValue $scopeOverriddenValue,
         DataPersistorInterface $dataPersistor,
         $attributesToDisable = [],
-        $attributesToEliminate = []
+        $attributesToEliminate = [],
+        AuthorizationInterface $authorization = null
     ) {
         $this->locator = $locator;
         $this->catalogEavValidationRules = $catalogEavValidationRules;
@@ -229,6 +254,7 @@ public function __construct(
         $this->dataPersistor = $dataPersistor;
         $this->attributesToDisable = $attributesToDisable;
         $this->attributesToEliminate = $attributesToEliminate;
+        $this->authorization = $authorization ?: ObjectManager::getInstance()->get(AuthorizationInterface::class);
     }
 
     /**
@@ -549,6 +575,7 @@ private function isProductExists()
     public function setupAttributeMeta(ProductAttributeInterface $attribute, $groupCode, $sortOrder)
     {
         $configPath = ltrim(static::META_CONFIG_PATH, ArrayManager::DEFAULT_PATH_DELIMITER);
+        $attributeCode = $attribute->getAttributeCode();
 
         $meta = $this->arrayManager->set($configPath, [], [
             'dataType' => $attribute->getFrontendInput(),
@@ -558,7 +585,7 @@ public function setupAttributeMeta(ProductAttributeInterface $attribute, $groupC
             'notice' => $attribute->getNote(),
             'default' => (!$this->isProductExists()) ? $attribute->getDefaultValue() : null,
             'label' => __($attribute->getDefaultFrontendLabel()),
-            'code' => $attribute->getAttributeCode(),
+            'code' => $attributeCode,
             'source' => $groupCode,
             'scopeLabel' => $this->getScopeLabel($attribute),
             'globalScope' => $this->isScopeGlobal($attribute),
@@ -591,7 +618,7 @@ public function setupAttributeMeta(ProductAttributeInterface $attribute, $groupC
             ]);
         }
 
-        if (in_array($attribute->getAttributeCode(), $this->attributesToDisable)) {
+        if (in_array($attributeCode, $this->attributesToDisable)) {
             $meta = $this->arrayManager->merge($configPath, $meta, [
                 'disabled' => true,
             ]);
@@ -623,6 +650,22 @@ public function setupAttributeMeta(ProductAttributeInterface $attribute, $groupC
                 break;
         }
 
+        //Checking access to design config.
+        if (in_array($attributeCode, $this->designAttributeCodes, true)
+            && !$this->authorization->isAllowed('Magento_Catalog::edit_product_design')
+        ) {
+            $meta = $this->arrayManager->merge(
+                $configPath,
+                $meta,
+                [
+                    'disabled' => true,
+                    'validation' => ['required' => false],
+                    'required' => false,
+                    'serviceDisabled' => true,
+                ]
+            );
+        }
+
         return $meta;
     }