Merge branch '2.3.7-develop' of github.com:magento/magento2ce into cia-2.3.7-2102021-CE

Author: admanesachin

app/code/Magento/Customer/Model/AccountManagement.php

@@ -55,6 +55,7 @@
 use Magento\Store\Model\ScopeInterface;
 use Magento\Store\Model\StoreManagerInterface;
 use Psr\Log\LoggerInterface as PsrLogger;
+use Magento\Framework\AuthorizationInterface;
 
 /**
  * Handle various customer account actions
@@ -205,6 +206,13 @@ class AccountManagement implements AccountManagementInterface
      */
     const MIN_PASSWORD_LENGTH = 6;
 
+    /**
+     * Authorization level of a basic admin session
+     *
+     * @see _isAllowed()
+     */
+    const ADMIN_RESOURCE = 'Magento_Customer::manage';
+
     /**
      * @var CustomerFactory
      */
@@ -375,6 +383,11 @@ class AccountManagement implements AccountManagementInterface
      */
     private $sessionCleaner;
 
+    /**
+     * @var AuthorizationInterface
+     */
+    protected $authorization;
+
     /**
      * @param CustomerFactory $customerFactory
      * @param ManagerInterface $eventManager
@@ -410,6 +423,7 @@ class AccountManagement implements AccountManagementInterface
      * @param GetCustomerByToken|null $getByToken
      * @param AllowedCountries|null $allowedCountriesReader
      * @param SessionCleanerInterface|null $sessionCleaner
+     * @param AuthorizationInterface|null $authorization
      * @SuppressWarnings(PHPMD.CyclomaticComplexity)
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      * @SuppressWarnings(PHPMD.NPathComplexity)
@@ -450,7 +464,8 @@ public function __construct(
         AddressRegistry $addressRegistry = null,
         GetCustomerByToken $getByToken = null,
         AllowedCountries $allowedCountriesReader = null,
-        SessionCleanerInterface $sessionCleaner = null
+        SessionCleanerInterface $sessionCleaner = null,
+        AuthorizationInterface $authorization = null
     ) {
         $this->customerFactory = $customerFactory;
         $this->eventManager = $eventManager;
@@ -490,6 +505,7 @@ public function __construct(
         $this->allowedCountriesReader = $allowedCountriesReader
             ?: $objectManager->get(AllowedCountries::class);
         $this->sessionCleaner = $sessionCleaner ?? $objectManager->get(SessionCleanerInterface::class);
+        $this->authorization = $authorization ?? $objectManager->get(AuthorizationInterface::class);
     }
 
     /**
@@ -833,6 +849,11 @@ public function getConfirmationStatus($customerId)
      */
     public function createAccount(CustomerInterface $customer, $password = null, $redirectUrl = '')
     {
+        $groupId = $customer->getGroupId();
+        if (isset($groupId) && !$this->authorization->isAllowed(self::ADMIN_RESOURCE)) {
+            $customer->setGroupId(null);
+        }
+
         if ($password !== null) {
             $this->checkPasswordStrength($password);
             $customerEmail = $customer->getEmail();