MAGETWO-95364: Magento\Ui\Controller\Adminhtml\Index\Render\Handle controller

StasKozar · StasKozar · commit e89608b598d3 · 2018-10-25T08:47:13.000+03:00
diff --git a/app/code/Magento/Ui/Controller/Adminhtml/Index/Render/Handle.php b/app/code/Magento/Ui/Controller/Adminhtml/Index/Render/Handle.php
@@ -9,33 +9,82 @@
 use Magento\Ui\Component\Control\ActionPool;
 use Magento\Ui\Component\Wrapper\UiComponent;
 use Magento\Ui\Controller\Adminhtml\AbstractAction;
+use Magento\Backend\App\Action\Context;
+use Magento\Framework\View\Element\UiComponent\Config\ManagerInterface;
+use Magento\Framework\View\Element\UiComponentFactory;
+use Magento\Framework\App\ObjectManager;
 
 /**
  * Class Handle
  */
 class Handle extends AbstractAction
 {
+    /**
+     * @var ManagerInterface
+     */
+    private $componentManager;
+
+    /**
+     * @param Context $context
+     * @param UiComponentFactory $factory
+     * @param ManagerInterface|null $componentManager
+     */
+    public function __construct(
+        Context $context,
+        UiComponentFactory $factory,
+        ManagerInterface $componentManager = null
+    ) {
+        parent::__construct($context, $factory);
+        $this->componentManager = $componentManager ?: ObjectManager::getInstance()->get(ManagerInterface::class);
+    }
+
     /**
      * Render UI component by namespace in handle context
      *
      * @return void
      */
     public function execute()
     {
+        $response = '';
         $handle = $this->_request->getParam('handle');
         $namespace = $this->_request->getParam('namespace');
         $buttons = $this->_request->getParam('buttons', false);
-
         $this->_view->loadLayout(['default', $handle], true, true, false);
+        $layout = $this->_view->getLayout();
+        $config = $this->componentManager->getData($namespace);
 
-        $uiComponent = $this->_view->getLayout()->getBlock($namespace);
-        $response = $uiComponent instanceof UiComponent ? $uiComponent->toHtml() : '';
+        if ($this->validateAclResource($config[$namespace])) {
+            $uiComponent = $layout->getBlock($namespace);
+            $response = $uiComponent instanceof UiComponent ? $uiComponent->toHtml() : '';
+        }
 
         if ($buttons) {
-            $actionsToolbar = $this->_view->getLayout()->getBlock(ActionPool::ACTIONS_PAGE_TOOLBAR);
+            $actionsToolbar = $layout->getBlock(ActionPool::ACTIONS_PAGE_TOOLBAR);
             $response .= $actionsToolbar instanceof Template ? $actionsToolbar->toHtml() : '';
         }
 
         $this->_response->appendBody($response);
     }
+
+    /**
+     * Optionally validate ACL resource of components.
+     *
+     * @param mixed $dataProviderConfigData
+     * @return bool
+     */
+    private function validateAclResource($dataProviderConfigData)
+    {
+        $aclResource = isset($dataProviderConfigData['arguments']['data']['acl'])
+            ? $dataProviderConfigData['arguments']['data']['acl']
+            : false;
+        if ($aclResource !== false && !$this->_authorization->isAllowed($aclResource)
+        ) {
+            if (!$this->_request->isAjax()) {
+                $this->_redirect('admin/denied');
+            }
+            return false;
+        }
+
+        return true;
+    }
 }
diff --git a/app/code/Magento/Ui/Test/Unit/Controller/Adminhtml/Index/Render/HandleTest.php b/app/code/Magento/Ui/Test/Unit/Controller/Adminhtml/Index/Render/HandleTest.php
@@ -5,8 +5,21 @@
  */
 namespace Magento\Ui\Test\Unit\Controller\Adminhtml\Index\Render;
 
+use Magento\Backend\App\Action\Context;
+use Magento\Framework\App\Request\Http;
+use Magento\Framework\App\ViewInterface;
+use Magento\Framework\AuthorizationInterface;
+use Magento\Framework\HTTP\PhpEnvironment\Response;
+use Magento\Framework\View\Element\Template;
+use Magento\Framework\View\Element\UiComponent\Config\ManagerInterface;
+use Magento\Framework\View\Element\UiComponentFactory;
+use Magento\Framework\View\LayoutInterface;
+use Magento\Ui\Component\Wrapper\UiComponent;
 use Magento\Ui\Controller\Adminhtml\Index\Render\Handle;
 
+/**
+ * Test for Magento\Ui\Controller\Adminhtml\Index\Render\Handle class.
+ */
 class HandleTest extends \PHPUnit_Framework_TestCase
 {
     /**
@@ -39,62 +52,181 @@ class HandleTest extends \PHPUnit_Framework_TestCase
      */
     protected $controller;
 
