ENGCOM-3725: MUI controller lacks JSON response, instead returns status 200 with empty body #19859

Author: sidolov

app/code/Magento/Ui/Controller/Adminhtml/Index/Render.php

@@ -86,6 +86,18 @@ public function execute()
 
                 $contentType = $this->contentTypeResolver->resolve($component->getContext());
                 $this->getResponse()->setHeader('Content-Type', $contentType, true);
+            } else {
+                /** @var \Magento\Framework\Controller\Result\Json $resultJson */
+                $resultJson = $this->resultJsonFactory->create();
+                $resultJson->setStatusHeader(
+                    \Zend\Http\Response::STATUS_CODE_403,
+                    \Zend\Http\AbstractMessage::VERSION_11,
+                    'Forbidden'
+                );
+                return $resultJson->setData([
+                        'error' => $this->escaper->escapeHtml('Forbidden'),
+                        'errorcode' => 403
+                ]);
             }
         } catch (\Magento\Framework\Exception\LocalizedException $e) {
             $this->logger->critical($e);

app/code/Magento/Ui/Test/Unit/Controller/Adminhtml/Index/RenderTest.php

@@ -3,12 +3,17 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+
 namespace Magento\Ui\Test\Unit\Controller\Adminhtml\Index;
 
+use Magento\Framework\Controller\Result\Json;
+use Magento\Framework\Escaper;
+use Magento\Framework\TestFramework\Unit\Helper\ObjectManager as ObjectManagerHelper;
+use Magento\Framework\View\Element\UiComponent\ContextInterface;
 use Magento\Ui\Controller\Adminhtml\Index\Render;
 use Magento\Ui\Model\UiComponentTypeResolver;
-use Magento\Framework\View\Element\UiComponent\ContextInterface;
-use Magento\Framework\TestFramework\Unit\Helper\ObjectManager as ObjectManagerHelper;
+use Zend\Http\AbstractMessage;
+use Zend\Http\Response;
 
 /**
  * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
@@ -97,6 +102,11 @@ class RenderTest extends \PHPUnit\Framework\TestCase
      */
     private $loggerMock;
 
+    /**
+     * @var Escaper|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $escaperMock;
+
     protected function setUp()
     {
         $this->requestMock = $this->getMockBuilder(\Magento\Framework\App\Request\Http::class)
@@ -170,6 +180,10 @@ protected function setUp()
         $this->uiComponentTypeResolverMock = $this->getMockBuilder(UiComponentTypeResolver::class)
             ->disableOriginalConstructor()
             ->getMock();
+        $this->escaperMock = $this->createMock(Escaper::class);
+        $this->escaperMock->expects($this->any())
+            ->method('escapeHtml')
+            ->willReturnArgument(0);
 
         $this->objectManagerHelper = new ObjectManagerHelper($this);
 
@@ -181,6 +195,7 @@ protected function setUp()
                 'contentTypeResolver' => $this->uiComponentTypeResolverMock,
                 'resultJsonFactory' => $this->resultJsonFactoryMock,
                 'logger' => $this->loggerMock,
+                'escaper' => $this->escaperMock,
             ]
         );
     }
@@ -201,7 +216,7 @@ public function testExecuteAjaxRequestException()
             ->method('appendBody')
             ->willThrowException(new \Exception('exception'));
 
-        $jsonResultMock = $this->getMockBuilder(\Magento\Framework\Controller\Result\Json::class)
+        $jsonResultMock = $this->getMockBuilder(Json::class)
             ->disableOriginalConstructor()
             ->setMethods(['setData'])
             ->getMock();
@@ -290,6 +305,34 @@ public function testExecuteAjaxRequestWithoutPermissions(array $dataProviderConf
         $name = 'test-name';
         $renderedData = '<html>data</html>';
 
+        if (false === $isAllowed) {
+            $jsonResultMock = $this->getMockBuilder(Json::class)
+                ->disableOriginalConstructor()
+                ->setMethods(['setStatusHeader', 'setData'])
+                ->getMock();
+
+            $jsonResultMock->expects($this->at(0))
+                ->method('setStatusHeader')
+                ->with(
+                    Response::STATUS_CODE_403,
+                    AbstractMessage::VERSION_11,
+                    'Forbidden'
+                )
+                ->willReturnSelf();
+
+            $jsonResultMock->expects($this->at(1))
+                ->method('setData')
+                ->with([
+                    'error' => 'Forbidden',
+                    'errorcode' => 403
+                ])
+                ->willReturnSelf();
+
+            $this->resultJsonFactoryMock->expects($this->any())
+                ->method('create')
+                ->willReturn($jsonResultMock);
+        }
+
         $this->requestMock->expects($this->any())
             ->method('getParam')
             ->with('namespace')

dev/tests/functional/tests/app/Magento/Backend/Test/Page/Adminhtml/Dashboard.xml

@@ -17,5 +17,6 @@
         <block name="accessDeniedBlock" class="Magento\Backend\Test\Block\Denied" locator="#anchor-content" strategy="css selector" />
         <block name="systemMessageDialog" class="Magento\AdminNotification\Test\Block\System\Messages" locator='.ui-popup-message .modal-inner-wrap' strategy="css selector" />
         <block name="applicationVersion" class="Magento\Backend\Test\Block\Version" locator="body" strategy="css selector" />
+        <block name="modalMessage" class="Magento\Ui\Test\Block\Adminhtml\Modal" locator=".modal-popup>.modal-inner-wrap" strategy="css selector" />
     </page>
 </config>

dev/tests/functional/tests/app/Magento/User/Test/Constraint/AssertUserRoleRestrictedAccess.php

