Merge remote-tracking branch 'mainlineCE/develop' into MAGETWO-36367-fix-messages-setup-cli

# Conflicts:
#	setup/src/Magento/Setup/Test/Unit/Console/Command/AdminUserCreateCommandTest.php

Author: Fred Sung

.htaccess

@@ -36,7 +36,6 @@
 ############################################
 ## adjust memory limit
 
-#    php_value memory_limit 64M
     php_value memory_limit 768M
     php_value max_execution_time 18000
 

CHANGELOG.md

@@ -1,3 +1,78 @@
+0.74.0-beta12
+=============
+* MTF Improvements:
+    * Functional tests maintenance
+* Framework improvements:
+    * Customer entity table was transformed from EAV into a flat model to minimize DB operations
+    * Improved admin authentication and removed bypass
+    * Exposed CMS api's as web API
+* Fixed bugs:
+    * Fixed an issue where "Add Item To Return" button became disabled after required item fields were filled on Frontend
+    * Fixed an issue with fatal error during place order with non default time zone
+    * Fixed an issue where it was not possible to filter backups on name
+    * Fixed an issue where routeIdType did not allow numbers
+    * Fixed an issue with discounted prices for fixed bundle product
+    * Fixed an issue with catalog prices not including custom option prices
+    * Fixed an issue with tier prices being displayed 4 characters
+    * Fixed an issue with extra FPT labels in mini shopping cart
+    * Fixed an issue where it was not possible to place orders for products with FPT and catalog prices including tax
+    * Fixed an issue with FPT attribute being required when creating product
+    * Fixed an issue where final price was not recalculated after selecting product options
+    * Fixed an issue where tax labels were not displayed for Bundle options on 'multi-select' and 'dropdown' controls
+    * Fixed an issue where filters were not shown on product reviews report grid
+    * Fixed an issue where second customer address was not deleted from customer account
+    * Fixed an issue where custom options pop-up was still displayed after submit
+    * Fixed an issue where Second Product was not added to Shopping Cart from Wishlist at first atempt
+    * Fixed an issue where customer invalid email message was not displayed
+    * Fixed an issue where All Access Tokens for Customer without Tokens could not be revoked
+    * Fixed an issue where it was impossible to add Product to Shopping Cart from shared Wishlist
+    * Magento_Sendfriend module should have upper case 'F'
+    * Fixed set of issues with Ui module
+    * Fixed JavaScript error on Invoice creation page
+* Various improvements:
+    * Hide payment credentials in debug log
+    * Simplification of Payment Configuration
+    * Introduced new Dialog widget
+* Github issues:
+    * [#1330](https://github.com/magento/magento2/pull/1330) -- Removing unused memory limit in htaccess
+    * [#1307](https://github.com/magento/magento2/pull/1307) -- Corrected a sentence by removing a word
+
+0.74.0-beta11
+=============
+* Framework improvements:
+    * Improved component Bookmarks component in scope of Enhanced Data Grids on CMS
+    * Improved component Advanced Filtering component in scope of Enhanced Data Grids on CMS
+* Fixed bugs:
+    * Fixed an issue where incorrect keys in REST request body allowed the request to go through successfully
+    * Fixed an issue where interceptors were Generated with Invalid __wakeup() 
+    * Fixed an issue where redirect on the current page was not working in certain conditions
+    * Fixed an issue where first store could not be selected on frontend
+    * Fixed an issue with performance toolkit category creation
+    * Fixed an issue when columns 'Interval', 'Price Rule' had incorrect values in Coupon Usage report
+    * Fixed an issue where fatal error occured on Abandoned Carts report grid
+    * Fixed an issue where it was not possible to add product to shopping cart if Use Secure URLs in Frontend = Yes
+    * Fixed an issue where email was not required during Guest Checkout 
+    * Fixed broken ability to skip reindex in `bin/magento setup:performance:generate-fixtures` command
+    * Fixed an issue where `bin/magento indexer:reindex` command failed after `bin/magento setup:di:compile` was run
+    * Fixed bug with broken JS i18n
+    * Fixed an issue with wrong value at created_at updated_at fields after quote* save
+    * Fixed an issue where customer could not be created in backend after adding Image type attribute
+    * Fixed Sales InvoiceItem and Order data interfaces implementation
+    * Fixed an issue with performance toolkit medium profile
+    * Fixed an issue where Excel Formula Injection via CSV/XML export
+    * Fixed an issue where it was not possible to open the Customers page in backend
+    * Fixed an issue with internal server error after clicking Continue on Billing information
+    * Fixed an issue where it was not possible to place order with Fedex shipping method
+* Various changes:
+    * Magento Centinel Removal
+    * Removed ability to have multi-statement queries
+* Test coverage:
+    * Unit tests coverage
+    * Covered php code by unit tests after new checkout implementation
+* Github issues:
+    * [#424](https://github.com/magento/magento2/issues/424) -- Combine tier pricing messages into block sentences
+    * [#1300](https://github.com/magento/magento2/issues/1300), [#1311](https://github.com/magento/magento2/issues/1311), [#1313](https://github.com/magento/magento2/issues/1313) -- Creating product error with startdate
+
 0.74.0-beta10
 =============
 * Framework improvements:

