MAGETWO-98202: Additional Permissions for Design settings

Author: StasKozar

app/code/Magento/Catalog/Model/Category.php

@@ -948,6 +948,7 @@ public function beforeSave()
         ) {
             foreach ($this->_designAttributes as $attributeCode) {
                 $this->setData($attributeCode, $this->getOrigData($attributeCode));
+                $this->setCustomAttribute($attributeCode, $this->getOrigData($attributeCode));
             }
         }
 

dev/tests/integration/testsuite/Magento/Catalog/Model/CategoryRepositoryTest.php

@@ -8,6 +8,8 @@
 
 use Magento\Backend\Model\Auth;
 use Magento\Catalog\Api\CategoryRepositoryInterface;
+use Magento\Catalog\Api\Data\CategoryInterface;
+use Magento\Catalog\Api\Data\CategoryInterfaceFactory;
 use Magento\Framework\Acl\Builder;
 use Magento\Framework\Acl\CacheInterface;
 use Magento\TestFramework\Helper\Bootstrap;
@@ -40,6 +42,11 @@ class CategoryRepositoryTest extends \PHPUnit_Framework_TestCase
      */
     private $aclCache;
 
+    /**
+     * @var CategoryInterfaceFactory
+     */
+    private $categoryFactory;
+
     /**
      * Sets up common objects.
      *
@@ -51,6 +58,8 @@ protected function setUp()
         $this->authorization = Bootstrap::getObjectManager()->get(Auth::class);
         $this->aclBuilder = Bootstrap::getObjectManager()->get(Builder::class);
         $this->aclCache = Bootstrap::getObjectManager()->get(CacheInterface::class);
+        $this->categoryFactory = Bootstrap::getObjectManager()->get(CategoryInterfaceFactory::class);
+        $this->authorization->login(TestBootstrap::ADMIN_NAME, TestBootstrap::ADMIN_PASSWORD);
     }
 
     /**
@@ -67,6 +76,7 @@ protected function tearDown()
     /**
      * Test authorization when saving category's design settings.
      *
+     * @return CategoryInterface
      * @magentoDataFixture Magento/Catalog/_files/category.php
      * @magentoAppArea adminhtml
      * @magentoDbIsolation enabled
@@ -75,14 +85,14 @@ protected function tearDown()
     public function testSaveDesign()
     {
         $category = $this->repository->get(333);
-        $this->authorization->login(TestBootstrap::ADMIN_NAME, TestBootstrap::ADMIN_PASSWORD);
 
         //Admin doesn't have access to category's design.
         $this->aclBuilder->getAcl()->deny(null, 'Magento_Catalog::edit_category_design');
 
         $category->setCustomAttribute('custom_design', 2);
         $category = $this->repository->save($category);
-        $this->assertEmpty($category->getCustomAttribute('custom_design'));
+        $customDesignAttribute = $category->getCustomAttribute('custom_design');
+        $this->assertTrue(!$customDesignAttribute || !$customDesignAttribute->getValue());
 
         //Admin has access to category' design.
         $this->aclBuilder->getAcl()
@@ -92,5 +102,32 @@ public function testSaveDesign()
         $category = $this->repository->save($category);
         $this->assertNotEmpty($category->getCustomAttribute('custom_design'));
         $this->assertEquals(2, $category->getCustomAttribute('custom_design')->getValue());
+
+        return $category;
+    }
+
+    /**
+     * Test authorization when saving category's design settings with restricted permission.
+     *
+     * @param CategoryInterface $category
+     * @return void
+     * @magentoAppArea adminhtml
+     * @magentoDbIsolation enabled
+     * @magentoAppIsolation enabled
+     * @depends testSaveDesign
+     */
+    public function testSaveDesignWithRestrictedPermission(CategoryInterface $category)
+    {
+        /** @var CategoryInterface $newCategory */
+        $newCategory = $this->categoryFactory->create();
+        $newCategory->setName('new category without design');
+        $newCategory->setParentId($category->getParentId());
+        $newCategory->setIsActive(true);
+        $this->aclBuilder->getAcl()->deny(null, 'Magento_Catalog::edit_category_design');
+        $newCategory->setCustomAttribute('custom_design', 2);
+        $newCategory = $this->repository->save($newCategory);
+        $customDesignAttribute = $newCategory->getCustomAttribute('custom_design');
+
+        $this->assertTrue(!$customDesignAttribute || !$customDesignAttribute->getValue());
     }
 }