Skip to content

Commit ea72543

Browse files
committed
Merge remote-tracking branch 'origin/2.3.6-develop' into 2.3.6-develop-pr139
2 parents a0750be + 0181689 commit ea72543

File tree

5 files changed

+109
-38
lines changed

5 files changed

+109
-38
lines changed

app/code/Magento/Cms/etc/webapi.xml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -23,19 +23,19 @@
2323
<route url="/V1/cmsPage" method="POST">
2424
<service class="Magento\Cms\Api\PageRepositoryInterface" method="save"/>
2525
<resources>
26-
<resource ref="Magento_Cms::page"/>
26+
<resource ref="Magento_Cms::save"/>
2727
</resources>
2828
</route>
2929
<route url="/V1/cmsPage/:id" method="PUT">
3030
<service class="Magento\Cms\Api\PageRepositoryInterface" method="save"/>
3131
<resources>
32-
<resource ref="Magento_Cms::page"/>
32+
<resource ref="Magento_Cms::save"/>
3333
</resources>
3434
</route>
3535
<route url="/V1/cmsPage/:pageId" method="DELETE">
3636
<service class="Magento\Cms\Api\PageRepositoryInterface" method="deleteById"/>
3737
<resources>
38-
<resource ref="Magento_Cms::page"/>
38+
<resource ref="Magento_Cms::page_delete"/>
3939
</resources>
4040
</route>
4141
<!-- Cms Block -->

app/code/Magento/Customer/etc/webapi.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -228,7 +228,7 @@
228228
<route url="/V1/customers/:customerId" method="DELETE">
229229
<service class="Magento\Customer\Api\CustomerRepositoryInterface" method="deleteById"/>
230230
<resources>
231-
<resource ref="Magento_Customer::manage"/>
231+
<resource ref="Magento_Customer::delete"/>
232232
</resources>
233233
</route>
234234
<route url="/V1/customers/isEmailAvailable" method="POST">

app/code/Magento/Paypal/Test/Mftf/Test/StorefrontPaypalSmartButtonInCheckoutPageTest.xml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,9 @@
1717
<severity value="CRITICAL"/>
1818
<testCaseId value="MC-13690"/>
1919
<group value="paypal"/>
20+
<skip>
21+
<issueId value="MC-35083"/>
22+
</skip>
2023
</annotations>
2124
<before>
2225

dev/tests/api-functional/testsuite/Magento/Cms/Api/PageRepositoryTest.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -421,7 +421,7 @@ public function testSaveDesign(): void
421421
/** @var Rules $rules */
422422
$rules = $this->rulesFactory->create();
423423
$rules->setRoleId($role->getId());
424-
$rules->setResources(['Magento_Cms::page']);
424+
$rules->setResources(['Magento_Cms::save']);
425425
$rules->saveRel();
426426
//Using the admin user with custom role.
427427
$token = $this->adminTokens->createAdminAccessToken(
@@ -471,7 +471,7 @@ public function testSaveDesign(): void
471471
/** @var Rules $rules */
472472
$rules = Bootstrap::getObjectManager()->create(Rules::class);
473473
$rules->setRoleId($role->getId());
474-
$rules->setResources(['Magento_Cms::page', 'Magento_Cms::save_design']);
474+
$rules->setResources(['Magento_Cms::save', 'Magento_Cms::save_design']);
475475
$rules->saveRel();
476476
//Making the same request with design settings.
477477
$result = $this->_webApiCall($serviceInfo, $requestData);
@@ -486,7 +486,7 @@ public function testSaveDesign(): void
486486
/** @var Rules $rules */
487487
$rules = Bootstrap::getObjectManager()->create(Rules::class);
488488
$rules->setRoleId($role->getId());
489-
$rules->setResources(['Magento_Cms::page']);
489+
$rules->setResources(['Magento_Cms::save']);
490490
$rules->saveRel();
491491
//Updating the page but with the same design properties values.
492492
$result = $this->_webApiCall($serviceInfo, $requestData);

dev/tests/api-functional/testsuite/Magento/Customer/Api/CustomerRepositoryTest.php

Lines changed: 99 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -8,11 +8,23 @@
88

