Fix admin menu ACL mismatch in OAuth (#3272)

[Tomasz-Silpion]

Description (*)

This PR fixes ACL issue in Mage_Oauth adminhtml.xml that causes silent Zend_Acl_Exception throw on every admin page and no access to REST consumers/tokens for users with custom role resource access

Related Pull Requests

Fixed Issues (if relevant)

1. Fixes Silent Zend_Acl_Exception throw and no access to OAuth Consumers/Tokens for admins with custom resource access #3272

Manual testing scenarios (*)

1. Create admin user with custom resource access including full System -> Web Service
2. Login as that admin user
3. Try to find REST - OAuth Consumers or REST - OAuth Authorized Tokens in System -> Web Service menu

Questions or comments

Contribution checklist (*)

• Pull request has a meaningful description of its purpose
• All commits are accompanied by meaningful commit messages
• All automated tests passed successfully (all builds are green)
• Add yourself to contributors list

[kiatng]

Is it necessary to change the menu's children, will it break BC? I prefer to leave it as is for backward compatibility.

[Tomasz-Silpion]

Menu children needs to be modified as ACL needs to match menu items. Backward compatibility is preserved but if some vendors already hooked these rarely used OAuth menu nodes with their extensions parents would need to be adapted. If we would try to adapt ACL nodes instead admins with REST access given previously still won't be able to see these positions and exception would be logged in https://github.com/OpenMage/magento-lts/blob/main/app/code/core/Mage/Admin/Model/Resource/Acl.php#L135 as long (custom) admin role would not be resaved.

BTW. it's worth to mention that I've spotted the issue thanks to the catch mentioned by @fballiano in https://github.com/OpenMage/magento-lts/pull/2339/files#diff-1048571d4baf38d246708d5953af464948b5591c2c8d648036394d6101ba8022 while actually I consider deleting bad entries automatically better solution.

[kiatng]

For matching nodes, I would prefer to change the acl node to match the menu node:

1. menu node follows the snake_case standard format
2. the acl node doesn't work anyway, so it can be changed without BC issue

[Tomasz-Silpion]

Ok, if so let's merge #3274 instead but I hope you are aware that in this approach https://github.com/OpenMage/magento-lts/blob/main/app/code/core/Mage/Admin/Model/Resource/Acl.php#L135 would start logging exceptions about missing resources unless custom roles would be resaved.

[kiatng]

Good point on obsolete resources. See PR #2706. Perhaps a upgrade script to be added in #3274?

[Tomasz-Silpion]

G8. I haven't seen that upgrade script before. So we have a deal here where additionally admin users would not automatically regain access to these OAuth areas before superadmin re-consent. I've added a file in Mage_OAuth as in opposition to many other core modules it hosts admin controllers on it's own (like Mage_Oauth_Adminhtml_Oauth_ConsumerController)

Tomasz-Silpion@3cfee60

[kiatng]

Replaced with PR #3274