@@ -29,7 +29,7 @@
getRequired()) echo 'data-validate="{\'validate-one-required-by-name\':\'input[name^="bundle_option[' . $_option->getId() . ']"]:checked\'}"'?>
+ getRequired()) /* @escapeNotVerified */ echo 'data-validate="{\'validate-one-required-by-name\':\'input[name^="bundle_option[' . $_option->getId() . ']"]:checked\'}"'?>
name="bundle_option[getId() ?>][getId() ?>]"
isSelected($_selection)) echo ' checked="checked"' ?>
isSaleable()) echo ' disabled="disabled"' ?>
diff --git a/app/code/Magento/Catalog/Controller/Adminhtml/Category.php b/app/code/Magento/Catalog/Controller/Adminhtml/Category.php
index 044459eb70131..f3038f61ac281 100644
--- a/app/code/Magento/Catalog/Controller/Adminhtml/Category.php
+++ b/app/code/Magento/Catalog/Controller/Adminhtml/Category.php
@@ -10,6 +10,11 @@
*/
abstract class Category extends \Magento\Backend\App\Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_Catalog::categories';
+
/**
* Initialize requested category and put it into registry.
* Root category can be returned, if inappropriate store/category is specified
@@ -53,14 +58,4 @@ protected function _initCategory($getRootInstead = false)
->setStoreId($this->getRequest()->getParam('store'));
return $category;
}
-
- /**
- * Check if admin has permissions to visit related pages
- *
- * @return bool
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Catalog::categories');
- }
}
diff --git a/app/code/Magento/Catalog/Controller/Adminhtml/Category/Widget.php b/app/code/Magento/Catalog/Controller/Adminhtml/Category/Widget.php
index add59c6b2a426..6e643dff1107e 100644
--- a/app/code/Magento/Catalog/Controller/Adminhtml/Category/Widget.php
+++ b/app/code/Magento/Catalog/Controller/Adminhtml/Category/Widget.php
@@ -14,6 +14,13 @@
*/
abstract class Widget extends \Magento\Backend\App\Action
{
+ /**
+ * Authorization level of a basic admin session.
+ *
+ * @see _isAllowed()
+ */
+ const ADMIN_RESOURCE = 'Magento_Catalog::categories';
+
/**
* @var \Magento\Framework\View\LayoutFactory
*/
@@ -37,7 +44,7 @@ public function __construct(
protected function _getCategoryTreeBlock()
{
return $this->layoutFactory->create()->createBlock(
- 'Magento\Catalog\Block\Adminhtml\Category\Widget\Chooser',
+ \Magento\Catalog\Block\Adminhtml\Category\Widget\Chooser::class,
'',
[
'data' => [
diff --git a/app/code/Magento/Catalog/Controller/Adminhtml/Category/Wysiwyg.php b/app/code/Magento/Catalog/Controller/Adminhtml/Category/Wysiwyg.php
index 03958aa954931..834376095a570 100644
--- a/app/code/Magento/Catalog/Controller/Adminhtml/Category/Wysiwyg.php
+++ b/app/code/Magento/Catalog/Controller/Adminhtml/Category/Wysiwyg.php
@@ -9,12 +9,7 @@
class Wysiwyg extends \Magento\Catalog\Controller\Adminhtml\Product\Wysiwyg
{
/**
- * Check if admin has permissions to visit related pages
- *
- * @return bool
+ * {@inheritdoc}
*/
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Catalog::categories');
- }
+ const ADMIN_RESOURCE = 'Magento_Catalog::categories';
}
diff --git a/app/code/Magento/Catalog/Controller/Adminhtml/Product.php b/app/code/Magento/Catalog/Controller/Adminhtml/Product.php
index a3ca2c09d88f3..fb1750594ffef 100644
--- a/app/code/Magento/Catalog/Controller/Adminhtml/Product.php
+++ b/app/code/Magento/Catalog/Controller/Adminhtml/Product.php
@@ -13,6 +13,13 @@
*/
abstract class Product extends \Magento\Backend\App\Action
{
+ /**
+ * Authorization level of a basic admin session.
+ *
+ * @see _isAllowed()
+ */
+ const ADMIN_RESOURCE = 'Magento_Catalog::products';
+
/**
* @var Product\Builder
*/
@@ -29,14 +36,4 @@ public function __construct(
$this->productBuilder = $productBuilder;
parent::__construct($context);
}
-
- /**
- * Check for is allowed
- *
- * @return boolean
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Catalog::products');
- }
}
diff --git a/app/code/Magento/Catalog/Controller/Adminhtml/Product/Action/Attribute.php b/app/code/Magento/Catalog/Controller/Adminhtml/Product/Action/Attribute.php
index 27e360ec30c67..c2d6f9a51cb9b 100644
--- a/app/code/Magento/Catalog/Controller/Adminhtml/Product/Action/Attribute.php
+++ b/app/code/Magento/Catalog/Controller/Adminhtml/Product/Action/Attribute.php
@@ -15,6 +15,11 @@
*/
abstract class Attribute extends Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_Catalog::update_attributes';
+
/**
* @var \Magento\Catalog\Helper\Product\Edit\Action\Attribute
*/
@@ -53,12 +58,4 @@ protected function _validateProducts()
return !$error;
}
-
- /**
- * @return bool
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Catalog::update_attributes');
- }
}
diff --git a/app/code/Magento/Catalog/Controller/Adminhtml/Product/Attribute.php b/app/code/Magento/Catalog/Controller/Adminhtml/Product/Attribute.php
index 38d77553b0f4d..6538b7a0d8ab4 100644
--- a/app/code/Magento/Catalog/Controller/Adminhtml/Product/Attribute.php
+++ b/app/code/Magento/Catalog/Controller/Adminhtml/Product/Attribute.php
@@ -14,6 +14,11 @@
abstract class Attribute extends \Magento\Backend\App\Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_Catalog::attributes_attributes';
+
/**
* @var \Magento\Framework\Cache\FrontendInterface
*/
@@ -123,14 +128,4 @@ protected function generateCode($label)
}
return $code;
}
-
- /**
- * ACL check
- *
- * @return bool
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Catalog::attributes_attributes');
- }
}
diff --git a/app/code/Magento/Catalog/Controller/Adminhtml/Product/Datafeeds/Index.php b/app/code/Magento/Catalog/Controller/Adminhtml/Product/Datafeeds/Index.php
index 98c3b36effb3e..f6e843df30e03 100644
--- a/app/code/Magento/Catalog/Controller/Adminhtml/Product/Datafeeds/Index.php
+++ b/app/code/Magento/Catalog/Controller/Adminhtml/Product/Datafeeds/Index.php
@@ -8,6 +8,13 @@
class Index extends \Magento\Backend\App\Action
{
+ /**
+ * Authorization level of a basic admin session.
+ *
+ * @see _isAllowed()
+ */
+ const ADMIN_RESOURCE = 'Magento_Catalog::products';
+
/**
* @return void
*/
diff --git a/app/code/Magento/Catalog/Controller/Adminhtml/Product/Gallery/Upload.php b/app/code/Magento/Catalog/Controller/Adminhtml/Product/Gallery/Upload.php
index 0ee20abc5d389..fa91f5a9f5884 100644
--- a/app/code/Magento/Catalog/Controller/Adminhtml/Product/Gallery/Upload.php
+++ b/app/code/Magento/Catalog/Controller/Adminhtml/Product/Gallery/Upload.php
@@ -10,6 +10,11 @@
class Upload extends \Magento\Backend\App\Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_Catalog::products';
+
/**
* @var \Magento\Framework\Controller\Result\RawFactory
*/
@@ -27,14 +32,6 @@ public function __construct(
$this->resultRawFactory = $resultRawFactory;
}
- /**
- * @return bool
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Catalog::products');
- }
-
/**
* @return \Magento\Framework\Controller\Result\Raw
*/
diff --git a/app/code/Magento/Catalog/Controller/Adminhtml/Product/Group/Save.php b/app/code/Magento/Catalog/Controller/Adminhtml/Product/Group/Save.php
index 519c5231a5e74..b8c784f5468d4 100644
--- a/app/code/Magento/Catalog/Controller/Adminhtml/Product/Group/Save.php
+++ b/app/code/Magento/Catalog/Controller/Adminhtml/Product/Group/Save.php
@@ -9,19 +9,16 @@
class Save extends \Magento\Backend\App\Action
{
/**
- * @return bool
+ * {@inheritdoc}
*/
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Catalog::products');
- }
+ const ADMIN_RESOURCE = 'Magento_Catalog::products';
/**
* @return void
*/
public function execute()
{
- $model = $this->_objectManager->create('Magento\Eav\Model\Entity\Attribute\Group');
+ $model = $this->_objectManager->create(\Magento\Eav\Model\Entity\Attribute\Group::class);
$model->setAttributeGroupName(
$this->getRequest()->getParam('attribute_group_name')
diff --git a/app/code/Magento/Catalog/Controller/Adminhtml/Product/Initialization/Helper.php b/app/code/Magento/Catalog/Controller/Adminhtml/Product/Initialization/Helper.php
index 2301c88d717bb..4751f1d12d9a7 100644
--- a/app/code/Magento/Catalog/Controller/Adminhtml/Product/Initialization/Helper.php
+++ b/app/code/Magento/Catalog/Controller/Adminhtml/Product/Initialization/Helper.php
@@ -151,7 +151,7 @@ public function initialize(\Magento\Catalog\Model\Product $product)
foreach ($options as &$customOptionData) {
if (isset($customOptionData['values'])) {
$customOptionData['values'] = array_filter($customOptionData['values'], function ($valueData) {
- return !($valueData['option_type_id'] == '-1' && !empty($valueData['is_delete']));
+ return !((!isset($valueData['option_type_id']) || $valueData['option_type_id'] == '-1') && !empty($valueData['is_delete']));
});
}
}
diff --git a/app/code/Magento/Catalog/Controller/Adminhtml/Product/Set.php b/app/code/Magento/Catalog/Controller/Adminhtml/Product/Set.php
index 1ad8a40ed5b94..147ccdae03049 100644
--- a/app/code/Magento/Catalog/Controller/Adminhtml/Product/Set.php
+++ b/app/code/Magento/Catalog/Controller/Adminhtml/Product/Set.php
@@ -12,6 +12,11 @@
*/
abstract class Set extends \Magento\Backend\App\Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_Catalog::sets';
+
/**
* Core registry
*
@@ -41,12 +46,4 @@ protected function _setTypeId()
$this->_objectManager->create('Magento\Catalog\Model\Product')->getResource()->getTypeId()
);
}
-
- /**
- * @return bool
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Catalog::sets');
- }
}
diff --git a/app/code/Magento/Catalog/Controller/Adminhtml/Product/SuggestAttributeSets.php b/app/code/Magento/Catalog/Controller/Adminhtml/Product/SuggestAttributeSets.php
index ea7b3f21e3c21..82600d4041875 100644
--- a/app/code/Magento/Catalog/Controller/Adminhtml/Product/SuggestAttributeSets.php
+++ b/app/code/Magento/Catalog/Controller/Adminhtml/Product/SuggestAttributeSets.php
@@ -8,6 +8,11 @@
class SuggestAttributeSets extends \Magento\Backend\App\Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_Catalog::products';
+
/**
* @var \Magento\Framework\Controller\Result\JsonFactory
*/
@@ -46,12 +51,4 @@ public function execute()
);
return $resultJson;
}
-
- /**
- * @return bool
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Catalog::products');
- }
}
diff --git a/app/code/Magento/Catalog/Controller/Adminhtml/Product/SuggestAttributes.php b/app/code/Magento/Catalog/Controller/Adminhtml/Product/SuggestAttributes.php
index 813c452c63881..0d1fff64355e2 100644
--- a/app/code/Magento/Catalog/Controller/Adminhtml/Product/SuggestAttributes.php
+++ b/app/code/Magento/Catalog/Controller/Adminhtml/Product/SuggestAttributes.php
@@ -8,6 +8,11 @@
class SuggestAttributes extends \Magento\Catalog\Controller\Adminhtml\Product
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_Catalog::products';
+
/**
* @var \Magento\Framework\Controller\Result\JsonFactory
*/
@@ -50,12 +55,4 @@ public function execute()
);
return $resultJson;
}
-
- /**
- * @return bool
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Catalog::products');
- }
}
diff --git a/app/code/Magento/Catalog/Controller/Adminhtml/Product/Widget/Chooser.php b/app/code/Magento/Catalog/Controller/Adminhtml/Product/Widget/Chooser.php
index 12a91e22035ff..15755761f6007 100644
--- a/app/code/Magento/Catalog/Controller/Adminhtml/Product/Widget/Chooser.php
+++ b/app/code/Magento/Catalog/Controller/Adminhtml/Product/Widget/Chooser.php
@@ -8,6 +8,13 @@
class Chooser extends \Magento\Backend\App\Action
{
+ /**
+ * Authorization level of a basic admin session.
+ *
+ * @see _isAllowed()
+ */
+ const ADMIN_RESOURCE = 'Magento_Widget::widget_instance';
+
/**
* @var \Magento\Framework\Controller\Result\RawFactory
*/
@@ -46,7 +53,7 @@ public function execute()
$layout = $this->layoutFactory->create();
$productsGrid = $layout->createBlock(
- 'Magento\Catalog\Block\Adminhtml\Product\Widget\Chooser',
+ \Magento\Catalog\Block\Adminhtml\Product\Widget\Chooser::class,
'',
[
'data' => [
@@ -62,7 +69,7 @@ public function execute()
if (!$this->getRequest()->getParam('products_grid')) {
$categoriesTree = $layout->createBlock(
- 'Magento\Catalog\Block\Adminhtml\Category\Widget\Chooser',
+ \Magento\Catalog\Block\Adminhtml\Category\Widget\Chooser::class,
'',
[
'data' => [
@@ -73,7 +80,7 @@ public function execute()
]
);
- $html = $layout->createBlock('Magento\Catalog\Block\Adminhtml\Product\Widget\Chooser\Container')
+ $html = $layout->createBlock(\Magento\Catalog\Block\Adminhtml\Product\Widget\Chooser\Container::class)
->setTreeHtml($categoriesTree->toHtml())
->setGridHtml($html)
->toHtml();
@@ -81,6 +88,7 @@ public function execute()
/** @var \Magento\Framework\Controller\Result\Raw $resultRaw */
$resultRaw = $this->resultRawFactory->create();
+
return $resultRaw->setContents($html);
}
}
diff --git a/app/code/Magento/Catalog/Model/Product/Attribute/Backend/Media.php b/app/code/Magento/Catalog/Model/Product/Attribute/Backend/Media.php
index c3ff863bf57ae..e3c3fde253a43 100644
--- a/app/code/Magento/Catalog/Model/Product/Attribute/Backend/Media.php
+++ b/app/code/Magento/Catalog/Model/Product/Attribute/Backend/Media.php
@@ -280,7 +280,7 @@ protected function removeDeletedImages(array $files)
*/
protected function moveImageFromTmp($file)
{
- $file = $this->getFilenameFromTmp($file);
+ $file = $this->getFilenameFromTmp($this->getSafeFilename($file));
$destinationFile = $this->getUniqueFileName($file);
if ($this->fileStorageDb->checkDbUsage()) {
@@ -326,6 +326,21 @@ protected function getUniqueFileName($file, $forTmp = false)
}
+ /**
+ * Returns safe filename for posted image.