99
use Magento\Customer\Api\Data\CustomerInterface as Customer;
1010
use Magento\Customer\Api\Data\AddressInterface as Address;
11+
use Magento\Customer\Api\Data\CustomerInterfaceFactory;
12+
use Magento\Customer\Model\CustomerRegistry;
13+
use Magento\Framework\Api\DataObjectHelper;
14+
use Magento\Framework\Api\FilterBuilder;
15+
use Magento\Framework\Api\Search\FilterGroupBuilder;
16+
use Magento\Framework\Api\SearchCriteriaBuilder;
17+
use Magento\Framework\Api\SearchCriteriaInterface;
1118
use Magento\Framework\Api\SortOrder;
19+
use Magento\Framework\Api\SortOrderBuilder;
1220
use Magento\Framework\Exception\InputException;
1321
use Magento\Framework\Exception\LocalizedException;
22+
use Magento\Framework\Reflection\DataObjectProcessor;
1423
use Magento\Framework\Webapi\Rest\Request;
1524
use Magento\Integration\Api\CustomerTokenServiceInterface;
25+
use Magento\Integration\Api\IntegrationServiceInterface;
26+
use Magento\Integration\Api\OauthServiceInterface;
27+
use Magento\Integration\Model\Integration;
1628
use Magento\TestFramework\Helper\Bootstrap;
1729
use Magento\TestFramework\Helper\Customer as CustomerHelper;
1830
use Magento\TestFramework\TestCase\WebapiAbstract;
@@ -92,34 +104,20 @@ class CustomerRepositoryTest extends WebapiAbstract
92104
*/
93105
public function setUp()
94106
{
95-
$this->customerRegistry = Bootstrap::getObjectManager()->get(
96-
\Magento\Customer\Model\CustomerRegistry::class
97-
);
107+
$this->customerRegistry = Bootstrap::getObjectManager()->get(CustomerRegistry::class);
98108

99109
$this->customerRepository = Bootstrap::getObjectManager()->get(
100110
\Magento\Customer\Api\CustomerRepositoryInterface::class,
101111
['customerRegistry' => $this->customerRegistry]
102112
);
103-
$this->dataObjectHelper = Bootstrap::getObjectManager()->create(
104-
\Magento\Framework\Api\DataObjectHelper::class
105-
);
106-
$this->customerDataFactory = Bootstrap::getObjectManager()->create(
107-
\Magento\Customer\Api\Data\CustomerInterfaceFactory::class
108-
);
109-
$this->searchCriteriaBuilder = Bootstrap::getObjectManager()->create(
110-
\Magento\Framework\Api\SearchCriteriaBuilder::class
111-
);
112-
$this->sortOrderBuilder = Bootstrap::getObjectManager()->create(
113-
\Magento\Framework\Api\SortOrderBuilder::class
114-
);
115-
$this->filterGroupBuilder = Bootstrap::getObjectManager()->create(
116-
\Magento\Framework\Api\Search\FilterGroupBuilder::class
117-
);
113+
$this->dataObjectHelper = Bootstrap::getObjectManager()->create(DataObjectHelper::class);
114+
$this->customerDataFactory = Bootstrap::getObjectManager()->create(CustomerInterfaceFactory::class);
115+
$this->searchCriteriaBuilder = Bootstrap::getObjectManager()->create(SearchCriteriaBuilder::class);
116+
$this->sortOrderBuilder = Bootstrap::getObjectManager()->create(SortOrderBuilder::class);
117+
$this->filterGroupBuilder = Bootstrap::getObjectManager()->create(FilterGroupBuilder::class);
118118
$this->customerHelper = new CustomerHelper();
119119

120-
$this->dataObjectProcessor = Bootstrap::getObjectManager()->create(
121-
\Magento\Framework\Reflection\DataObjectProcessor::class
122-
);
120+
$this->dataObjectProcessor = Bootstrap::getObjectManager()->create(DataObjectProcessor::class);
123121
}
124122

125123
public function tearDown()
@@ -149,10 +147,10 @@ public function tearDown()
149147
/**
150148
* Validate update by invalid customer.
151149
*
152-
* @expectedException \Exception
153150
*/
154151
public function testInvalidCustomerUpdate()
155152
{
153+
$this->expectException(\Exception::class);
156154
//Create first customer and retrieve customer token.
157155
$firstCustomerData = $this->_createCustomer();
158156