@@ -10,6 +10,7 @@
 use Magento\Mtf\Client\BrowserInterface;
 use Magento\Mtf\Constraint\AbstractConstraint;
 use Magento\User\Test\Fixture\User;
+use Magento\User\Test\TestStep\LoginUserOnBackendWithErrorStep;
 
 /**
  * Asserts that user has only related permissions.
@@ -18,6 +19,8 @@ class AssertUserRoleRestrictedAccess extends AbstractConstraint
 {
     const DENIED_ACCESS = 'Sorry, you need permissions to view this content.';
 
+    protected $loginStep = 'Magento\User\Test\TestStep\LoginUserOnBackendStep';
+
     /**
      * Asserts that user has only related permissions.
      *
@@ -36,7 +39,7 @@ public function processAssert(
         $denyUrl
     ) {
         $this->objectManager->create(
-            \Magento\User\Test\TestStep\LoginUserOnBackendStep::class,
+            $this->loginStep,
             ['user' => $user]
         )->run();
 

dev/tests/functional/tests/app/Magento/User/Test/Constraint/AssertUserRoleRestrictedAccessWithError.php

@@ -0,0 +1,17 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\User\Test\Constraint;
+
+/**
+ * @inheritdoc
+ */
+class AssertUserRoleRestrictedAccessWithError extends AssertUserRoleRestrictedAccess
+{
+    protected $loginStep = 'Magento\User\Test\TestStep\LoginUserOnBackendWithErrorStep';
+}

dev/tests/functional/tests/app/Magento/User/Test/Constraint/AssertUserSuccessLogin.php

@@ -7,14 +7,20 @@
 namespace Magento\User\Test\Constraint;
 
 use Magento\Backend\Test\Page\Adminhtml\Dashboard;
-use Magento\User\Test\Fixture\User;
 use Magento\Mtf\Constraint\AbstractConstraint;
+use Magento\User\Test\Fixture\User;
+use Magento\User\Test\TestStep\LoginUserOnBackendStep;
 
 /**
  * Verify whether customer has logged in to the Backend.
  */
 class AssertUserSuccessLogin extends AbstractConstraint
 {
+    /**
+     * @var string
+     */
+    protected $loginStep = LoginUserOnBackendStep::class;
+
     /**
      * Verify whether customer has logged in to the Backend.
      *
@@ -25,7 +31,7 @@ class AssertUserSuccessLogin extends AbstractConstraint
     public function processAssert(User $user, Dashboard $dashboard)
     {
         $this->objectManager->create(
-            \Magento\User\Test\TestStep\LoginUserOnBackendStep::class,
+            $this->loginStep,
             ['user' => $user]
         )->run();
         \PHPUnit\Framework\Assert::assertTrue(

dev/tests/functional/tests/app/Magento/User/Test/Constraint/AssertUserSuccessLoginWithError.php

@@ -0,0 +1,20 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\User\Test\Constraint;
+
+use Magento\User\Test\TestStep\LoginUserOnBackendWithErrorStep;
+
+/**
+ * Verify whether customer has logged in to the Backend with error alert.
+ */
+class AssertUserSuccessLoginWithError extends AssertUserSuccessLogin
+{
+    /**
+     * @var string
+     */
+    protected $loginStep = LoginUserOnBackendWithErrorStep::class;
+}

dev/tests/functional/tests/app/Magento/User/Test/TestCase/UpdateAdminUserEntityTest.xml

@@ -32,7 +32,7 @@
             <constraint name="Magento\User\Test\Constraint\AssertUserInGrid" />
             <constraint name="Magento\User\Test\Constraint\AssertUserSuccessLogOut" />
             <constraint name="Magento\User\Test\Constraint\AssertUserSuccessLogin" />
-            <constraint name="Magento\User\Test\Constraint\AssertUserRoleRestrictedAccess" />
+            <constraint name="Magento\User\Test\Constraint\AssertUserRoleRestrictedAccessWithError" />
         </variation>
     </testCase>
 </config>

dev/tests/functional/tests/app/Magento/User/Test/TestCase/UpdateAdminUserRoleEntityTest.php

@@ -121,6 +121,11 @@ public function testUpdateAdminUserRolesEntity(
      */
     public function tearDown()
     {
+        sleep(3);
+        $modalMessage = $this->dashboard->getModalMessage();
+        if ($modalMessage->isVisible()) {
+            $modalMessage->acceptAlert();
+        }
         $this->dashboard->getAdminPanelHeader()->logOut();
     }
 }

dev/tests/functional/tests/app/Magento/User/Test/TestCase/UpdateAdminUserRoleEntityTest.xml

@@ -29,8 +29,8 @@
             <constraint name="Magento\User\Test\Constraint\AssertRoleSuccessSaveMessage" />
             <constraint name="Magento\User\Test\Constraint\AssertRoleInGrid" />
             <constraint name="Magento\User\Test\Constraint\AssertUserSuccessLogOut" />
-            <constraint name="Magento\User\Test\Constraint\AssertUserSuccessLogin" />
-            <constraint name="Magento\User\Test\Constraint\AssertUserRoleRestrictedAccess" />
+            <constraint name="Magento\User\Test\Constraint\AssertUserSuccessLoginWithError"/>
+            <constraint name="Magento\User\Test\Constraint\AssertUserRoleRestrictedAccessWithError" />
         </variation>
         <variation name="UpdateAdminUserRoleEntityTestVariation3">
             <data name="user/dataset" xsi:type="string">custom_admin_with_default_role</data>