+ *
+ * @param string $file
+ * @return string
+ */
+ private function getSafeFilename($file)
+ {
+ if (strpos($file, '..') === 0) {
+ $file = DIRECTORY_SEPARATOR . $file;
+ }
+
+ return $this->mediaDirectory->getDriver()->getRealPathSafety($file);
+ }
+
/**
* @param string $file
* @return string
diff --git a/app/code/Magento/Catalog/Model/Product/Pricing/Renderer/SalableResolver.php b/app/code/Magento/Catalog/Model/Product/Pricing/Renderer/SalableResolver.php
index d0656990ded10..695f70e069128 100644
--- a/app/code/Magento/Catalog/Model/Product/Pricing/Renderer/SalableResolver.php
+++ b/app/code/Magento/Catalog/Model/Product/Pricing/Renderer/SalableResolver.php
@@ -19,6 +19,6 @@ class SalableResolver implements SalableResolverInterface
*/
public function isSalable(\Magento\Framework\Pricing\SaleableInterface $salableItem)
{
- return $salableItem->getCanShowPrice() !== false && $salableItem->isSalable();
+ return $salableItem->getCanShowPrice() !== false;
}
}
diff --git a/app/code/Magento/Catalog/Test/Unit/Model/Product/Pricing/Renderer/SalableResolverTest.php b/app/code/Magento/Catalog/Test/Unit/Model/Product/Pricing/Renderer/SalableResolverTest.php
index c658258d5886a..99f824c3cc7da 100644
--- a/app/code/Magento/Catalog/Test/Unit/Model/Product/Pricing/Renderer/SalableResolverTest.php
+++ b/app/code/Magento/Catalog/Test/Unit/Model/Product/Pricing/Renderer/SalableResolverTest.php
@@ -22,7 +22,7 @@ protected function setUp()
{
$this->product = $this->getMock(
'Magento\Catalog\Model\Product',
- ['__wakeup', 'getCanShowPrice', 'isSalable'],
+ ['__wakeup', 'getCanShowPrice'],
[],
'',
false
@@ -40,8 +40,6 @@ public function testSalableItem()
->method('getCanShowPrice')
->willReturn(true);
- $this->product->expects($this->any())->method('isSalable')->willReturn(true);
-
$result = $this->object->isSalable($this->product);
$this->assertTrue($result);
}
@@ -50,9 +48,7 @@ public function testNotSalableItem()
{
$this->product->expects($this->any())
->method('getCanShowPrice')
- ->willReturn(true);
-
- $this->product->expects($this->any())->method('isSalable')->willReturn(false);
+ ->willReturn(false);
$result = $this->object->isSalable($this->product);
$this->assertFalse($result);
diff --git a/app/code/Magento/Catalog/composer.json b/app/code/Magento/Catalog/composer.json
index 47027a3ddcc76..ff16a24f92820 100644
--- a/app/code/Magento/Catalog/composer.json
+++ b/app/code/Magento/Catalog/composer.json
@@ -34,7 +34,7 @@
"magento/module-catalog-sample-data": "Sample Data version:100.0.*"
},
"type": "magento2-module",
- "version": "100.0.13",
+ "version": "100.0.15",
"license": [
"OSL-3.0",
"AFL-3.0"
diff --git a/app/code/Magento/Catalog/view/adminhtml/templates/catalog/product/attribute/set/main.phtml b/app/code/Magento/Catalog/view/adminhtml/templates/catalog/product/attribute/set/main.phtml
index c15257e8af70c..67863ae1928fe 100644
--- a/app/code/Magento/Catalog/view/adminhtml/templates/catalog/product/attribute/set/main.phtml
+++ b/app/code/Magento/Catalog/view/adminhtml/templates/catalog/product/attribute/set/main.phtml
@@ -259,7 +259,7 @@
}
var newNode = new Ext.tree.TreeNode({
- text : group_name.escapeHTML(),
+ text : group_name,
cls : 'folder',
allowDrop : true,
allowDrag : true
@@ -287,16 +287,21 @@
},
validateGroupName : function(name, exceptNodeId) {
+ var textNode,
+ result = true;
+
name = name.strip();
- var result = true;
if (name === '') {
result = false;
}
for (var i=0; i < TreePanels.root.childNodes.length; i++) {
if (TreePanels.root.childNodes[i].text.toLowerCase() == name.toLowerCase() && TreePanels.root.childNodes[i].id != exceptNodeId) {
errorText = '';
+ errorText = errorText.replace("/name/", name);
+ textNode = jQuery('
')[0];
+ textNode.textContent = errorText;
alert({
- content: errorText.replace("/name/",name)
+ content: textNode
});
result = false;
}
diff --git a/app/code/Magento/Catalog/view/adminhtml/templates/catalog/product/edit/options/type/file.phtml b/app/code/Magento/Catalog/view/adminhtml/templates/catalog/product/edit/options/type/file.phtml
index e3709958b67e0..95bbcaa12dc89 100644
--- a/app/code/Magento/Catalog/view/adminhtml/templates/catalog/product/edit/options/type/file.phtml
+++ b/app/code/Magento/Catalog/view/adminhtml/templates/catalog/product/edit/options/type/file.phtml
@@ -40,7 +40,7 @@
-
+
|
x %2 px.',
'',
diff --git a/app/code/Magento/Catalog/view/adminhtml/ui_component/product_listing.xml b/app/code/Magento/Catalog/view/adminhtml/ui_component/product_listing.xml
index fc90196002f72..6dfd418476cac 100644
--- a/app/code/Magento/Catalog/view/adminhtml/ui_component/product_listing.xml
+++ b/app/code/Magento/Catalog/view/adminhtml/ui_component/product_listing.xml
@@ -12,6 +12,7 @@
- product_listing.product_listing_data_source
- product_columns
+ - Magento_Catalog::products
diff --git a/app/code/Magento/Catalog/view/adminhtml/web/catalog/apply-to-type-switcher.js b/app/code/Magento/Catalog/view/adminhtml/web/catalog/apply-to-type-switcher.js
index 239d399ed45e0..be1699614c1f5 100644
--- a/app/code/Magento/Catalog/view/adminhtml/web/catalog/apply-to-type-switcher.js
+++ b/app/code/Magento/Catalog/view/adminhtml/web/catalog/apply-to-type-switcher.js
@@ -4,13 +4,22 @@
*/
define([
'jquery',
+ 'uiRegistry',
'Magento_Catalog/js/product/weight-handler',
'Magento_Catalog/catalog/type-events'
-], function ($, weight, productType) {
+], function ($, registry, weight, productType) {
'use strict';
return {
+ /**
+ * Init
+ */
+ init: function () {
+ this.bindAll();
+ this._switchToTypeByApplyAttr();
+ },
+
/**
* Bind event
*/
@@ -32,8 +41,7 @@ define([
* Constructor component
*/
'Magento_Catalog/catalog/apply-to-type-switcher': function () {
- this.bindAll();
- this._switchToTypeByApplyAttr();
+ registry.get('typeSwitcher', this.init.bind(this));
},
/**
diff --git a/app/code/Magento/Catalog/view/adminhtml/web/catalog/type-events.js b/app/code/Magento/Catalog/view/adminhtml/web/catalog/type-events.js
index f541255ab045e..e98785aa5f561 100644
--- a/app/code/Magento/Catalog/view/adminhtml/web/catalog/type-events.js
+++ b/app/code/Magento/Catalog/view/adminhtml/web/catalog/type-events.js
@@ -4,8 +4,9 @@
*/
define([
'jquery',
+ 'uiRegistry',
'Magento_Catalog/js/product/weight-handler'
-], function ($, weight) {
+], function ($, registry, weight) {
'use strict';
return {
@@ -30,6 +31,7 @@ define([
this.type.current = this.$type.val();
this.bindAll();
+ registry.set('typeSwitcher', this);
},
/**
diff --git a/app/code/Magento/Catalog/view/adminhtml/web/js/custom-options.js b/app/code/Magento/Catalog/view/adminhtml/web/js/custom-options.js
index 3e610b6eedef7..648bbff8e89c6 100644
--- a/app/code/Magento/Catalog/view/adminhtml/web/js/custom-options.js
+++ b/app/code/Magento/Catalog/view/adminhtml/web/js/custom-options.js
@@ -308,7 +308,7 @@ define([
*/
_bindReadOnlyMode: function () {
if (this.options.isReadonly) {
- $('div.product-custom-options').find('button,input,select,textarea,').each(function () {
+ $('div.product-custom-options').find('button,input,select,textarea').each(function () {
$(this).prop('disabled', true);
if ($(this).is('button')) {
@@ -339,7 +339,7 @@ define([
checkbox: 'input[id$=_price_use_default]',
label: 'span'
});
- //@TODO not work set default value for second field
+ // not work set default value for second field
priceType.useDefault({
field: '.field',
useDefault: 'label[for$=_price]',
diff --git a/app/code/Magento/CatalogRule/Controller/Adminhtml/Promo/Catalog.php b/app/code/Magento/CatalogRule/Controller/Adminhtml/Promo/Catalog.php
index a962dc539eb93..bc5c44d87ed52 100644
--- a/app/code/Magento/CatalogRule/Controller/Adminhtml/Promo/Catalog.php
+++ b/app/code/Magento/CatalogRule/Controller/Adminhtml/Promo/Catalog.php
@@ -18,6 +18,11 @@
abstract class Catalog extends Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_CatalogRule::promo_catalog';
+
/**
* Dirty rules notice message
*
@@ -71,16 +76,6 @@ protected function _initAction()
return $this;
}
- /**
- * Is access to section allowed
- *
- * @return bool
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_CatalogRule::promo_catalog');
- }
-
/**
* Set dirty rules notice message
*
diff --git a/app/code/Magento/CatalogRule/Controller/Adminhtml/Promo/Index.php b/app/code/Magento/CatalogRule/Controller/Adminhtml/Promo/Index.php
index 8512243a894d5..e245cf2a413b3 100644
--- a/app/code/Magento/CatalogRule/Controller/Adminhtml/Promo/Index.php
+++ b/app/code/Magento/CatalogRule/Controller/Adminhtml/Promo/Index.php
@@ -9,12 +9,9 @@
class Index extends \Magento\Backend\App\Action
{
/**
- * @return bool
+ * {@inheritdoc}
*/
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_CatalogRule::promo');
- }
+ const ADMIN_RESOURCE = 'Magento_CatalogRule::promo';
/**
* @return void
diff --git a/app/code/Magento/CatalogRule/Controller/Adminhtml/Promo/Widget.php b/app/code/Magento/CatalogRule/Controller/Adminhtml/Promo/Widget.php
index a763110076404..60686ea642b48 100644
--- a/app/code/Magento/CatalogRule/Controller/Adminhtml/Promo/Widget.php
+++ b/app/code/Magento/CatalogRule/Controller/Adminhtml/Promo/Widget.php
@@ -10,10 +10,7 @@
abstract class Widget extends Action
{
/**
- * @return bool
+ * {@inheritdoc}
*/
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_CatalogRule::promo_catalog');
- }
+ const ADMIN_RESOURCE = 'Magento_CatalogRule::promo_catalog';
}
diff --git a/app/code/Magento/CatalogRule/composer.json b/app/code/Magento/CatalogRule/composer.json
index 9aabf7afebef4..4c0930e331ecf 100644
--- a/app/code/Magento/CatalogRule/composer.json
+++ b/app/code/Magento/CatalogRule/composer.json
@@ -16,7 +16,7 @@
"magento/module-catalog-rule-sample-data": "Sample Data version:100.0.*"
},
"type": "magento2-module",
- "version": "100.0.8",
+ "version": "100.0.9",
"license": [
"OSL-3.0",
"AFL-3.0"
diff --git a/app/code/Magento/CatalogSearch/composer.json b/app/code/Magento/CatalogSearch/composer.json
index 737912d31de77..1775e5372a23a 100644
--- a/app/code/Magento/CatalogSearch/composer.json
+++ b/app/code/Magento/CatalogSearch/composer.json
@@ -14,7 +14,7 @@
"magento/framework": "100.0.*"
},
"type": "magento2-module",
- "version": "100.0.7",
+ "version": "100.0.8",
"license": [
"OSL-3.0",
"AFL-3.0"
diff --git a/app/code/Magento/CatalogSearch/etc/acl.xml b/app/code/Magento/CatalogSearch/etc/acl.xml
new file mode 100644
index 0000000000000..09a4c51bc2f3d
--- /dev/null
+++ b/app/code/Magento/CatalogSearch/etc/acl.xml
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/app/code/Magento/CatalogWidget/Controller/Adminhtml/Product/Widget.php b/app/code/Magento/CatalogWidget/Controller/Adminhtml/Product/Widget.php
index 57e4da3de6685..e92382f76c14a 100644
--- a/app/code/Magento/CatalogWidget/Controller/Adminhtml/Product/Widget.php
+++ b/app/code/Magento/CatalogWidget/Controller/Adminhtml/Product/Widget.php
@@ -13,10 +13,7 @@
abstract class Widget extends Action
{
/**
- * @return bool
+ * {@inheritdoc}
*/
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Widget::widget_instance');
- }
+ const ADMIN_RESOURCE = 'Magento_Widget::widget_instance';
}
diff --git a/app/code/Magento/CatalogWidget/composer.json b/app/code/Magento/CatalogWidget/composer.json
index 716b622a7fe54..91a5b1707a199 100644
--- a/app/code/Magento/CatalogWidget/composer.json
+++ b/app/code/Magento/CatalogWidget/composer.json
@@ -14,7 +14,7 @@
"magento/framework": "100.0.*"
},
"type": "magento2-module",
- "version": "100.0.6",
+ "version": "100.0.7",
"license": [
"OSL-3.0",
"AFL-3.0"
diff --git a/app/code/Magento/Checkout/Controller/Cart/Addgroup.php b/app/code/Magento/Checkout/Controller/Cart/Addgroup.php
index 742df2e602472..6179a78054936 100644
--- a/app/code/Magento/Checkout/Controller/Cart/Addgroup.php
+++ b/app/code/Magento/Checkout/Controller/Cart/Addgroup.php
@@ -6,6 +6,11 @@
*/
namespace Magento\Checkout\Controller\Cart;
+use Magento\Sales\Model\Order\Item;
+
+/**
+ * Add "Recently Ordered" customer items to cart.