+    /**
+     * @var ManagerInterface|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $uiComponentManagerMock;
+
+    /**
+     * @var UiComponent|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $uiComponentMock;
+
+    /**
+     * @var AuthorizationInterface|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $authorizationMock;
+
+    /**
+     * @var LayoutInterface|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $layoutMock;
+
+    /**
+     * @inheritdoc
+     */
     public function setUp()
     {
-        $this->contextMock = $this->getMock('Magento\Backend\App\Action\Context', [], [], '', false);
-        $this->componentFactoryMock = $this->getMock(
-            'Magento\Framework\View\Element\UiComponentFactory',
-            [],
-            [],
-            '',
-            false
-        );
-
-        $this->requestMock = $this->getMock('Magento\Framework\App\RequestInterface');
+        $this->contextMock = $this->getMockBuilder(Context::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->componentFactoryMock = $this->getMockBuilder(UiComponentFactory::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->requestMock = $this->getMockBuilder(Http::class)
+            ->disableOriginalConstructor()
+            ->getMock();
         $this->contextMock->expects($this->atLeastOnce())->method('getRequest')->willReturn($this->requestMock);
-
-        $this->responseMock = $this->getMock('Magento\Framework\HTTP\PhpEnvironment\Response', [], [], '', false);
+        $this->responseMock = $this->getMockBuilder(Response::class)
+            ->disableOriginalConstructor()
+            ->getMock();
         $this->contextMock->expects($this->atLeastOnce())->method('getResponse')->willReturn($this->responseMock);
-
-        $this->viewMock = $this->getMock('Magento\Framework\App\ViewInterface');
+        $this->authorizationMock = $this->getMock(AuthorizationInterface::class);
+        $this->viewMock = $this->getMockBuilder(ViewInterface::class)
+            ->disableOriginalConstructor()
+            ->getMock();
         $this->contextMock->expects($this->atLeastOnce())->method('getView')->willReturn($this->viewMock);
-
-        $this->controller = new Handle($this->contextMock, $this->componentFactoryMock);
+        $this->contextMock->expects($this->atLeastOnce())
+            ->method('getAuthorization')
+            ->willReturn($this->authorizationMock);
+        $this->uiComponentManagerMock = $this->getMockForAbstractClass(ManagerInterface::class);
+        $this->uiComponentMock = $this->getMockBuilder(UiComponent::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->layoutMock = $this->getMockBuilder(LayoutInterface::class)
+            ->disableOriginalConstructor()
+            ->getMockForAbstractClass();
+
+        $this->controller = new Handle($this->contextMock, $this->componentFactoryMock, $this->uiComponentManagerMock);
 
     }
 
+    /**
+     * @return void
+     */
     public function testExecuteNoButtons()
     {
-        $result = '';
-        $this->requestMock->expects($this->exactly(3))->method('getParam')->willReturn($result);
+        $isButtonExist = false;
+        $isAllowed = true;
+        $result = 'content';
 
-        $this->viewMock->expects($this->once())
-            ->method('loadLayout')
-            ->with(['default', $result], true, true, false);
-        $layoutMock = $this->getMock('\Magento\Framework\View\LayoutInterface');
-        $this->viewMock->expects($this->once())->method('getLayout')->willReturn($layoutMock);
+        $this->prepareLayoutData($isButtonExist, $isAllowed);
 
-        $layoutMock->expects($this->once())->method('getBlock');
+        $this->layoutMock->expects($this->once())
+            ->method('getBlock')
+            ->with('customer_listing')
+            ->willReturn($this->uiComponentMock);
+        $this->uiComponentMock->expects($this->once())->method('toHtml')->willReturn($result);
+        $this->responseMock->expects($this->once())->method('appendBody')->with($result);
 
-        $this->responseMock->expects($this->once())->method('appendBody')->with('');
         $this->controller->execute();
     }
 
-    public function testExecute()
+    /**
+     * @return void
+     */
+    public function testExecuteWithButtons()
     {
-        $result = 'SomeRequestParam';
-        $this->requestMock->expects($this->exactly(3))->method('getParam')->willReturn($result);
+        $isButtonExist = true;
+        $isAllowed = true;
+        $uiContent = 'content';
+        $buttonContent = 'button';
+        $templateMock = $this->getMockBuilder(Template::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        $this->prepareLayoutData($isButtonExist, $isAllowed);
+
+        $this->layoutMock->expects($this->at(0))
+            ->method('getBlock')
+            ->with('customer_listing')
+            ->willReturn($this->uiComponentMock);
+        $this->uiComponentMock->expects($this->once())->method('toHtml')->willReturn($uiContent);
+        $this->layoutMock->expects($this->at(1))
+            ->method('getBlock')
+            ->with('page.actions.toolbar')
+            ->willReturn($templateMock);
+        $templateMock->expects($this->once())->method('toHtml')->willReturn($buttonContent);
+        $this->responseMock->expects($this->once())->method('appendBody')->with($uiContent . $buttonContent);
 
-        $this->viewMock->expects($this->once())
-            ->method('loadLayout')
-            ->with(['default', $result], true, true, false);
-
-        $layoutMock = $this->getMock('\Magento\Framework\View\LayoutInterface');
-        $this->viewMock->expects($this->exactly(2))->method('getLayout')->willReturn($layoutMock);
-
-        $layoutMock->expects($this->exactly(2))->method('getBlock');
+        $this->controller->execute();
+    }
 