@@ -198,6 +196,31 @@ public function testInvalidCustomerUpdate()
198196
$this->_webApiCall($serviceInfo, $requestData);
199197
}
200198

199+
/**
200+
* Create Integration and return token.
201+
*
202+
* @param string $name
203+
* @param array $resource
204+
* @return string
205+
*/
206+
private function createIntegrationToken(string $name, array $resource): string
207+
{
208+
/** @var IntegrationServiceInterface $integrationService */
209+
$integrationService = Bootstrap::getObjectManager()->get(IntegrationServiceInterface::class);
210+
$oauthService = Bootstrap::getObjectManager()->get(OauthServiceInterface::class);
211+
/** @var Integration $integration */
212+
$integration = $integrationService->create(
213+
[
214+
'name' => $name,
215+
'resource' => $resource,
216+
]
217+
);
218+
/** @var OauthServiceInterface $oauthService */
219+
$oauthService->createAccessToken($integration->getConsumerId());
220+
221+
return $integrationService->get($integration->getId())->getToken();
222+
}
223+
201224
public function testDeleteCustomer()
202225
{
203226
$customerData = $this->_createCustomer();
@@ -228,6 +251,51 @@ public function testDeleteCustomer()
228251
$this->_getCustomerData($customerData[Customer::ID]);
229252
}
230253

254+
/**
255+
* Check that non authorized consumer can`t delete customer.
256+
*
257+
* @return void
258+
*/
259+
public function testDeleteCustomerNonAuthorized(): void
260+
{
261+
$resource = [
262+
'Magento_Customer::customer',
263+
'Magento_Customer::manage',
264+
];
265+
$token = $this->createIntegrationToken('TestAPI' . bin2hex(random_bytes(5)), $resource);
266+
267+
$customerData = $this->_createCustomer();
268+
$this->currentCustomerId = [];
269+
270+
$serviceInfo = [
271+
'rest' => [
272+
'resourcePath' => self::RESOURCE_PATH . '/' . $customerData[Customer::ID],
273+
'httpMethod' => Request::HTTP_METHOD_DELETE,
274+
'token' => $token,
275+
],
276+
'soap' => [
277+
'service' => self::SERVICE_NAME,
278+
'serviceVersion' => self::SERVICE_VERSION,
279+
'operation' => self::SERVICE_NAME . 'DeleteById',
280+
'token' => $token,
281+
],
282+
];
283+
try {
284+
$this->_webApiCall($serviceInfo, ['customerId' => $customerData['id']]);
285+
$this->fail("Expected exception is not thrown.");
286+
} catch (\SoapFault $e) {
287+
} catch (\Exception $e) {
288+
$expectedMessage = 'The consumer isn\'t authorized to access %resources.';
289+
$errorObj = $this->processRestExceptionResult($e);
290+
$this->assertEquals($expectedMessage, $errorObj['message']);
291+
$this->assertEquals(['resources' => 'Magento_Customer::delete'], $errorObj['parameters']);
292+
$this->assertEquals(HTTPExceptionCodes::HTTP_UNAUTHORIZED, $e->getCode());
293+
}
294+
/** @var Customer $data */
295+
$data = $this->_getCustomerData($customerData[Customer::ID]);
296+
$this->assertNotNull($data->getId());
297+
}
298+
231299
public function testDeleteCustomerInvalidCustomerId()
232300
{
233301
$invalidId = -1;
@@ -485,7 +553,7 @@ public function testCreateCustomerWithoutAddressRequiresException()
485553
*/
486554
public function testSearchCustomers()
487555
{
488-
$builder = Bootstrap::getObjectManager()->create(\Magento\Framework\Api\FilterBuilder::class);
556+
$builder = Bootstrap::getObjectManager()->create(FilterBuilder::class);
489557
$customerData = $this->_createCustomer();
490558
$filter = $builder
491559
->setField(Customer::EMAIL)
@@ -494,7 +562,7 @@ public function testSearchCustomers()
494562
$this->searchCriteriaBuilder->addFilters([$filter]);
495563
$searchData = $this->dataObjectProcessor->buildOutputDataArray(
496564
$this->searchCriteriaBuilder->create(),
497-
\Magento\Framework\Api\SearchCriteriaInterface::class
565+
SearchCriteriaInterface::class
498566
);
499567
$requestData = ['searchCriteria' => $searchData];
500568
$serviceInfo = [
@@ -519,7 +587,7 @@ public function testSearchCustomers()
519587
public function testSearchCustomersUsingGET()
520588
{
521589
$this->_markTestAsRestOnly('SOAP test is covered in testSearchCustomers');
522-
$builder = Bootstrap::getObjectManager()->create(\Magento\Framework\Api\FilterBuilder::class);
590+
$builder = Bootstrap::getObjectManager()->create(FilterBuilder::class);
523591
$customerData = $this->_createCustomer();
524592
$filter = $builder
525593
->setField(Customer::EMAIL)
@@ -573,7 +641,7 @@ public function testSearchCustomersUsingGETEmptyFilter()
573641
*/
574642
public function testSearchCustomersMultipleFiltersWithSort()
575643
{
576-
$builder = Bootstrap::getObjectManager()->create(\Magento\Framework\Api\FilterBuilder::class);
644+
$builder = Bootstrap::getObjectManager()->create(FilterBuilder::class);
577645
$customerData1 = $this->_createCustomer();
578646
$customerData2 = $this->_createCustomer();
579647
$filter1 = $builder->setField(Customer::EMAIL)
@@ -590,7 +658,7 @@ public function testSearchCustomersMultipleFiltersWithSort()
590658