+ */
class Addgroup extends \Magento\Checkout\Controller\Cart
{
/**
@@ -13,16 +18,16 @@ class Addgroup extends \Magento\Checkout\Controller\Cart
*/
public function execute()
{
- $orderItemIds = $this->getRequest()->getParam('order_items', []);
+ $orderItemIds = $this->getRequest()->getPost('order_items');
if (is_array($orderItemIds)) {
- $itemsCollection = $this->_objectManager->create('Magento\Sales\Model\Order\Item')
+ $itemsCollection = $this->_objectManager->create(\Magento\Sales\Model\Order\Item::class)
->getCollection()
->addIdFilter($orderItemIds)
->load();
/* @var $itemsCollection \Magento\Sales\Model\ResourceModel\Order\Item\Collection */
foreach ($itemsCollection as $item) {
try {
- $this->cart->addOrderItem($item, 1);
+ $this->addOrderItem($item);
} catch (\Magento\Framework\Exception\LocalizedException $e) {
if ($this->_checkoutSession->getUseNotice(true)) {
$this->messageManager->addNotice($e->getMessage());
@@ -34,12 +39,35 @@ public function execute()
$e,
__('We can\'t add this item to your shopping cart right now.')
);
- $this->_objectManager->get('Psr\Log\LoggerInterface')->critical($e);
+ $this->_objectManager->get(\Psr\Log\LoggerInterface::class)->critical($e);
+
return $this->_goBack();
}
}
$this->cart->save();
}
+
return $this->_goBack();
}
+
+ /**
+ * Add item to cart.
+ *
+ * Add item to cart only if it's belongs to customer.
+ *
+ * @param Item $item
+ * @return void
+ */
+ private function addOrderItem(Item $item)
+ {
+ /** @var \Magento\Customer\Model\Session $session */
+ $session = $this->cart->getCustomerSession();
+ if ($session->isLoggedIn()) {
+ $orderCustomerId = $item->getOrder()->getCustomerId();
+ $currentCustomerId = $session->getCustomer()->getId();
+ if ($orderCustomerId == $currentCustomerId) {
+ $this->cart->addOrderItem($item, 1);
+ }
+ }
+ }
}
diff --git a/app/code/Magento/Checkout/composer.json b/app/code/Magento/Checkout/composer.json
index 8e623d77bce19..6c9ecbf63016c 100644
--- a/app/code/Magento/Checkout/composer.json
+++ b/app/code/Magento/Checkout/composer.json
@@ -27,7 +27,7 @@
"magento/module-cookie": "100.0.*"
},
"type": "magento2-module",
- "version": "100.0.12",
+ "version": "100.0.14",
"license": [
"OSL-3.0",
"AFL-3.0"
diff --git a/app/code/Magento/Checkout/view/frontend/web/js/model/shipping-rates-validator.js b/app/code/Magento/Checkout/view/frontend/web/js/model/shipping-rates-validator.js
index f8ce4370ca75a..e0fa5ed977a28 100644
--- a/app/code/Magento/Checkout/view/frontend/web/js/model/shipping-rates-validator.js
+++ b/app/code/Magento/Checkout/view/frontend/web/js/model/shipping-rates-validator.js
@@ -12,6 +12,7 @@ define(
'../action/select-shipping-address',
'./postcode-validator',
'mage/translate',
+ 'uiRegistry',
'Magento_Checkout/js/model/quote'
],
function (
@@ -22,6 +23,7 @@ define(
selectShippingAddress,
postcodeValidator,
$t,
+ uiRegistry,
quote
) {
'use strict';
@@ -29,7 +31,8 @@ define(
var checkoutConfig = window.checkoutConfig,
validators = [],
observedElements = [],
- postcodeElement = null;
+ postcodeElement = null,
+ postcodeElementName = 'postcode';
return {
validateAddressTimeout: 0,
@@ -55,26 +58,57 @@ define(
});
},
+ /**
+ * Perform postponed binding for fieldset elements
+ *
+ * @param {String} formPath
+ */
+ initFields: function (formPath) {
+ var self = this,
+ elements = shippingRatesValidationRules.getObservableFields();
+
+ if ($.inArray(postcodeElementName, elements) === -1) {
+ // Add postcode field to observables if not exist for zip code validation support
+ elements.push(postcodeElementName);
+ }
+
+ $.each(elements, function (index, field) {
+ uiRegistry.async(formPath + '.' + field)(self.doElementBinding.bind(self));
+ });
+ },
+
+ /**
+ * Bind shipping rates request to form element
+ *
+ * @param {Object} element
+ * @param {Boolean} force
+ * @param {Number} delay
+ */
+ doElementBinding: function (element, force, delay) {
+ var observableFields = shippingRatesValidationRules.getObservableFields();
+
+ if (element && (observableFields.indexOf(element.index) !== -1 || force)) {
+ if (element.index !== postcodeElementName) {
+ this.bindHandler(element, delay);
+ }
+ }
+
+ if (element.index === postcodeElementName) {
+ this.bindHandler(element, delay);
+ postcodeElement = element;
+ }
+ },
+
/**
* @param {*} elements
* @param {Boolean} force
* @param {Number} delay
*/
bindChangeHandlers: function (elements, force, delay) {
- var self = this,
- observableFields = shippingRatesValidationRules.getObservableFields();
+ var self = this;
$.each(elements, function (index, elem) {
- if (elem && (observableFields.indexOf(elem.index) != -1 || force)) {
- if (elem.index !== 'postcode') {
- self.bindHandler(elem, delay);
- }
- }
-
- if (elem.index === 'postcode') {
- self.bindHandler(elem, delay);
- postcodeElement = elem;
- }
+ self.doElementBinding(elem, force, delay);
});
},
@@ -87,7 +121,7 @@ define(
delay = typeof delay === "undefined" ? self.validateDelay : delay;
- if (element.component.indexOf('/group') != -1) {
+ if (element.component.indexOf('/group') !== -1) {
$.each(element.elems(), function (index, elem) {
self.bindHandler(elem);
});
diff --git a/app/code/Magento/Checkout/view/frontend/web/js/view/shipping.js b/app/code/Magento/Checkout/view/frontend/web/js/view/shipping.js
index 037de39847c2f..abb252e0acacf 100644
--- a/app/code/Magento/Checkout/view/frontend/web/js/view/shipping.js
+++ b/app/code/Magento/Checkout/view/frontend/web/js/view/shipping.js
@@ -69,8 +69,13 @@ define(
quoteIsVirtual: quote.isVirtual(),
initialize: function () {
- var self = this;
+ var self = this,
+ hasNewAddress,
+ fieldsetName = 'checkout.steps.shipping-step.shippingAddress.shipping-address-fieldset';
+
this._super();
+ shippingRatesValidator.initFields(fieldsetName);
+
if (!quote.isVirtual()) {
stepNavigator.registerStep(
'shipping',
@@ -82,7 +87,7 @@ define(
}
checkoutDataResolver.resolveShippingAddress();
- var hasNewAddress = addressList.some(function (address) {
+ hasNewAddress = addressList.some(function (address) {
return address.getType() == 'new-customer-address';
});
@@ -94,7 +99,7 @@ define(
}
});
- quote.shippingMethod.subscribe(function (value) {
+ quote.shippingMethod.subscribe(function () {
self.errorValidationMessage(false);
});
@@ -118,13 +123,7 @@ define(
//load data from server for shipping step
},
- initElement: function(element) {
- if (element.index === 'shipping-address-fieldset') {
- shippingRatesValidator.bindChangeHandlers(element.elems(), false);
- }
- },
-
- getPopUp: function() {
+ getPopUp: function () {
var self = this;
if (!popUp) {
var buttons = this.popUpForm.options.buttons;
diff --git a/app/code/Magento/CheckoutAgreements/Controller/Adminhtml/Agreement.php b/app/code/Magento/CheckoutAgreements/Controller/Adminhtml/Agreement.php
index 4d32d3619930b..ceae8d2e3a56f 100644
--- a/app/code/Magento/CheckoutAgreements/Controller/Adminhtml/Agreement.php
+++ b/app/code/Magento/CheckoutAgreements/Controller/Adminhtml/Agreement.php
@@ -7,6 +7,11 @@
abstract class Agreement extends \Magento\Backend\App\Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_CheckoutAgreements::checkoutagreement';
+
/**
* Core registry
*
@@ -44,13 +49,4 @@ protected function _initAction()
);
return $this;
}
-
- /**
- * @return bool
- * @codeCoverageIgnore
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_CheckoutAgreements::checkoutagreement');
- }
}
diff --git a/app/code/Magento/CheckoutAgreements/composer.json b/app/code/Magento/CheckoutAgreements/composer.json
index 4ccb76b8b9c87..8aebe767441b6 100644
--- a/app/code/Magento/CheckoutAgreements/composer.json
+++ b/app/code/Magento/CheckoutAgreements/composer.json
@@ -10,7 +10,7 @@
"magento/framework": "100.0.*"
},
"type": "magento2-module",
- "version": "100.0.6",
+ "version": "100.0.7",
"license": [
"OSL-3.0",
"AFL-3.0"
diff --git a/app/code/Magento/Cms/Controller/Adminhtml/Block.php b/app/code/Magento/Cms/Controller/Adminhtml/Block.php
index 26224c1d92724..85ae5e0164b71 100644
--- a/app/code/Magento/Cms/Controller/Adminhtml/Block.php
+++ b/app/code/Magento/Cms/Controller/Adminhtml/Block.php
@@ -12,6 +12,11 @@
*/
abstract class Block extends \Magento\Backend\App\Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_Cms::block';
+
/**
* Core registry
*
@@ -42,14 +47,4 @@ protected function initPage($resultPage)
->addBreadcrumb(__('Static Blocks'), __('Static Blocks'));
return $resultPage;
}
-
- /**
- * Check the permission to run it
- *
- * @return boolean
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Cms::block');
- }
}
diff --git a/app/code/Magento/Cms/Controller/Adminhtml/Block/InlineEdit.php b/app/code/Magento/Cms/Controller/Adminhtml/Block/InlineEdit.php
index 12f4eda2a0436..f6c1eb26dd172 100644
--- a/app/code/Magento/Cms/Controller/Adminhtml/Block/InlineEdit.php
+++ b/app/code/Magento/Cms/Controller/Adminhtml/Block/InlineEdit.php
@@ -12,6 +12,13 @@
class InlineEdit extends \Magento\Backend\App\Action
{
+ /**
+ * Authorization level of a basic admin session.
+ *
+ * @see _isAllowed()
+ */
+ const ADMIN_RESOURCE = 'Magento_Cms::block';
+
/** @var BlockRepository */
protected $blockRepository;
diff --git a/app/code/Magento/Cms/Controller/Adminhtml/Block/MassDelete.php b/app/code/Magento/Cms/Controller/Adminhtml/Block/MassDelete.php
index e007ccf3b1888..664816dc9e1ea 100644
--- a/app/code/Magento/Cms/Controller/Adminhtml/Block/MassDelete.php
+++ b/app/code/Magento/Cms/Controller/Adminhtml/Block/MassDelete.php
@@ -16,6 +16,13 @@
*/
class MassDelete extends \Magento\Backend\App\Action
{
+ /**
+ * Authorization level of a basic admin session.
+ *
+ * @see _isAllowed()
+ */
+ const ADMIN_RESOURCE = 'Magento_Cms::block';
+
/**
* @var Filter
*/
@@ -57,6 +64,7 @@ public function execute()
/** @var \Magento\Backend\Model\View\Result\Redirect $resultRedirect */
$resultRedirect = $this->resultFactory->create(ResultFactory::TYPE_REDIRECT);
+
return $resultRedirect->setPath('*/*/');
}
}
diff --git a/app/code/Magento/Cms/Controller/Adminhtml/Block/Widget/Chooser.php b/app/code/Magento/Cms/Controller/Adminhtml/Block/Widget/Chooser.php
index c41661d57e440..4b2ef36fabaa4 100644
--- a/app/code/Magento/Cms/Controller/Adminhtml/Block/Widget/Chooser.php
+++ b/app/code/Magento/Cms/Controller/Adminhtml/Block/Widget/Chooser.php
@@ -12,6 +12,13 @@
class Chooser extends \Magento\Backend\App\Action
{
+ /**
+ * Authorization level of a basic admin session.
+ *
+ * @see _isAllowed()
+ */
+ const ADMIN_RESOURCE = 'Magento_Widget::widget_instance';
+
/**
* @var \Magento\Framework\View\LayoutFactory
*/
@@ -46,7 +53,7 @@ public function execute()
$uniqId = $this->getRequest()->getParam('uniq_id');
$pagesGrid = $layout->createBlock(
- 'Magento\Cms\Block\Adminhtml\Block\Widget\Chooser',
+ \Magento\Cms\Block\Adminhtml\Block\Widget\Chooser::class,
'',
['data' => ['id' => $uniqId]]
);
@@ -54,6 +61,7 @@ public function execute()
/** @var \Magento\Framework\Controller\Result\Raw $resultRaw */
$resultRaw = $this->resultRawFactory->create();
$resultRaw->setContents($pagesGrid->toHtml());
+
return $resultRaw;
}
}
diff --git a/app/code/Magento/Cms/Controller/Adminhtml/Page/Delete.php b/app/code/Magento/Cms/Controller/Adminhtml/Page/Delete.php
index a67e102fece99..8698cad58541c 100644
--- a/app/code/Magento/Cms/Controller/Adminhtml/Page/Delete.php
+++ b/app/code/Magento/Cms/Controller/Adminhtml/Page/Delete.php
@@ -11,10 +11,7 @@ class Delete extends \Magento\Backend\App\Action
/**
* {@inheritdoc}
*/
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Cms::page_delete');
- }
+ const ADMIN_RESOURCE = 'Magento_Cms::page_delete';
/**
* Delete action
diff --git a/app/code/Magento/Cms/Controller/Adminhtml/Page/Edit.php b/app/code/Magento/Cms/Controller/Adminhtml/Page/Edit.php
index 949e11ca53be3..093639f6bc1f6 100644
--- a/app/code/Magento/Cms/Controller/Adminhtml/Page/Edit.php
+++ b/app/code/Magento/Cms/Controller/Adminhtml/Page/Edit.php
@@ -10,6 +10,11 @@
class Edit extends \Magento\Backend\App\Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_Cms::save';
+
/**
* Core registry
*
@@ -37,14 +42,6 @@ public function __construct(
parent::__construct($context);
}
- /**
- * {@inheritdoc}
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Cms::save');
- }
-
/**
* Init actions
*
diff --git a/app/code/Magento/Cms/Controller/Adminhtml/Page/Index.php b/app/code/Magento/Cms/Controller/Adminhtml/Page/Index.php
index 5ce039b98cafc..03cf3c820afae 100644
--- a/app/code/Magento/Cms/Controller/Adminhtml/Page/Index.php
+++ b/app/code/Magento/Cms/Controller/Adminhtml/Page/Index.php
@@ -11,6 +11,11 @@
class Index extends \Magento\Backend\App\Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_Cms::page';
+
/**
* @var PageFactory
*/
@@ -27,15 +32,6 @@ public function __construct(
parent::__construct($context);
$this->resultPageFactory = $resultPageFactory;
}
- /**
- * Check the permission to run it
- *
- * @return bool
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Cms::page');
- }
/**
* Index action
diff --git a/app/code/Magento/Cms/Controller/Adminhtml/Page/InlineEdit.php b/app/code/Magento/Cms/Controller/Adminhtml/Page/InlineEdit.php
index 875d03a371157..dcda79216696e 100644
--- a/app/code/Magento/Cms/Controller/Adminhtml/Page/InlineEdit.php
+++ b/app/code/Magento/Cms/Controller/Adminhtml/Page/InlineEdit.php
@@ -17,6 +17,13 @@
*/
class InlineEdit extends \Magento\Backend\App\Action
{
+ /**
+ * Authorization level of a basic admin session.