Gruntfile.js

@@ -68,12 +68,17 @@ module.exports = function (grunt) {
             'less:luma',
             'less:backend'
         ],
+
         /**
          * Documentation
          */
         documentation: [
+            'replace:documentation',
             'less:documentation',
             'styledocco:documentation',
+            'usebanner:documentationCss',
+            'usebanner:documentationLess',
+            'usebanner:documentationHtml',
             'clean:var',
             'clean:pub'
         ],
@@ -82,12 +87,6 @@ module.exports = function (grunt) {
             'mage-minify:legacy'
         ],
 
-        'documentation-banners': [
-            'usebanner:documentationCss',
-            'usebanner:documentationLess',
-            'usebanner:documentationHtml'
-        ],
-
         spec: function (theme) {
             var runner = require('./dev/tests/js/jasmine/spec_runner');
 

README.md

@@ -61,7 +61,7 @@ After verifying your prerequisites, perform the following tasks in order to prep
 <h2>Contributing to the Magento 2 code base</h2>
 Contributions can take the form of new components or features, changes to existing features, tests, documentation (such as developer guides, user guides, examples, or specifications), bug fixes, optimizations, or just good suggestions.
 
-To make learn about how to make a contribution, click [here][1].
+To learn about how to make a contribution, click [here][1].
 
 To learn about issues, click [here][2]. To open an issue, click [here][3].
 

app/code/Magento/AdminNotification/composer.json

@@ -3,15 +3,15 @@
     "description": "N/A",
     "require": {
         "php": "~5.5.0|~5.6.0",
-        "magento/module-store": "0.74.0-beta10",
-        "magento/module-backend": "0.74.0-beta10",
-        "magento/module-media-storage": "0.74.0-beta10",
-        "magento/framework": "0.74.0-beta10",
+        "magento/module-store": "0.74.0-beta12",
+        "magento/module-backend": "0.74.0-beta12",
+        "magento/module-media-storage": "0.74.0-beta12",
+        "magento/framework": "0.74.0-beta12",
         "lib-libxml": "*",
         "magento/magento-composer-installer": "*"
     },
     "type": "magento2-module",
-    "version": "0.74.0-beta10",
+    "version": "0.74.0-beta12",
     "license": [
         "OSL-3.0",
         "AFL-3.0"

app/code/Magento/Authorization/composer.json

@@ -3,12 +3,12 @@
     "description": "Authorization module provides access to Magento ACL functionality.",
     "require": {
         "php": "~5.5.0|~5.6.0",
-        "magento/module-backend": "0.74.0-beta10",
-        "magento/framework": "0.74.0-beta10",
+        "magento/module-backend": "0.74.0-beta12",
+        "magento/framework": "0.74.0-beta12",
         "magento/magento-composer-installer": "*"
     },
     "type": "magento2-module",
-    "version": "0.74.0-beta10",
+    "version": "0.74.0-beta12",
     "license": [
         "OSL-3.0",
         "AFL-3.0"

app/code/Magento/Backend/App/AbstractAction.php

@@ -22,6 +22,11 @@ abstract class AbstractAction extends \Magento\Framework\App\Action\Action
      */
     const SESSION_NAMESPACE = 'adminhtml';
 
+    /**
+     * Authorization level of a basic admin session
+     */
+    const ADMIN_RESOURCE = 'Magento_Backend::admin';
+
     /**
      * Array of actions which can be processed without secret key validation
      *
@@ -97,7 +102,7 @@ public function __construct(Action\Context $context)
      */
     protected function _isAllowed()
     {
-        return true;
+        return $this->_authorization->isAllowed(self::ADMIN_RESOURCE);
     }
 