+    /**
+     * @return void
+     */
+    public function testExecuteWithoutPermissions()
+    {
+        $isButtonExist = false;
+        $isAllowed = false;
+
+        $this->prepareLayoutData($isButtonExist, $isAllowed);
+
+        $this->requestMock->expects($this->once())
+            ->method('isAjax')
+            ->willReturn(true);
+        $this->layoutMock->expects($this->never())
+            ->method('getBlock')
+            ->willReturn($this->uiComponentMock);
+        $this->uiComponentMock->expects($this->never())->method('toHtml');
         $this->responseMock->expects($this->once())->method('appendBody')->with('');
+
         $this->controller->execute();
     }
+
+    /**
+     * @param bool $isButtonExist
+     * @param bool $isAllowed
+     * @return void
+     */
+    private function prepareLayoutData($isButtonExist, $isAllowed)
+    {
+        $aclResource = 'Magento_Customer::manage';
+        $handle = 'customer_index_index';
+        $namespace = 'customer_listing';
+        $componentConfig = [
+            $namespace => [
+                'arguments' => [
+                    'data' => [
+                        'acl' => $aclResource,
+                    ],
+                ],
+            ],
+        ];
+
+        $this->requestMock->expects($this->at(0))
+            ->method('getParam')
+            ->with('handle', null)
+            ->willReturn($handle);
+        $this->requestMock->expects($this->at(1))
+            ->method('getParam')
+            ->with('namespace', null)
+            ->willReturn($namespace);
+        $this->requestMock->expects($this->at(2))
+            ->method('getParam')
+            ->with('buttons', false)
+            ->willReturn($isButtonExist);
+        $this->viewMock->expects($this->once())
+            ->method('loadLayout')
+            ->with(['default', $handle], true, true, false);
+        $this->viewMock->expects($this->once())->method('getLayout')->willReturn($this->layoutMock);
+        $this->uiComponentManagerMock->expects($this->once())
+            ->method('getData')
+            ->with($namespace)
+            ->willReturn($componentConfig);
+        $this->authorizationMock->expects($this->once())
+            ->method('isAllowed')
+            ->with($aclResource)
+            ->willReturn($isAllowed);
+    }
 }
diff --git a/dev/tests/integration/testsuite/Magento/Ui/Controller/Adminhtml/Index/Renderer/HandleTest.php b/dev/tests/integration/testsuite/Magento/Ui/Controller/Adminhtml/Index/Renderer/HandleTest.php
@@ -0,0 +1,56 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\Ui\Controller\Adminhtml\Index\Renderer;
+
+use Magento\TestFramework\Helper\Bootstrap;
+use Magento\Framework\AuthorizationInterface;
+
+/**
+ * Test for Magento\Ui\Controller\Adminhtml\Index\Render\Handle class.
+ * @magentoAppArea adminhtml
+ */
+class HandleTest extends \Magento\TestFramework\TestCase\AbstractBackendController
+{
+    /**
+     * @return void
+     * @magentoDataFixture  Magento/Customer/_files/customer.php
+     */
+    public function testExecuteWhenUserDoesNotHavePermission()
+    {
+        Bootstrap::getObjectManager()->configure([
+            'preferences' => [
+                AuthorizationInterface::class => \Magento\Ui\Model\AuthorizationMock::class,
+            ],
+        ]);
+        $this->getRequest()->setParam('handle', 'customer_index_index');
+        $this->getRequest()->setParam('namespace', 'customer_listing');
+        $this->getRequest()->setParam('sorting%5Bfield%5D', 'entity_id');
+        $this->getRequest()->setParam('paging%5BpageSize%5D', 20);
+        $this->getRequest()->setParam('isAjax', 1);
+        $this->dispatch('backend/mui/index/render_handle');
+        $output = $this->getResponse()->getBody();
+
+        $this->assertEmpty($output, 'The acl restriction wasn\'t applied properly');
+    }
+
+    /**
+     * @return void
+     * @magentoDataFixture  Magento/Customer/_files/customer.php
+     */
+    public function testExecuteWhenUserHasPermission()
+    {
+        $this->getRequest()->setParam('handle', 'customer_index_index');
+        $this->getRequest()->setParam('namespace', 'customer_listing');
+        $this->getRequest()->setParam('sorting%5Bfield%5D', 'entity_id');
+        $this->getRequest()->setParam('paging%5BpageSize%5D', 20);
+        $this->getRequest()->setParam('isAjax', 1);
+        $this->dispatch('backend/mui/index/render_handle');
+        $output = $this->getResponse()->getBody();
+
+        $this->assertNotEmpty($output, 'The acl restriction wasn\'t applied properly');
+    }
+}
diff --git a/dev/tests/integration/testsuite/Magento/Ui/Model/AuthorizationMock.php b/dev/tests/integration/testsuite/Magento/Ui/Model/AuthorizationMock.php