+ *
+ * @see _isAllowed()
+ */
+ const ADMIN_RESOURCE = 'Magento_Cms::save';
+
/** @var PostDataProcessor */
protected $dataProcessor;
@@ -105,6 +112,7 @@ protected function filterPost($postData = [])
$pageData['custom_root_template'] = isset($pageData['custom_root_template'])
? $pageData['custom_root_template']
: null;
+
return $pageData;
}
@@ -150,6 +158,7 @@ protected function getErrorWithPageId(PageInterface $page, $errorText)
public function setCmsPageData(\Magento\Cms\Model\Page $page, array $extendedPageData, array $pageData)
{
$page->setData(array_merge($page->getData(), $extendedPageData, $pageData));
+
return $this;
}
}
diff --git a/app/code/Magento/Cms/Controller/Adminhtml/Page/MassDelete.php b/app/code/Magento/Cms/Controller/Adminhtml/Page/MassDelete.php
index c1897496e0361..04b0b4f1139be 100644
--- a/app/code/Magento/Cms/Controller/Adminhtml/Page/MassDelete.php
+++ b/app/code/Magento/Cms/Controller/Adminhtml/Page/MassDelete.php
@@ -15,6 +15,13 @@
*/
class MassDelete extends \Magento\Backend\App\Action
{
+ /**
+ * Authorization level of a basic admin session.
+ *
+ * @see _isAllowed()
+ */
+ const ADMIN_RESOURCE = 'Magento_Cms::page_delete';
+
/**
* @var Filter
*/
@@ -56,6 +63,7 @@ public function execute()
/** @var \Magento\Backend\Model\View\Result\Redirect $resultRedirect */
$resultRedirect = $this->resultFactory->create(ResultFactory::TYPE_REDIRECT);
+
return $resultRedirect->setPath('*/*/');
}
}
diff --git a/app/code/Magento/Cms/Controller/Adminhtml/Page/MassDisable.php b/app/code/Magento/Cms/Controller/Adminhtml/Page/MassDisable.php
index d6865cf1cdfd4..cb4c9b2135eda 100644
--- a/app/code/Magento/Cms/Controller/Adminhtml/Page/MassDisable.php
+++ b/app/code/Magento/Cms/Controller/Adminhtml/Page/MassDisable.php
@@ -15,6 +15,13 @@
*/
class MassDisable extends \Magento\Backend\App\Action
{
+ /**
+ * Authorization level of a basic admin session.
+ *
+ * @see _isAllowed()
+ */
+ const ADMIN_RESOURCE = 'Magento_Cms::save';
+
/**
* @var Filter
*/
@@ -56,6 +63,7 @@ public function execute()
/** @var \Magento\Backend\Model\View\Result\Redirect $resultRedirect */
$resultRedirect = $this->resultFactory->create(ResultFactory::TYPE_REDIRECT);
+
return $resultRedirect->setPath('*/*/');
}
}
diff --git a/app/code/Magento/Cms/Controller/Adminhtml/Page/MassEnable.php b/app/code/Magento/Cms/Controller/Adminhtml/Page/MassEnable.php
index df8eedc221480..8d164aa1473b2 100644
--- a/app/code/Magento/Cms/Controller/Adminhtml/Page/MassEnable.php
+++ b/app/code/Magento/Cms/Controller/Adminhtml/Page/MassEnable.php
@@ -15,6 +15,13 @@
*/
class MassEnable extends \Magento\Backend\App\Action
{
+ /**
+ * Authorization level of a basic admin session.
+ *
+ * @see _isAllowed()
+ */
+ const ADMIN_RESOURCE = 'Magento_Cms::save';
+
/**
* @var Filter
*/
@@ -56,6 +63,7 @@ public function execute()
/** @var \Magento\Backend\Model\View\Result\Redirect $resultRedirect */
$resultRedirect = $this->resultFactory->create(ResultFactory::TYPE_REDIRECT);
+
return $resultRedirect->setPath('*/*/');
}
}
diff --git a/app/code/Magento/Cms/Controller/Adminhtml/Page/NewAction.php b/app/code/Magento/Cms/Controller/Adminhtml/Page/NewAction.php
index 094b242a49cff..a923196549122 100644
--- a/app/code/Magento/Cms/Controller/Adminhtml/Page/NewAction.php
+++ b/app/code/Magento/Cms/Controller/Adminhtml/Page/NewAction.php
@@ -8,6 +8,11 @@
class NewAction extends \Magento\Backend\App\Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_Cms::save';
+
/**
* @var \Magento\Backend\Model\View\Result\Forward
*/
@@ -25,14 +30,6 @@ public function __construct(
parent::__construct($context);
}
- /**
- * {@inheritdoc}
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Cms::save');
- }
-
/**
* Forward to edit
*
diff --git a/app/code/Magento/Cms/Controller/Adminhtml/Page/Save.php b/app/code/Magento/Cms/Controller/Adminhtml/Page/Save.php
index d23109468517e..0e1b6a96c1953 100644
--- a/app/code/Magento/Cms/Controller/Adminhtml/Page/Save.php
+++ b/app/code/Magento/Cms/Controller/Adminhtml/Page/Save.php
@@ -10,27 +10,35 @@
class Save extends \Magento\Backend\App\Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_Cms::save';
+
/**
* @var PostDataProcessor
*/
protected $dataProcessor;
+ /**
+ * @var \Magento\Cms\Model\PageFactory
+ */
+ private $pageFactory;
+
/**
* @param Action\Context $context
* @param PostDataProcessor $dataProcessor
+ * @param \Magento\Cms\Model\PageFactory $pageFactory
*/
- public function __construct(Action\Context $context, PostDataProcessor $dataProcessor)
- {
- $this->dataProcessor = $dataProcessor;
+ public function __construct(
+ Action\Context $context,
+ PostDataProcessor $dataProcessor,
+ \Magento\Cms\Model\PageFactory $pageFactory = null
+ ) {
parent::__construct($context);
- }
+ $this->dataProcessor = $dataProcessor;
+ $this->pageFactory = $pageFactory ?: $this->_objectManager->get(\Magento\Cms\Model\PageFactory::class);
- /**
- * {@inheritdoc}
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Cms::save');
}
/**
@@ -45,11 +53,18 @@ public function execute()
$resultRedirect = $this->resultRedirectFactory->create();
if ($data) {
$data = $this->dataProcessor->filter($data);
- $model = $this->_objectManager->create('Magento\Cms\Model\Page');
+
+ /** @var \Magento\Cms\Model\Page $model */
+ $model = $this->pageFactory->create();
$id = $this->getRequest()->getParam('page_id');
if ($id) {
$model->load($id);
+ if (!$model->getId()) {
+ $this->messageManager->addErrorMessage(__('This page no longer exists.'));
+
+ return $resultRedirect->setPath('*/*/');
+ }
}
$model->setData($data);
diff --git a/app/code/Magento/Cms/Controller/Adminhtml/Page/Widget/Chooser.php b/app/code/Magento/Cms/Controller/Adminhtml/Page/Widget/Chooser.php
index cb17c3933a488..d136fb914113e 100644
--- a/app/code/Magento/Cms/Controller/Adminhtml/Page/Widget/Chooser.php
+++ b/app/code/Magento/Cms/Controller/Adminhtml/Page/Widget/Chooser.php
@@ -10,6 +10,13 @@
class Chooser extends \Magento\Backend\App\Action
{
+ /**
+ * Authorization level of a basic admin session.
+ *
+ * @see _isAllowed()
+ */
+ const ADMIN_RESOURCE = 'Magento_Widget::widget_instance';
+
/**
* @var \Magento\Framework\View\LayoutFactory
*/
@@ -46,7 +53,7 @@ public function execute()
/** @var \Magento\Framework\View\Layout $layout */
$layout = $this->layoutFactory->create();
$pagesGrid = $layout->createBlock(
- 'Magento\Cms\Block\Adminhtml\Page\Widget\Chooser',
+ \Magento\Cms\Block\Adminhtml\Page\Widget\Chooser::class,
'',
['data' => ['id' => $uniqId]]
);
diff --git a/app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Directive.php b/app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Directive.php
index 6614e81c42e6a..24fadf8bd81d1 100644
--- a/app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Directive.php
+++ b/app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Directive.php
@@ -10,6 +10,13 @@
class Directive extends \Magento\Backend\App\Action
{
+ /**
+ * Authorization level of a basic admin session.
+ *
+ * @see _isAllowed()
+ */
+ const ADMIN_RESOURCE = 'Magento_Cms::media_gallery';
+
/**
* @var \Magento\Framework\Url\DecoderInterface
*/
@@ -44,9 +51,9 @@ public function execute()
{
$directive = $this->getRequest()->getParam('___directive');
$directive = $this->urlDecoder->decode($directive);
- $imagePath = $this->_objectManager->create('Magento\Cms\Model\Template\Filter')->filter($directive);
+ $imagePath = $this->_objectManager->create(\Magento\Cms\Model\Template\Filter::class)->filter($directive);
/** @var \Magento\Framework\Image\Adapter\AdapterInterface $image */
- $image = $this->_objectManager->get('Magento\Framework\Image\AdapterFactory')->create();
+ $image = $this->_objectManager->get(\Magento\Framework\Image\AdapterFactory::class)->create();
/** @var \Magento\Framework\Controller\Result\Raw $resultRaw */
$resultRaw = $this->resultRawFactory->create();
try {
@@ -54,12 +61,13 @@ public function execute()
$resultRaw->setHeader('Content-Type', $image->getMimeType());
$resultRaw->setContents($image->getImage());
} catch (\Exception $e) {
- $imagePath = $this->_objectManager->get('Magento\Cms\Model\Wysiwyg\Config')->getSkinImagePlaceholderPath();
+ $imagePath = $this->_objectManager->get(\Magento\Cms\Model\Wysiwyg\Config::class)->getSkinImagePlaceholderPath();
$image->open($imagePath);
$resultRaw->setHeader('Content-Type', $image->getMimeType());
$resultRaw->setContents($image->getImage());
- $this->_objectManager->get('Psr\Log\LoggerInterface')->critical($e);
+ $this->_objectManager->get(\Psr\Log\LoggerInterface::class)->critical($e);
}
+
return $resultRaw;
}
}
diff --git a/app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images.php b/app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images.php
index 8a3b6420cc5b2..59f3afe3d9f3d 100644
--- a/app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images.php
+++ b/app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images.php
@@ -12,6 +12,11 @@
*/
abstract class Images extends \Magento\Backend\App\Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_Cms::media_gallery';
+
/**
* Core registry
*
@@ -53,14 +58,4 @@ public function getStorage()
}
return $this->_coreRegistry->registry('storage');
}
-
- /**
- * Check current user permission on resource and privilege
- *
- * @return bool
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Cms::media_gallery');
- }
}
diff --git a/app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/DeleteFiles.php b/app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/DeleteFiles.php
index 8093f840669ca..6356af9a67fe1 100644
--- a/app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/DeleteFiles.php
+++ b/app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/DeleteFiles.php
@@ -1,6 +1,5 @@
getRequest()->getParam('files');
/** @var $helper \Magento\Cms\Helper\Wysiwyg\Images */
- $helper = $this->_objectManager->get('Magento\Cms\Helper\Wysiwyg\Images');
+ $helper = $this->_objectManager->get(\Magento\Cms\Helper\Wysiwyg\Images::class);
$path = $this->getStorage()->getSession()->getCurrentPath();
foreach ($files as $file) {
$file = $helper->idDecode($file);
/** @var \Magento\Framework\Filesystem $filesystem */
- $filesystem = $this->_objectManager->get('Magento\Framework\Filesystem');
+ $filesystem = $this->_objectManager->get(\Magento\Framework\Filesystem::class);
$dir = $filesystem->getDirectoryRead(DirectoryList::MEDIA);
- $filePath = $path . '/' . $file;
+ $filePath = $path . '/' . \Magento\Framework\File\Uploader::getCorrectFileName($file);
if ($dir->isFile($dir->getRelativePath($filePath))) {
$this->getStorage()->deleteFile($filePath);
}
}
+
return $this->resultRawFactory->create();
} catch (\Exception $e) {
$result = ['error' => true, 'message' => $e->getMessage()];
/** @var \Magento\Framework\Controller\Result\Json $resultJson */
$resultJson = $this->resultJsonFactory->create();
+
return $resultJson->setData($result);
}
}
diff --git a/app/code/Magento/Cms/Model/Wysiwyg/Config.php b/app/code/Magento/Cms/Model/Wysiwyg/Config.php
index 1f0a7415bdc82..a7e9f45878acc 100644
--- a/app/code/Magento/Cms/Model/Wysiwyg/Config.php
+++ b/app/code/Magento/Cms/Model/Wysiwyg/Config.php
@@ -164,6 +164,7 @@ public function getConfig($data = [])
),
'width' => '100%',
'plugins' => [],
+ 'add_directives' => true,
]
);
diff --git a/app/code/Magento/Cms/Test/Unit/Ui/Component/Listing/Column/PageActionsTest.php b/app/code/Magento/Cms/Test/Unit/Ui/Component/Listing/Column/PageActionsTest.php
deleted file mode 100644
index bd2e2068f2d47..0000000000000
--- a/app/code/Magento/Cms/Test/Unit/Ui/Component/Listing/Column/PageActionsTest.php
+++ /dev/null
@@ -1,95 +0,0 @@
-getMockBuilder('Magento\Framework\UrlInterface')
- ->disableOriginalConstructor()
- ->getMock();
- $contextMock = $this->getMockBuilder('Magento\Framework\View\Element\UiComponent\ContextInterface')
- ->getMockForAbstractClass();
- $processor = $this->getMockBuilder('Magento\Framework\View\Element\UiComponent\Processor')
- ->disableOriginalConstructor()
- ->getMock();
- $contextMock->expects($this->any())->method('getProcessor')->willReturn($processor);
-
- /** @var \Magento\Cms\Ui\Component\Listing\Column\PageActions $model */
- $model = $objectManager->getObject(
- 'Magento\Cms\Ui\Component\Listing\Column\PageActions',
- [
- 'urlBuilder' => $urlBuilderMock,
- 'context' => $contextMock,
- ]
- );
-
- // Define test input and expectations
- $items = [
- 'data' => [
- 'items' => [
- [
- 'page_id' => $pageId
- ]
- ]
- ]
- ];
- $name = 'item_name';
- $expectedItems = [
- [
- 'page_id' => $pageId,
- $name => [
- 'edit' => [
- 'href' => 'test/url/edit',
- 'label' => __('Edit'),
- ],
- 'delete' => [
- 'href' => 'test/url/delete',
- 'label' => __('Delete'),
- 'confirm' => [
- 'title' => __('Delete ${ $.$data.title }'),
- 'message' => __('Are you sure you wan\'t to delete a ${ $.$data.title } record?')