     /**
@@ -228,14 +233,10 @@ public function dispatch(\Magento\Framework\App\RequestInterface $request)
      */
     protected function _isUrlChecked()
     {
-        return !$this->_actionFlag->get(
-            '',
-            self::FLAG_IS_URLS_CHECKED
-        ) && !$this->getRequest()->getParam(
-            'forwarded'
-        ) && !$this->_getSession()->getIsUrlNotice(
-            true
-        ) && !$this->_canUseBaseUrl;
+        return !$this->_actionFlag->get('', self::FLAG_IS_URLS_CHECKED)
+        && !$this->getRequest()->isForwarded()
+        && !$this->_getSession()->getIsUrlNotice(true)
+        && !$this->_canUseBaseUrl;
     }
 
     /**

app/code/Magento/Backend/App/Action/Plugin/Authentication.php

@@ -147,46 +147,25 @@ protected function _processNotLoggedInUser(\Magento\Framework\App\RequestInterfa
         if ($request->getPost('login') && $this->_performLogin($request)) {
             $isRedirectNeeded = $this->_redirectIfNeededAfterLogin($request);
         }
-        if (!$isRedirectNeeded && !$request->getParam('forwarded')) {
+        if (!$isRedirectNeeded && !$request->isForwarded()) {
             if ($request->getParam('isIframe')) {
-                $request->setParam(
-                    'forwarded',
-                    true
-                )->setRouteName(
-                    'adminhtml'
-                )->setControllerName(
-                    'auth'
-                )->setActionName(
-                    'deniedIframe'
-                )->setDispatched(
-                    false
-                );
+                $request->setForwarded(true)
+                    ->setRouteName('adminhtml')
+                    ->setControllerName('auth')
+                    ->setActionName('deniedIframe')
+                    ->setDispatched(false);
             } elseif ($request->getParam('isAjax')) {
-                $request->setParam(
-                    'forwarded',
-                    true
-                )->setRouteName(
-                    'adminhtml'
-                )->setControllerName(
-                    'auth'
-                )->setActionName(
-                    'deniedJson'
-                )->setDispatched(
-                    false
-                );
+                $request->setForwarded(true)
+                    ->setRouteName('adminhtml')
+                    ->setControllerName('auth')
+                    ->setActionName('deniedJson')
+                    ->setDispatched(false);
             } else {
-                $request->setParam(
-                    'forwarded',
-                    true
-                )->setRouteName(
-                    'adminhtml'
-                )->setControllerName(
-                    'auth'
-                )->setActionName(
-                    'login'
-                )->setDispatched(
-                    false
-                );
+                $request->setForwarded(true)
+                    ->setRouteName('adminhtml')
+                    ->setControllerName('auth')
+                    ->setActionName('login')
+                    ->setDispatched(false);
             }
         }
     }

app/code/Magento/Backend/Block/Dashboard.php

@@ -31,15 +31,22 @@ protected function _prepareLayout()
 
         $this->addChild('sales', 'Magento\Backend\Block\Dashboard\Sales');
 
-        if ($this->_scopeConfig->getValue(self::XML_PATH_ENABLE_CHARTS, \Magento\Store\Model\ScopeInterface::SCOPE_STORE)) {
+        $isChartEnabled = $this->_scopeConfig->getValue(
+            self::XML_PATH_ENABLE_CHARTS,
+            \Magento\Store\Model\ScopeInterface::SCOPE_STORE
+        );
+        if ($isChartEnabled) {
             $block = $this->getLayout()->createBlock('Magento\Backend\Block\Dashboard\Diagrams');
         } else {
             $block = $this->getLayout()->createBlock(
                 'Magento\Backend\Block\Template'
             )->setTemplate(
                 'dashboard/graph/disabled.phtml'
             )->setConfigUrl(
-                $this->getUrl('adminhtml/system_config/edit', ['section' => 'admin'])
+                $this->getUrl(
+                    'adminhtml/system_config/edit',
+                    ['section' => 'admin', '_fragment' => 'admin_dashboard-link']
+                )
             );
         }
         $this->setChild('diagrams', $block);

app/code/Magento/Backend/Controller/Adminhtml/Index/GlobalSearch.php

@@ -48,7 +48,7 @@ public function execute()
             $items[] = [
                 'id' => 'error',
                 'type' => __('Error'),
-                'name' => __('Access Denied'),
+                'name' => __('Access Denied.'),
                 'description' => __('You need more permissions to do this.'),
             ];
         } else {