591659
/**@var \Magento\Framework\Api\SortOrderBuilder $sortOrderBuilder */
592660
$sortOrderBuilder = Bootstrap::getObjectManager()->create(
593-
\Magento\Framework\Api\SortOrderBuilder::class
661+
SortOrderBuilder::class
594662
);
595663
/** @var SortOrder $sortOrder */
596664
$sortOrder = $sortOrderBuilder->setField(Customer::EMAIL)->setDirection(SortOrder::SORT_ASC)->create();
@@ -622,7 +690,7 @@ public function testSearchCustomersMultipleFiltersWithSort()
622690
public function testSearchCustomersMultipleFiltersWithSortUsingGET()
623691
{
624692
$this->_markTestAsRestOnly('SOAP test is covered in testSearchCustomers');
625-
$builder = Bootstrap::getObjectManager()->create(\Magento\Framework\Api\FilterBuilder::class);
693+
$builder = Bootstrap::getObjectManager()->create(FilterBuilder::class);
626694
$customerData1 = $this->_createCustomer();
627695
$customerData2 = $this->_createCustomer();
628696
$filter1 = $builder->setField(Customer::EMAIL)
@@ -658,7 +726,7 @@ public function testSearchCustomersMultipleFiltersWithSortUsingGET()
658726
*/
659727
public function testSearchCustomersNonExistentMultipleFilters()
660728
{
661-
$builder = Bootstrap::getObjectManager()->create(\Magento\Framework\Api\FilterBuilder::class);
729+
$builder = Bootstrap::getObjectManager()->create(FilterBuilder::class);
662730
$customerData1 = $this->_createCustomer();
663731
$customerData2 = $this->_createCustomer();
664732
$filter1 = $filter1 = $builder->setField(Customer::EMAIL)
@@ -696,7 +764,7 @@ public function testSearchCustomersNonExistentMultipleFilters()
696764
public function testSearchCustomersNonExistentMultipleFiltersGET()
697765
{
698766
$this->_markTestAsRestOnly('SOAP test is covered in testSearchCustomers');
699-
$builder = Bootstrap::getObjectManager()->create(\Magento\Framework\Api\FilterBuilder::class);
767+
$builder = Bootstrap::getObjectManager()->create(FilterBuilder::class);
700768
$customerData1 = $this->_createCustomer();
701769
$customerData2 = $this->_createCustomer();
702770
$filter1 = $filter1 = $builder->setField(Customer::EMAIL)
@@ -732,7 +800,7 @@ public function testSearchCustomersMultipleFilterGroups()
732800
$customerData1 = $this->_createCustomer();
733801

734802
/** @var \Magento\Framework\Api\FilterBuilder $builder */
735-
$builder = Bootstrap::getObjectManager()->create(\Magento\Framework\Api\FilterBuilder::class);
803+
$builder = Bootstrap::getObjectManager()->create(FilterBuilder::class);
736804
$filter1 = $builder->setField(Customer::EMAIL)
737805
->setValue($customerData1[Customer::EMAIL])
738806
->create();

0 commit comments

Comments
 (0)