- ],
- ]
- ],
- ]
- ];
-
- // Configure mocks and object data
- $urlBuilderMock->expects($this->any())
- ->method('getUrl')
- ->willReturnMap(
- [
- [
- PageActions::CMS_URL_PATH_EDIT,
- [
- 'page_id' => $pageId
- ],
- 'test/url/edit',
- ],
- [
- PageActions::CMS_URL_PATH_DELETE,
- [
- 'page_id' => $pageId
- ],
- 'test/url/delete',
- ],
- ]
- );
-
- $model->setName($name);
- $items = $model->prepareDataSource($items);
- // Run test
- $this->assertEquals($expectedItems, $items['data']['items']);
- }
-}
diff --git a/app/code/Magento/Cms/Ui/Component/Listing/Column/BlockActions.php b/app/code/Magento/Cms/Ui/Component/Listing/Column/BlockActions.php
index 500e95919081d..72aaee52ab308 100644
--- a/app/code/Magento/Cms/Ui/Component/Listing/Column/BlockActions.php
+++ b/app/code/Magento/Cms/Ui/Component/Listing/Column/BlockActions.php
@@ -9,6 +9,8 @@
use Magento\Framework\View\Element\UiComponent\ContextInterface;
use Magento\Framework\View\Element\UiComponentFactory;
use Magento\Ui\Component\Listing\Columns\Column;
+use Magento\Framework\App\ObjectManager;
+use Magento\Framework\Escaper;
/**
* Class BlockActions
@@ -27,6 +29,13 @@ class BlockActions extends Column
*/
protected $urlBuilder;
+ /**
+ * Escaper.
+ *
+ * @var Escaper
+ */
+ private $escaper;
+
/**
* Constructor
*
@@ -48,11 +57,7 @@ public function __construct(
}
/**
- * @param array $items
- * @return array
- */
- /**
- * Prepare Data Source
+ * Prepare Data Source.
*
* @param array $dataSource
* @return array
@@ -62,6 +67,7 @@ public function prepareDataSource(array $dataSource)
if (isset($dataSource['data']['items'])) {
foreach ($dataSource['data']['items'] as & $item) {
if (isset($item['block_id'])) {
+ $title = $this->getEscaper()->escapeHtml($item['title']);
$item[$this->getData('name')] = [
'edit' => [
'href' => $this->urlBuilder->getUrl(
@@ -72,15 +78,6 @@ public function prepareDataSource(array $dataSource)
),
'label' => __('Edit')
],
- 'details' => [
- 'href' => $this->urlBuilder->getUrl(
- static::URL_PATH_DETAILS,
- [
- 'block_id' => $item['block_id']
- ]
- ),
- 'label' => __('Details')
- ],
'delete' => [
'href' => $this->urlBuilder->getUrl(
static::URL_PATH_DELETE,
@@ -90,10 +87,10 @@ public function prepareDataSource(array $dataSource)
),
'label' => __('Delete'),
'confirm' => [
- 'title' => __('Delete "${ $.$data.title }"'),
- 'message' => __('Are you sure you wan\'t to delete a "${ $.$data.title }" record?')
- ]
- ]
+ 'title' => __('Delete %1', $title),
+ 'message' => __('Are you sure you wan\'t to delete a %1 record?', $title),
+ ],
+ ],
];
}
}
@@ -101,4 +98,19 @@ public function prepareDataSource(array $dataSource)
return $dataSource;
}
+
+ /**
+ * Get instance of escaper.
+ *
+ * @return Escaper
+ * @deprecated
+ */
+ private function getEscaper()
+ {
+ if (!$this->escaper) {
+ $this->escaper = ObjectManager::getInstance()->get(Escaper::class);
+ }
+
+ return $this->escaper;
+ }
}
diff --git a/app/code/Magento/Cms/Ui/Component/Listing/Column/PageActions.php b/app/code/Magento/Cms/Ui/Component/Listing/Column/PageActions.php
index ee51f6dd0247b..bc1fd75e76de0 100644
--- a/app/code/Magento/Cms/Ui/Component/Listing/Column/PageActions.php
+++ b/app/code/Magento/Cms/Ui/Component/Listing/Column/PageActions.php
@@ -5,11 +5,13 @@
*/
namespace Magento\Cms\Ui\Component\Listing\Column;
+use Magento\Cms\Block\Adminhtml\Page\Grid\Renderer\Action\UrlBuilder;
+use Magento\Framework\App\ObjectManager;
+use Magento\Framework\Escaper;
+use Magento\Framework\UrlInterface;
use Magento\Framework\View\Element\UiComponent\ContextInterface;
use Magento\Framework\View\Element\UiComponentFactory;
use Magento\Ui\Component\Listing\Columns\Column;
-use Magento\Cms\Block\Adminhtml\Page\Grid\Renderer\Action\UrlBuilder;
-use Magento\Framework\UrlInterface;
/**
* Class PageActions
@@ -31,6 +33,13 @@ class PageActions extends Column
*/
private $editUrl;
+ /**
+ * Escaper.
+ *
+ * @var Escaper
+ */
+ private $escaper;
+
/**
* @param ContextInterface $context
* @param UiComponentFactory $uiComponentFactory
@@ -71,13 +80,14 @@ public function prepareDataSource(array $dataSource)
'href' => $this->urlBuilder->getUrl($this->editUrl, ['page_id' => $item['page_id']]),
'label' => __('Edit')
];
+ $title = $this->getEscaper()->escapeHtml($item['title']);
$item[$name]['delete'] = [
'href' => $this->urlBuilder->getUrl(self::CMS_URL_PATH_DELETE, ['page_id' => $item['page_id']]),
'label' => __('Delete'),
'confirm' => [
- 'title' => __('Delete ${ $.$data.title }'),
- 'message' => __('Are you sure you wan\'t to delete a ${ $.$data.title } record?')
- ]
+ 'title' => __('Delete %1', $title),
+ 'message' => __('Are you sure you wan\'t to delete a %1 record?', $title),
+ ],
];
}
if (isset($item['identifier'])) {
@@ -95,4 +105,19 @@ public function prepareDataSource(array $dataSource)
return $dataSource;
}
+
+ /**
+ * Get instance of escaper.
+ *
+ * @return Escaper
+ * @deprecated
+ */
+ private function getEscaper()
+ {
+ if (!$this->escaper) {
+ $this->escaper = ObjectManager::getInstance()->get(Escaper::class);
+ }
+
+ return $this->escaper;
+ }
}
diff --git a/app/code/Magento/Cms/Ui/Component/Listing/Columns.php b/app/code/Magento/Cms/Ui/Component/Listing/Columns.php
new file mode 100644
index 0000000000000..99d970d814b76
--- /dev/null
+++ b/app/code/Magento/Cms/Ui/Component/Listing/Columns.php
@@ -0,0 +1,70 @@
+authorization = $authorization ?:
+ \Magento\Framework\App\ObjectManager::getInstance()->get(\Magento\Framework\AuthorizationInterface::class);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function prepare()
+ {
+ parent::prepare();
+ $this->applyEditPermission();
+ }
+
+ /**
+ * Applying InlineEditor permission.
+ *
+ * @return void
+ */
+ private function applyEditPermission()
+ {
+ if (!$this->authorization->isAllowed('Magento_Cms::save')) {
+ $editPermissions = [
+ 'config' => [
+ 'editorConfig' => [
+ 'enabled' => false,
+ ],
+ ],
+ ];
+ $data = $this->getData();
+ $data = array_replace_recursive($data, $editPermissions);
+ $this->setData($data);
+ }
+ }
+}
diff --git a/app/code/Magento/Cms/composer.json b/app/code/Magento/Cms/composer.json
index 0fe5a8540fd46..891d979bf047b 100644
--- a/app/code/Magento/Cms/composer.json
+++ b/app/code/Magento/Cms/composer.json
@@ -18,7 +18,7 @@
"magento/module-cms-sample-data": "Sample Data version:100.0.*"
},
"type": "magento2-module",
- "version": "100.0.6",
+ "version": "100.0.8",
"license": [
"OSL-3.0",
"AFL-3.0"
diff --git a/app/code/Magento/Cms/i18n/en_US.csv b/app/code/Magento/Cms/i18n/en_US.csv
index 58485f3d9d2c5..1d947bc412f92 100644
--- a/app/code/Magento/Cms/i18n/en_US.csv
+++ b/app/code/Magento/Cms/i18n/en_US.csv
@@ -124,3 +124,5 @@ Blocks,Blocks
Widgets,Widgets
Themes,Themes
Schedule,Schedule
+"Delete %1","Delete %1"
+"Are you sure you wan\'t to delete a %1 record?","Are you sure you wan\'t to delete a %1 record?"
diff --git a/app/code/Magento/Cms/view/adminhtml/ui_component/cms_block_listing.xml b/app/code/Magento/Cms/view/adminhtml/ui_component/cms_block_listing.xml
index b57deb5326259..d3514a680ae9f 100644
--- a/app/code/Magento/Cms/view/adminhtml/ui_component/cms_block_listing.xml
+++ b/app/code/Magento/Cms/view/adminhtml/ui_component/cms_block_listing.xml
@@ -20,6 +20,7 @@
- */*/new
+ - Magento_Cms::block
diff --git a/app/code/Magento/Cms/view/adminhtml/ui_component/cms_page_listing.xml b/app/code/Magento/Cms/view/adminhtml/ui_component/cms_page_listing.xml
index 5a4dee3a0fed3..184695706ef82 100644
--- a/app/code/Magento/Cms/view/adminhtml/ui_component/cms_page_listing.xml
+++ b/app/code/Magento/Cms/view/adminhtml/ui_component/cms_page_listing.xml
@@ -20,6 +20,7 @@
- */*/new
+ - Magento_Cms::page
@@ -181,7 +182,7 @@
-
+
-
-
diff --git a/app/code/Magento/Config/Model/Config/Backend/Image/Favicon.php b/app/code/Magento/Config/Model/Config/Backend/Image/Favicon.php
index 998e3b9f48312..ba86529419555 100644
--- a/app/code/Magento/Config/Model/Config/Backend/Image/Favicon.php
+++ b/app/code/Magento/Config/Model/Config/Backend/Image/Favicon.php
@@ -45,6 +45,6 @@ protected function _addWhetherScopeInfo()
*/
protected function _getAllowedExtensions()
{
- return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng', 'svg'];
+ return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng'];
}
}
diff --git a/app/code/Magento/Config/Model/Config/Backend/Image/Logo.php b/app/code/Magento/Config/Model/Config/Backend/Image/Logo.php
index d262311e2d762..72e598c606874 100644
--- a/app/code/Magento/Config/Model/Config/Backend/Image/Logo.php
+++ b/app/code/Magento/Config/Model/Config/Backend/Image/Logo.php
@@ -45,6 +45,6 @@ protected function _addWhetherScopeInfo()
*/
protected function _getAllowedExtensions()
{
- return ['jpg', 'jpeg', 'gif', 'png', 'svg'];
+ return ['jpg', 'jpeg', 'gif', 'png'];
}
}
diff --git a/app/code/Magento/Config/Test/Unit/Model/Config/Backend/Image/LogoTest.php b/app/code/Magento/Config/Test/Unit/Model/Config/Backend/Image/LogoTest.php
index 9eee246aa04c2..9488db336dc47 100644
--- a/app/code/Magento/Config/Test/Unit/Model/Config/Backend/Image/LogoTest.php
+++ b/app/code/Magento/Config/Test/Unit/Model/Config/Backend/Image/LogoTest.php
@@ -30,11 +30,11 @@ class LogoTest extends \PHPUnit_Framework_TestCase
public function setUp()
{
$helper = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
- $this->uploaderFactoryMock = $this->getMockBuilder('\Magento\MediaStorage\Model\File\UploaderFactory')
+ $this->uploaderFactoryMock = $this->getMockBuilder(\Magento\MediaStorage\Model\File\UploaderFactory::class)
->setMethods(['create'])
->disableOriginalConstructor()
->getMock();
- $this->uploaderMock = $this->getMockBuilder('\Magento\MediaStorage\Model\File\Uploader')
+ $this->uploaderMock = $this->getMockBuilder(\Magento\MediaStorage\Model\File\Uploader::class)
->setMethods(['setAllowedExtensions', 'save'])
->disableOriginalConstructor()
->getMock();
@@ -43,13 +43,13 @@ public function setUp()
->method('create')
->will($this->returnValue($this->uploaderMock));
$this->requestDataMock = $this
- ->getMockBuilder('\Magento\Config\Model\Config\Backend\File\RequestData\RequestDataInterface')
+ ->getMockBuilder(\Magento\Config\Model\Config\Backend\File\RequestData\RequestDataInterface::class)
->setMethods(['getTmpName'])
->getMockForAbstractClass();
- $mediaDirectoryMock = $this->getMockBuilder('\Magento\Framework\Filesystem\Directory\WriteInterface')
+ $mediaDirectoryMock = $this->getMockBuilder(\Magento\Framework\Filesystem\Directory\WriteInterface::class)
->disableOriginalConstructor()
->getMockForAbstractClass();
- $filesystemMock = $this->getMockBuilder('\Magento\Framework\Filesystem')
+ $filesystemMock = $this->getMockBuilder(\Magento\Framework\Filesystem::class)
->disableOriginalConstructor()
->setMethods(['getDirectoryWrite'])
->getMock();
@@ -57,7 +57,7 @@ public function setUp()
->method('getDirectoryWrite')
->will($this->returnValue($mediaDirectoryMock));
$this->model = $helper->getObject(
- 'Magento\Config\Model\Config\Backend\Image\Logo',
+ \Magento\Config\Model\Config\Backend\Image\Logo::class,
[
'uploaderFactory' => $this->uploaderFactoryMock,
'requestData' => $this->requestDataMock,
@@ -73,7 +73,7 @@ public function testBeforeSave()
->will($this->returnValue('/tmp/val'));
$this->uploaderMock->expects($this->once())
->method('setAllowedExtensions')
- ->with($this->equalTo(['jpg', 'jpeg', 'gif', 'png', 'svg']));
+ ->with($this->equalTo(['jpg', 'jpeg', 'gif', 'png']));
$this->model->beforeSave();
}
}
diff --git a/app/code/Magento/Config/composer.json b/app/code/Magento/Config/composer.json
index 555e5c3942e87..64853fbd5572c 100644
--- a/app/code/Magento/Config/composer.json
+++ b/app/code/Magento/Config/composer.json
@@ -12,7 +12,7 @@
"magento/module-media-storage": "100.0.*"
},
"type": "magento2-module",
- "version": "100.0.6",
+ "version": "100.0.7",
"license": [
"OSL-3.0",
"AFL-3.0"
diff --git a/app/code/Magento/ConfigurableProduct/Controller/Adminhtml/Product/AddAttribute.php b/app/code/Magento/ConfigurableProduct/Controller/Adminhtml/Product/AddAttribute.php
index 77aabc52e3e19..fa53550f1f18b 100644
--- a/app/code/Magento/ConfigurableProduct/Controller/Adminhtml/Product/AddAttribute.php
+++ b/app/code/Magento/ConfigurableProduct/Controller/Adminhtml/Product/AddAttribute.php
@@ -10,6 +10,13 @@
class AddAttribute extends Action
{
+ /**
+ * Authorization level of a basic admin session.
+ *
+ * @see _isAllowed()
+ */
+ const ADMIN_RESOURCE = 'Magento_Catalog::products';
+
/**
* @var \Magento\Catalog\Controller\Adminhtml\Product\Builder
*/
@@ -37,7 +44,7 @@ public function execute()
$this->_view->loadLayout('popup');
$this->productBuilder->build($this->getRequest());
$attributeBlock = $this->_view->getLayout()->createBlock(
- 'Magento\ConfigurableProduct\Block\Adminhtml\Product\Attribute\NewAttribute\Product\Created'
+ \Magento\ConfigurableProduct\Block\Adminhtml\Product\Attribute\NewAttribute\Product\Created::class
);
$this->_addContent($attributeBlock);
$this->_view->renderLayout();
diff --git a/app/code/Magento/ConfigurableProduct/Controller/Adminhtml/Product/Associated/Grid.php b/app/code/Magento/ConfigurableProduct/Controller/Adminhtml/Product/Associated/Grid.php
index 772e2ba3de976..dd088e3d7f726 100644
--- a/app/code/Magento/ConfigurableProduct/Controller/Adminhtml/Product/Associated/Grid.php
+++ b/app/code/Magento/ConfigurableProduct/Controller/Adminhtml/Product/Associated/Grid.php
@@ -12,6 +12,13 @@
class Grid extends Action
{
+ /**
+ * Authorization level of a basic admin session.
+ *
+ * @see _isAllowed()
+ */
+ const ADMIN_RESOURCE = 'Magento_Catalog::products';
+
/**
* @var LayoutFactory
*/
@@ -37,6 +44,7 @@ public function execute()
{
/** @var \Magento\Framework\View\Result\Layout $resultPage */
$resultPage = $this->resultPageFactory->create();
+
return $resultPage;
}
}
diff --git a/app/code/Magento/ConfigurableProduct/Controller/Adminhtml/Product/Attribute/CreateOptions.php b/app/code/Magento/ConfigurableProduct/Controller/Adminhtml/Product/Attribute/CreateOptions.php
index 4a76951992be6..88abecd39ff91 100644
--- a/app/code/Magento/ConfigurableProduct/Controller/Adminhtml/Product/Attribute/CreateOptions.php
+++ b/app/code/Magento/ConfigurableProduct/Controller/Adminhtml/Product/Attribute/CreateOptions.php
@@ -12,6 +12,11 @@
class CreateOptions extends Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_Catalog::attributes_attributes';
+
/**
* @var \Magento\Framework\Json\Helper\Data
*/
@@ -37,16 +42,6 @@ public function __construct(
parent::__construct($context);
}
- /**
- * ACL check
- *
- * @return bool
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Catalog::attributes_attributes');
- }
-
/**
* Search for attributes by part of attribute's label in admin store
*
diff --git a/app/code/Magento/ConfigurableProduct/Controller/Adminhtml/Product/Attribute/GetAttributes.php b/app/code/Magento/ConfigurableProduct/Controller/Adminhtml/Product/Attribute/GetAttributes.php
index 91c5d174e9804..11e99dad3d177 100644
--- a/app/code/Magento/ConfigurableProduct/Controller/Adminhtml/Product/Attribute/GetAttributes.php
+++ b/app/code/Magento/ConfigurableProduct/Controller/Adminhtml/Product/Attribute/GetAttributes.php
@@ -11,6 +11,11 @@
class GetAttributes extends Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_Catalog::attributes_attributes';
+
/**
* Store manager
*
@@ -41,16 +46,6 @@ public function __construct(
parent::__construct($context);
}
- /**
- * ACL check
- *
- * @return bool
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Catalog::attributes_attributes');
- }
-
/**
* Get attributes
*
diff --git a/app/code/Magento/ConfigurableProduct/Controller/Adminhtml/Product/Attribute/SuggestConfigurableAttributes.php b/app/code/Magento/ConfigurableProduct/Controller/Adminhtml/Product/Attribute/SuggestConfigurableAttributes.php
index e2f553747b8ee..735f3d0cb3b4a 100644
--- a/app/code/Magento/ConfigurableProduct/Controller/Adminhtml/Product/Attribute/SuggestConfigurableAttributes.php
+++ b/app/code/Magento/ConfigurableProduct/Controller/Adminhtml/Product/Attribute/SuggestConfigurableAttributes.php
@@ -11,6 +11,11 @@
class SuggestConfigurableAttributes extends Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_Catalog::attributes_attributes';
+
/**
* @var \Magento\ConfigurableProduct\Model\SuggestedAttributeList
*/
@@ -46,16 +51,6 @@ public function __construct(
parent::__construct($context);
}
- /**
- * ACL check
- *
- * @return bool
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Catalog::attributes_attributes');
- }
-
/**
* Search for attributes by part of attribute's label in admin store
*
diff --git a/app/code/Magento/ConfigurableProduct/composer.json b/app/code/Magento/ConfigurableProduct/composer.json
index e6aa5d00899a7..fd94aad547b0a 100644
--- a/app/code/Magento/ConfigurableProduct/composer.json
+++ b/app/code/Magento/ConfigurableProduct/composer.json
@@ -23,7 +23,7 @@
"magento/module-product-links-sample-data": "Sample Data version:100.0.*"
},
"type": "magento2-module",
- "version": "100.0.9",
+ "version": "100.0.11",
"license": [
"OSL-3.0",
"AFL-3.0"
diff --git a/app/code/Magento/ConfigurableProduct/view/adminhtml/templates/catalog/product/edit/super/matrix.phtml b/app/code/Magento/ConfigurableProduct/view/adminhtml/templates/catalog/product/edit/super/matrix.phtml
index f946bff4d474e..0e8568a497133 100644
--- a/app/code/Magento/ConfigurableProduct/view/adminhtml/templates/catalog/product/edit/super/matrix.phtml
+++ b/app/code/Magento/ConfigurableProduct/view/adminhtml/templates/catalog/product/edit/super/matrix.phtml
@@ -287,7 +287,7 @@ $currencySymbol = $block->getCurrencySymbol();
"component": "Magento_ConfigurableProduct/js/variations/variations",
"variations": helper('Magento\Framework\Json\Helper\Data')->jsonEncode($productMatrix) ?>,
"productAttributes": helper('Magento\Framework\Json\Helper\Data')->jsonEncode($attributes) ?>,
- "productUrl": "getUrl('catalog/product/edit', ['id' => '%id%']) ?>",
+ "productUrl": "getUrl('catalog/product/edit', ['id' => '%id%', '_escape_params' => false]) ?>",
"currencySymbol": "",
"configurableProductGrid": "configurableProductGrid"
}
diff --git a/app/code/Magento/ConfigurableProduct/view/adminhtml/ui_component/configurable_associated_product_listing.xml b/app/code/Magento/ConfigurableProduct/view/adminhtml/ui_component/configurable_associated_product_listing.xml
index 54e0f13ad6967..18d4bd444d6cf 100644
--- a/app/code/Magento/ConfigurableProduct/view/adminhtml/ui_component/configurable_associated_product_listing.xml
+++ b/app/code/Magento/ConfigurableProduct/view/adminhtml/ui_component/configurable_associated_product_listing.xml
@@ -12,6 +12,7 @@
- configurable_associated_product_listing.data_source
- product_columns
+ - Magento_Catalog::products
diff --git a/app/code/Magento/ConfigurableProduct/view/adminhtml/ui_component/product_attributes_listing.xml b/app/code/Magento/ConfigurableProduct/view/adminhtml/ui_component/product_attributes_listing.xml
index 2e1c895727cbb..f13b61e2398cc 100644
--- a/app/code/Magento/ConfigurableProduct/view/adminhtml/ui_component/product_attributes_listing.xml
+++ b/app/code/Magento/ConfigurableProduct/view/adminhtml/ui_component/product_attributes_listing.xml
@@ -12,6 +12,7 @@
- product_attributes_listing.product_attributes_listing_data_source
- product_attributes_columns
+ - Magento_Catalog::products
diff --git a/app/code/Magento/ConfigurableProduct/view/adminhtml/web/js/configurable-type-handler.js b/app/code/Magento/ConfigurableProduct/view/adminhtml/web/js/configurable-type-handler.js
index 11c83d6a0be05..37d5506a8b2da 100644
--- a/app/code/Magento/ConfigurableProduct/view/adminhtml/web/js/configurable-type-handler.js
+++ b/app/code/Magento/ConfigurableProduct/view/adminhtml/web/js/configurable-type-handler.js
@@ -93,7 +93,6 @@ define([
suggestContainer.removeClass('disabled').removeProp('disabled');
$('#inventory_qty').removeProp('disabled');
$('#inventory_stock_availability').prop('disabled', true);
- this._setElementDisabled($('#quantity_and_stock_status'), true, false);
this._setElementDisabled($('#qty'), false, true);
}
diff --git a/app/code/Magento/ConfigurableProduct/view/adminhtml/web/js/variations/variations.js b/app/code/Magento/ConfigurableProduct/view/adminhtml/web/js/variations/variations.js
index 29503e4be296f..64c1d34fbcd3e 100644
--- a/app/code/Magento/ConfigurableProduct/view/adminhtml/web/js/variations/variations.js
+++ b/app/code/Magento/ConfigurableProduct/view/adminhtml/web/js/variations/variations.js
@@ -68,7 +68,7 @@ define([
*/
initObservable: function () {
var $form = $('[data-form="edit-product"]'),
- formSubmitHandlers = $form.data('events').submit,
+ formSubmitHandlers,
pagingObservables = {
current: ko.getObservable(this.paging, 'current'),
pageSize: ko.getObservable(this.paging, 'pageSize')
@@ -102,7 +102,12 @@ define([
$form.validation('isValid');
}
}.bind(this));
- formSubmitHandlers.splice(0, 0, formSubmitHandlers.pop());
+
+ formSubmitHandlers = $form.data('events').submit || [];
+
+ if (formSubmitHandlers.length > 1) {
+ formSubmitHandlers.unshift(formSubmitHandlers.pop());
+ }
return this;
},
diff --git a/app/code/Magento/CurrencySymbol/Controller/Adminhtml/System/Currency.php b/app/code/Magento/CurrencySymbol/Controller/Adminhtml/System/Currency.php
index f489ffd5f1b3e..c40c03fd1a8da 100644
--- a/app/code/Magento/CurrencySymbol/Controller/Adminhtml/System/Currency.php
+++ b/app/code/Magento/CurrencySymbol/Controller/Adminhtml/System/Currency.php
@@ -13,6 +13,11 @@
abstract class Currency extends \Magento\Backend\App\Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_CurrencySymbol::currency_rates';
+
/**
* Core registry
*
@@ -29,14 +34,4 @@ public function __construct(\Magento\Backend\App\Action\Context $context, \Magen
$this->_coreRegistry = $coreRegistry;
parent::__construct($context);
}
-
- /**
- * Check if allowed
- *
- * @return bool
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_CurrencySymbol::currency_rates');
- }
}
diff --git a/app/code/Magento/CurrencySymbol/Controller/Adminhtml/System/Currencysymbol.php b/app/code/Magento/CurrencySymbol/Controller/Adminhtml/System/Currencysymbol.php
index da1f2e07f1ff2..c9fcf85186ff4 100644
--- a/app/code/Magento/CurrencySymbol/Controller/Adminhtml/System/Currencysymbol.php
+++ b/app/code/Magento/CurrencySymbol/Controller/Adminhtml/System/Currencysymbol.php
@@ -14,12 +14,7 @@
abstract class Currencysymbol extends \Magento\Backend\App\Action
{
/**
- * Check the permission to run it
- *
- * @return bool
+ * {@inheritdoc}
*/
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_CurrencySymbol::symbols');
- }
+ const ADMIN_RESOURCE = 'Magento_CurrencySymbol::symbols';
}
diff --git a/app/code/Magento/CurrencySymbol/composer.json b/app/code/Magento/CurrencySymbol/composer.json
index a9f702700e19a..8535a7eb92ee1 100644
--- a/app/code/Magento/CurrencySymbol/composer.json
+++ b/app/code/Magento/CurrencySymbol/composer.json
@@ -11,7 +11,7 @@
"magento/framework": "100.0.*"
},
"type": "magento2-module",
- "version": "100.0.6",
+ "version": "100.0.7",
"license": [
"OSL-3.0",
"AFL-3.0"
diff --git a/app/code/Magento/CurrencySymbol/view/adminhtml/templates/grid.phtml b/app/code/Magento/CurrencySymbol/view/adminhtml/templates/grid.phtml
index 2de297bbc7eb8..e55b46eb93d25 100644
--- a/app/code/Magento/CurrencySymbol/view/adminhtml/templates/grid.phtml
+++ b/app/code/Magento/CurrencySymbol/view/adminhtml/templates/grid.phtml
@@ -9,7 +9,7 @@
?>
@@ -27,7 +27,7 @@
name="custom_currency_symbol[]">
diff --git a/app/code/Magento/Customer/Block/Account/AuthenticationPopup.php b/app/code/Magento/Customer/Block/Account/AuthenticationPopup.php
index b8fa937e23615..32e14b3bbf77b 100644
--- a/app/code/Magento/Customer/Block/Account/AuthenticationPopup.php
+++ b/app/code/Magento/Customer/Block/Account/AuthenticationPopup.php
@@ -5,6 +5,9 @@
*/
namespace Magento\Customer\Block\Account;
+use Magento\Customer\Model\Form;
+use Magento\Store\Model\ScopeInterface;
+
class AuthenticationPopup extends \Magento\Framework\View\Element\Template
{
/**
@@ -40,12 +43,26 @@ public function getJsLayout()
public function getConfig()
{
return [
- 'customerRegisterUrl' => $this->getCustomerRegisterUrlUrl(),
- 'customerForgotPasswordUrl' => $this->getCustomerForgotPasswordUrl(),
- 'baseUrl' => $this->getBaseUrl()
+ 'autocomplete' => $this->escapeHtml($this->isAutocompleteEnabled()),
+ 'customerRegisterUrl' => $this->escapeUrl($this->getCustomerRegisterUrlUrl()),
+ 'customerForgotPasswordUrl' => $this->escapeUrl($this->getCustomerForgotPasswordUrl()),
+ 'baseUrl' => $this->escapeUrl($this->getBaseUrl()),
];
}
+ /**
+ * Is autocomplete enabled for storefront.
+ *
+ * @return string
+ */
+ private function isAutocompleteEnabled()
+ {
+ return $this->_scopeConfig->getValue(
+ Form::XML_PATH_ENABLE_AUTOCOMPLETE,
+ ScopeInterface::SCOPE_WEBSITE
+ ) ? 'on' : 'off';
+ }
+
/**
* Return base url.
*
diff --git a/app/code/Magento/Customer/Controller/Account/CreatePost.php b/app/code/Magento/Customer/Controller/Account/CreatePost.php
index 3c18a6a5e0e9d..bafd556560ad5 100644
--- a/app/code/Magento/Customer/Controller/Account/CreatePost.php
+++ b/app/code/Magento/Customer/Controller/Account/CreatePost.php
@@ -26,6 +26,7 @@
use Magento\Customer\Model\CustomerExtractor;
use Magento\Framework\Exception\StateException;
use Magento\Framework\Exception\InputException;
+use Magento\Framework\Data\Form\FormKey\Validator;
/**
* @SuppressWarnings(PHPMD.CouplingBetweenObjects)
@@ -87,6 +88,13 @@ class CreatePost extends \Magento\Customer\Controller\AbstractAccount
*/
private $scopeConfig;
+ /**
+ * Form key validator.
+ *
+ * @var Validator
+ */
+ private $formKeyValidator;
+
/**
* @param Context $context
* @param Session $customerSession
@@ -106,6 +114,7 @@ class CreatePost extends \Magento\Customer\Controller\AbstractAccount
* @param CustomerExtractor $customerExtractor
* @param DataObjectHelper $dataObjectHelper
* @param AccountRedirect $accountRedirect
+ * @param Validator $formKeyValidator
*
* @SuppressWarnings(PHPMD.ExcessiveParameterList)
*/
@@ -127,8 +136,11 @@ public function __construct(
Escaper $escaper,
CustomerExtractor $customerExtractor,
DataObjectHelper $dataObjectHelper,
- AccountRedirect $accountRedirect
+ AccountRedirect $accountRedirect,
+ Validator $formKeyValidator = null
) {
+ parent::__construct($context);
+
$this->session = $customerSession;
$this->scopeConfig = $scopeConfig;
$this->storeManager = $storeManager;
@@ -146,7 +158,7 @@ public function __construct(
$this->urlModel = $urlFactory->create();
$this->dataObjectHelper = $dataObjectHelper;
$this->accountRedirect = $accountRedirect;
- parent::__construct($context);
+ $this->formKeyValidator = $formKeyValidator ?: $this->_objectManager->get(Validator::class);
}
/**
@@ -187,7 +199,7 @@ protected function extractAddress()
$this->dataObjectHelper->populateWithArray(
$addressDataObject,
$addressData,
- '\Magento\Customer\Api\Data\AddressInterface'
+ \Magento\Customer\Api\Data\AddressInterface::class
);
$addressDataObject->setRegion($regionDataObject);
@@ -196,13 +208,14 @@ protected function extractAddress()
)->setIsDefaultShipping(
$this->getRequest()->getParam('default_shipping', false)
);
+
return $addressDataObject;
}
/**
* Create customer account action
*
- * @return void
+ * @return \Magento\Framework\App\ResponseInterface
* @SuppressWarnings(PHPMD.CyclomaticComplexity)
* @SuppressWarnings(PHPMD.NPathComplexity)
*/
@@ -212,12 +225,14 @@ public function execute()
$resultRedirect = $this->resultRedirectFactory->create();
if ($this->session->isLoggedIn() || !$this->registration->isAllowed()) {
$resultRedirect->setPath('*/*/');
+
return $resultRedirect;
}
- if (!$this->getRequest()->isPost()) {
+ if (!$this->getRequest()->isPost() || !$this->formKeyValidator->validate($this->getRequest())) {
$url = $this->urlModel->getUrl('*/*/create', ['_secure' => true]);
$resultRedirect->setUrl($this->_redirect->error($url));
+
return $resultRedirect;
}
@@ -268,10 +283,12 @@ public function execute()
if (!$this->scopeConfig->getValue('customer/startup/redirect_dashboard') && $requestedRedirect) {
$resultRedirect->setUrl($this->_redirect->success($requestedRedirect));
$this->accountRedirect->clearRedirectCookie();
+
return $resultRedirect;
}
$resultRedirect = $this->accountRedirect->getRedirect();
}
+
return $resultRedirect;
} catch (StateException $e) {
$url = $this->urlModel->getUrl('customer/account/forgotpassword');
@@ -294,6 +311,7 @@ public function execute()
$this->session->setCustomerFormData($this->getRequest()->getPostValue());
$defaultUrl = $this->urlModel->getUrl('*/*/create', ['_secure' => true]);
$resultRedirect->setUrl($this->_redirect->error($defaultUrl));
+
return $resultRedirect;
}
diff --git a/app/code/Magento/Customer/Controller/Adminhtml/Cart/Product/Composite/Cart.php b/app/code/Magento/Customer/Controller/Adminhtml/Cart/Product/Composite/Cart.php
index 8c76300509605..77bb0ec836045 100644
--- a/app/code/Magento/Customer/Controller/Adminhtml/Cart/Product/Composite/Cart.php
+++ b/app/code/Magento/Customer/Controller/Adminhtml/Cart/Product/Composite/Cart.php
@@ -15,6 +15,11 @@
*/
abstract class Cart extends \Magento\Backend\App\Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_Customer::manage';
+
/**
* Customer we're working with
*
@@ -93,14 +98,4 @@ protected function _initData()
return $this;
}
-
- /**
- * Check the permission to Manage Customers
- *
- * @return bool
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Customer::manage');
- }
}
diff --git a/app/code/Magento/Customer/Controller/Adminhtml/Group.php b/app/code/Magento/Customer/Controller/Adminhtml/Group.php
index 86269dde60499..8c3ee6e8261e5 100644
--- a/app/code/Magento/Customer/Controller/Adminhtml/Group.php
+++ b/app/code/Magento/Customer/Controller/Adminhtml/Group.php
@@ -13,6 +13,11 @@
*/
abstract class Group extends \Magento\Backend\App\Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_Customer::group';
+
/**
* Core registry
*
@@ -65,14 +70,4 @@ public function __construct(
$this->resultForwardFactory = $resultForwardFactory;
$this->resultPageFactory = $resultPageFactory;
}
-
- /**
- * Determine if authorized to perform group actions.
- *
- * @return bool
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Customer::group');
- }
}
diff --git a/app/code/Magento/Customer/Controller/Adminhtml/Index.php b/app/code/Magento/Customer/Controller/Adminhtml/Index.php
index fb2a8389ad6d1..e1035af1ec295 100644
--- a/app/code/Magento/Customer/Controller/Adminhtml/Index.php
+++ b/app/code/Magento/Customer/Controller/Adminhtml/Index.php
@@ -26,6 +26,11 @@
*/
abstract class Index extends \Magento\Backend\App\Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_Customer::manage';
+
/**
* @var \Magento\Framework\Validator
*/
@@ -299,14 +304,4 @@ protected function actUponMultipleCustomers(callable $singleAction, $customerIds
}
return $customersUpdated;
}
-
- /**
- * Customer access rights checking
- *
- * @return bool
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Customer::manage');
- }
}
diff --git a/app/code/Magento/Customer/Controller/Adminhtml/Index/AbstractMassAction.php b/app/code/Magento/Customer/Controller/Adminhtml/Index/AbstractMassAction.php
index 78c2180e2c8af..191d07b4617c7 100644
--- a/app/code/Magento/Customer/Controller/Adminhtml/Index/AbstractMassAction.php
+++ b/app/code/Magento/Customer/Controller/Adminhtml/Index/AbstractMassAction.php
@@ -18,6 +18,11 @@
*/
abstract class AbstractMassAction extends \Magento\Backend\App\Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_Customer::manage';
+
/**
* @var string
*/
@@ -64,16 +69,6 @@ public function execute()
}
}
- /**
- * Check the permission to Manage Customers
- *
- * @return bool
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Customer::manage');
- }
-
/**
* Return component referer url
* TODO: Technical dept referer url should be implement as a part of Action configuration in in appropriate way
diff --git a/app/code/Magento/Customer/Controller/Adminhtml/Index/InlineEdit.php b/app/code/Magento/Customer/Controller/Adminhtml/Index/InlineEdit.php
index 4fb522ae53ae4..acb5c82a8bb99 100644
--- a/app/code/Magento/Customer/Controller/Adminhtml/Index/InlineEdit.php
+++ b/app/code/Magento/Customer/Controller/Adminhtml/Index/InlineEdit.php
@@ -15,6 +15,11 @@
*/
class InlineEdit extends \Magento\Backend\App\Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_Customer::manage';
+
/** @var CustomerInterface */
private $customer;
@@ -250,14 +255,4 @@ protected function getErrorWithCustomerId($errorText)
{
return '[Customer ID: ' . $this->getCustomer()->getId() . '] ' . __($errorText);
}
-
- /**
- * Customer access rights checking
- *
- * @return bool
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Customer::manage');
- }
}
diff --git a/app/code/Magento/Customer/Controller/Adminhtml/Online/Index.php b/app/code/Magento/Customer/Controller/Adminhtml/Online/Index.php
index 6edce38fd0c3a..707e4e4e6e1c0 100644
--- a/app/code/Magento/Customer/Controller/Adminhtml/Online/Index.php
+++ b/app/code/Magento/Customer/Controller/Adminhtml/Online/Index.php
@@ -11,6 +11,11 @@
class Index extends \Magento\Backend\App\Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_Customer::online';
+
/**
* @var PageFactory
*/
@@ -28,16 +33,6 @@ public function __construct(
$this->resultPageFactory = $resultPageFactory;
}
- /**
- * Check the permission to run it
- *
- * @return bool
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Customer::online');
- }
-
/**
* Index action
*
diff --git a/app/code/Magento/Customer/Controller/Adminhtml/System/Config/Validatevat.php b/app/code/Magento/Customer/Controller/Adminhtml/System/Config/Validatevat.php
index 068dba9225cf1..f9ac07b914d2c 100644
--- a/app/code/Magento/Customer/Controller/Adminhtml/System/Config/Validatevat.php
+++ b/app/code/Magento/Customer/Controller/Adminhtml/System/Config/Validatevat.php
@@ -12,6 +12,13 @@
*/
abstract class Validatevat extends \Magento\Backend\App\Action
{
+ /**
+ * Authorization level of a basic admin session.
+ *
+ * @see _isAllowed()
+ */
+ const ADMIN_RESOURCE = 'Magento_Customer::manage';
+
/**
* Perform customer VAT ID validation
*
@@ -19,7 +26,7 @@ abstract class Validatevat extends \Magento\Backend\App\Action
*/
protected function _validate()
{
- return $this->_objectManager->get('Magento\Customer\Model\Vat')
+ return $this->_objectManager->get(\Magento\Customer\Model\Vat::class)
->checkVatNumber(
$this->getRequest()->getParam('country'),
$this->getRequest()->getParam('vat')
diff --git a/app/code/Magento/Customer/Controller/Adminhtml/Wishlist/Product/Composite/Wishlist.php b/app/code/Magento/Customer/Controller/Adminhtml/Wishlist/Product/Composite/Wishlist.php
index f42c0aa085714..b3752e0e8a249 100644
--- a/app/code/Magento/Customer/Controller/Adminhtml/Wishlist/Product/Composite/Wishlist.php
+++ b/app/code/Magento/Customer/Controller/Adminhtml/Wishlist/Product/Composite/Wishlist.php
@@ -12,6 +12,11 @@
*/
abstract class Wishlist extends \Magento\Backend\App\Action
{
+ /**
+ * {@inheritdoc}
+ */
+ const ADMIN_RESOURCE = 'Magento_Customer::manage';
+
/**
* Wishlist we're working with.
*
@@ -53,14 +58,4 @@ protected function _initData()
return $this;
}
-
- /**
- * Check the permission to Manage Customers
- *
- * @return bool
- */
- protected function _isAllowed()
- {
- return $this->_authorization->isAllowed('Magento_Customer::manage');
- }
}
diff --git a/app/code/Magento/Customer/Model/Account/Redirect.php b/app/code/Magento/Customer/Model/Account/Redirect.php
index 9a2ccf3fa21fc..68fcd1dfb154e 100644
--- a/app/code/Magento/Customer/Model/Account/Redirect.php
+++ b/app/code/Magento/Customer/Model/Account/Redirect.php
@@ -8,6 +8,7 @@
use Magento\Customer\Model\Session;
use Magento\Customer\Model\Url as CustomerUrl;
use Magento\Framework\App\RequestInterface;
+use Magento\Framework\Url\HostChecker;
use Magento\Framework\UrlInterface;
use Magento\Store\Model\ScopeInterface;
use Magento\Store\Model\StoreManagerInterface;
@@ -52,6 +53,7 @@ class Redirect
protected $customerUrl;
/**
+ * @deprecated
* @var UrlInterface
*/
protected $url;
@@ -67,6 +69,11 @@ class Redirect
*/
private $cookieManager;
+ /**
+ * @var HostChecker
+ */
+ private $hostChecker;
+
/**
* @param RequestInterface $request
* @param Session $customerSession
@@ -76,6 +83,7 @@ class Redirect
* @param DecoderInterface $urlDecoder
* @param CustomerUrl $customerUrl
* @param RedirectFactory $resultRedirectFactory
+ * @param HostChecker|null $hostChecker
*/
public function __construct(
RequestInterface $request,
@@ -85,7 +93,8 @@ public function __construct(
UrlInterface $url,
DecoderInterface $urlDecoder,
CustomerUrl $customerUrl,
- RedirectFactory $resultRedirectFactory
+ RedirectFactory $resultRedirectFactory,
+ HostChecker $hostChecker = null
) {
$this->request = $request;
$this->session = $customerSession;
@@ -95,6 +104,7 @@ public function __construct(
$this->urlDecoder = $urlDecoder;
$this->customerUrl = $customerUrl;
$this->resultRedirectFactory = $resultRedirectFactory;
+ $this->hostChecker = $hostChecker ?: ObjectManager::getInstance()->get(HostChecker::class);
}
/**
@@ -110,6 +120,7 @@ public function getRedirect()
/** @var ResultRedirect $resultRedirect */
$resultRedirect = $this->resultRedirectFactory->create();
$resultRedirect->setUrl($this->session->getBeforeAuthUrl(true));
+
return $resultRedirect;
}
@@ -188,7 +199,7 @@ protected function processLoggedCustomer()
$referer = $this->request->getParam(CustomerUrl::REFERER_QUERY_PARAM_NAME);
if ($referer) {
$referer = $this->urlDecoder->decode($referer);
- if ($this->url->isOwnOriginUrl()) {
+ if ($this->hostChecker->isOwnOrigin($referer)) {
$this->applyRedirect($referer);
}
}
diff --git a/app/code/Magento/Customer/Model/Customer/DataProvider.php b/app/code/Magento/Customer/Model/Customer/DataProvider.php
index 98ca1174c394e..c7dc08de32086 100644
--- a/app/code/Magento/Customer/Model/Customer/DataProvider.php
+++ b/app/code/Magento/Customer/Model/Customer/DataProvider.php
@@ -23,6 +23,7 @@
/**
* Class DataProvider
+ *
* @SuppressWarnings(PHPMD.CouplingBetweenObjects)
*/
class DataProvider extends \Magento\Ui\DataProvider\AbstractDataProvider
@@ -98,6 +99,17 @@ class DataProvider extends \Magento\Ui\DataProvider\AbstractDataProvider
'file',
];
+ /**
+ * Customer fields that must be removed
+ *
+ * @var array
+ */
+ private $forbiddenCustomerFields = [
+ 'password_hash',
+ 'rp_token',
+ 'confirmation',
+ ];
+
/**
* DataProvider Constructor
*
@@ -159,6 +171,10 @@ public function getData()
$this->overrideFileUploaderData($customer, $result['customer']);
+ $result['customer'] = array_diff_key(
+ $result['customer'],
+ array_flip($this->forbiddenCustomerFields)
+ );
unset($result['address']);
/** @var Address $address */
diff --git a/app/code/Magento/Customer/Model/FileProcessor.php b/app/code/Magento/Customer/Model/FileProcessor.php
index 78542fb79a7a3..2dbbd02985f7d 100644
--- a/app/code/Magento/Customer/Model/FileProcessor.php
+++ b/app/code/Magento/Customer/Model/FileProcessor.php
@@ -196,6 +196,7 @@ public function saveTemporaryFile($fileId)
);
$result = $uploader->save($path);
+ unset($result['path']);
if (!$result) {
throw new LocalizedException(__('File can not be saved to the destination folder.'));
}
diff --git a/app/code/Magento/Customer/Model/Url.php b/app/code/Magento/Customer/Model/Url.php
index 3ddb222d980e1..63a1fe5d063af 100644
--- a/app/code/Magento/Customer/Model/Url.php
+++ b/app/code/Magento/Customer/Model/Url.php
@@ -56,25 +56,43 @@ class Url
*/
protected $urlEncoder;
+ /**
+ * @var \Magento\Framework\Url\DecoderInterface
+ */
+ private $urlDecoder;
+
+ /**
+ * @var \Magento\Framework\Url\HostChecker
+ */
+ private $hostChecker;
+
/**
* @param Session $customerSession
* @param ScopeConfigInterface $scopeConfig
* @param RequestInterface $request
* @param UrlInterface $urlBuilder
* @param EncoderInterface $urlEncoder
+ * @param \Magento\Framework\Url\DecoderInterface|null $urlDecoder
+ * @param \Magento\Framework\Url\HostChecker|null $hostChecker
*/
public function __construct(
Session $customerSession,
ScopeConfigInterface $scopeConfig,
RequestInterface $request,
UrlInterface $urlBuilder,
- EncoderInterface $urlEncoder
+ EncoderInterface $urlEncoder,
+ \Magento\Framework\Url\DecoderInterface $urlDecoder = null,
+ \Magento\Framework\Url\HostChecker $hostChecker = null
) {
$this->request = $request;
$this->urlBuilder = $urlBuilder;
$this->scopeConfig = $scopeConfig;
$this->customerSession = $customerSession;
$this->urlEncoder = $urlEncoder;
+ $this->urlDecoder = $urlDecoder ?: \Magento\Framework\App\ObjectManager::getInstance()
+ ->get(\Magento\Framework\Url\DecoderInterface::class);
+ $this->hostChecker = $hostChecker ?: \Magento\Framework\App\ObjectManager::getInstance()
+ ->get(\Magento\Framework\Url\HostChecker::class);
}
/**
@@ -95,7 +113,7 @@ public function getLoginUrl()
public function getLoginUrlParams()
{
$params = [];
- $referer = $this->request->getParam(self::REFERER_QUERY_PARAM_NAME);
+ $referer = $this->getRequestReferrer();
if (!$referer
&& !$this->scopeConfig->isSetFlag(
self::XML_PATH_CUSTOMER_STARTUP_REDIRECT_TO_DASHBOARD,
@@ -122,11 +140,13 @@ public function getLoginUrlParams()
public function getLoginPostUrl()
{
$params = [];
- if ($this->request->getParam(self::REFERER_QUERY_PARAM_NAME)) {
+ $referer = $this->getRequestReferrer();
+ if ($referer) {
$params = [
- self::REFERER_QUERY_PARAM_NAME => $this->request->getParam(self::REFERER_QUERY_PARAM_NAME),
+ self::REFERER_QUERY_PARAM_NAME => $referer,
];
}
+
return $this->urlBuilder->getUrl('customer/account/loginPost', $params);
}
@@ -220,4 +240,22 @@ public function getEmailConfirmationUrl($email = null)
{
return $this->urlBuilder->getUrl('customer/account/confirmation', ['email' => $email]);
}
+
+ /**
+ * Returns request referrer.
+ *
+ * Will return referrer in case referrer from the same origin.
+ * Otherwise NULL will be returned.
+ *
+ * @return mixed|null
+ */
+ private function getRequestReferrer()
+ {
+ $referer = $this->request->getParam(self::REFERER_QUERY_PARAM_NAME);
+ if ($referer && $this->hostChecker->isOwnOrigin($this->urlDecoder->decode($referer))) {
+ return $referer;
+ }
+
+ return null;
+ }
}
diff --git a/app/code/Magento/Customer/Test/Unit/Model/Account/RedirectTest.php b/app/code/Magento/Customer/Test/Unit/Model/Account/RedirectTest.php
deleted file mode 100644
index 4e91867a3d7bd..0000000000000
--- a/app/code/Magento/Customer/Test/Unit/Model/Account/RedirectTest.php
+++ /dev/null
@@ -1,265 +0,0 @@
-request = $this->getMockForAbstractClass('Magento\Framework\App\RequestInterface');
-
- $this->customerSession = $this->getMockBuilder('Magento\Customer\Model\Session')
- ->disableOriginalConstructor()
- ->setMethods([
- 'getLastCustomerId',
- 'isLoggedIn',
- 'getId',
- 'setLastCustomerId',
- 'unsBeforeAuthUrl',
- 'getBeforeAuthUrl',
- 'setBeforeAuthUrl',
- 'getAfterAuthUrl',
- 'setAfterAuthUrl',
- ])
- ->getMock();
-
- $this->scopeConfig = $this->getMockForAbstractClass('Magento\Framework\App\Config\ScopeConfigInterface');
-
- $this->store = $this->getMockBuilder('Magento\Store\Model\Store')
- ->disableOriginalConstructor()
- ->getMock();
-
- $this->storeManager = $this->getMockForAbstractClass('Magento\Store\Model\StoreManagerInterface');
- $this->storeManager->expects($this->once())
- ->method('getStore')
- ->willReturn($this->store);
-
- $this->url = $this->getMockForAbstractClass('Magento\Framework\UrlInterface');
- $this->urlDecoder = $this->getMockForAbstractClass('Magento\Framework\Url\DecoderInterface');
-
- $this->customerUrl = $this->getMockBuilder('Magento\Customer\Model\Url')
- ->disableOriginalConstructor()
- ->getMock();
-
- $this->resultRedirect = $this->getMockBuilder('Magento\Framework\Controller\Result\Redirect')
- ->disableOriginalConstructor()
- ->getMock();
-
- $this->resultRedirectFactory = $this->getMockBuilder('Magento\Framework\Controller\Result\RedirectFactory')
- ->disableOriginalConstructor()
- ->getMock();
- $this->resultRedirectFactory->expects($this->once())
- ->method('create')
- ->willReturn($this->resultRedirect);
-
- $objectManager = new ObjectManager($this);
- $this->model = $objectManager->getObject(
- 'Magento\Customer\Model\Account\Redirect',
- [
- 'request' => $this->request,
- 'customerSession' => $this->customerSession,
- 'scopeConfig' => $this->scopeConfig,
- 'storeManager' => $this->storeManager,
- 'url' => $this->url,
- 'urlDecoder' => $this->urlDecoder,
- 'customerUrl' => $this->customerUrl,
- 'resultRedirectFactory' => $this->resultRedirectFactory
- ]
- );
- }
-
- /**
- * @dataProvider getRedirectDataProvider
- * @SuppressWarnings(PHPMD.ExcessiveParameterList)
- */
- public function testGetRedirect(
- $customerId,
- $lastCustomerId,
- $referer,
- $baseUrl,
- $beforeAuthUrl,
- $afterAuthUrl,
- $accountUrl,
- $loginUrl,
- $logoutUrl,
- $dashboardUrl,
- $customerLoggedIn,
- $redirectToDashboard
- ) {
- // Preparations for method updateLastCustomerId()
- $this->customerSession->expects($this->once())
- ->method('getLastCustomerId')
- ->willReturn($customerId);
- $this->customerSession->expects($this->any())
- ->method('isLoggedIn')
- ->willReturn($customerLoggedIn);
- $this->customerSession->expects($this->any())
- ->method('getId')
- ->willReturn($lastCustomerId);
- $this->customerSession->expects($this->any())
- ->method('unsBeforeAuthUrl')
- ->willReturnSelf();
- $this->customerSession->expects($this->any())
- ->method('setLastCustomerId')
- ->with($lastCustomerId)
- ->willReturnSelf();
-
- // Preparations for method prepareRedirectUrl()
- $this->store->expects($this->once())
- ->method('getBaseUrl')
- ->willReturn($baseUrl);
-
- $this->customerSession->expects($this->any())
- ->method('getBeforeAuthUrl')
- ->willReturn($beforeAuthUrl);
- $this->customerSession->expects($this->any())
- ->method('setBeforeAuthUrl')
- ->willReturnSelf();
- $this->customerSession->expects($this->any())
- ->method('getAfterAuthUrl')
- ->willReturn($afterAuthUrl);
- $this->customerSession->expects($this->any())
- ->method('setAfterAuthUrl')
- ->with($beforeAuthUrl)
- ->willReturnSelf();
-
- $this->customerUrl->expects($this->any())
- ->method('getAccountUrl')
- ->willReturn($accountUrl);
- $this->customerUrl->expects($this->any())
- ->method('getLoginUrl')
- ->willReturn($loginUrl);
- $this->customerUrl->expects($this->any())
- ->method('getLogoutUrl')
- ->willReturn($logoutUrl);
- $this->customerUrl->expects($this->any())
- ->method('DashboardUrl')
- ->willReturn($dashboardUrl);
-
- $this->scopeConfig->expects($this->any())
- ->method('isSetFlag')
- ->with(CustomerUrl::XML_PATH_CUSTOMER_STARTUP_REDIRECT_TO_DASHBOARD, ScopeInterface::SCOPE_STORE)
- ->willReturn($redirectToDashboard);
-
- $this->request->expects($this->any())
- ->method('getParam')
- ->with(CustomerUrl::REFERER_QUERY_PARAM_NAME)
- ->willReturn($referer);
-
- $this->urlDecoder->expects($this->any())
- ->method('decode')
- ->with($referer)
- ->willReturn($referer);
-
- $this->url->expects($this->any())
- ->method('isOwnOriginUrl')
- ->willReturn(true);
-
- $this->resultRedirect->expects($this->once())
- ->method('setUrl')
- ->willReturnSelf();
-
- $this->model->getRedirect();
- }
-
- /**
- * @return array
- */
- public function getRedirectDataProvider()
- {
- /**
- * Customer ID
- * Last customer ID
- * Referer
- * Base URL
- * BeforeAuth URL
- * AfterAuth URL
- * Account URL
- * Login URL
- * Logout URL
- * Dashboard URL
- * Is customer logged in flag
- * Redirect to Dashboard flag
- */
- return [
- // Loggend In, Redirect by Referer
- [1, 2, 'referer', 'base', '', '', 'account', '', '', '', true, false],
- // Loggend In, Redirect by AfterAuthUrl
- [1, 2, 'referer', 'base', '', 'defined', 'account', '', '', '', true, true],
- // Not logged In, Redirect by LoginUrl
- [1, 2, 'referer', 'base', '', '', 'account', 'login', '', '', false, true],
- // Logout, Redirect to Dashboard
- [1, 2, 'referer', 'base', 'logout', '', 'account', 'login', 'logout', 'dashboard', false, true],
- // Default redirect
- [1, 2, 'referer', 'base', 'defined', '', 'account', 'login', 'logout', 'dashboard', true, true],
- ];
- }
-}
diff --git a/app/code/Magento/Customer/Test/Unit/Model/Customer/DataProviderTest.php b/app/code/Magento/Customer/Test/Unit/Model/Customer/DataProviderTest.php
index f38c4e385e4ce..8f465e8617922 100644
--- a/app/code/Magento/Customer/Test/Unit/Model/Customer/DataProviderTest.php
+++ b/app/code/Magento/Customer/Test/Unit/Model/Customer/DataProviderTest.php
@@ -17,7 +17,7 @@
/**
* Class DataProviderTest
*
- * Test for class \Magento\Customer\Model\Customer\DataProvider
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
*/
class DataProviderTest extends \PHPUnit_Framework_TestCase
{
@@ -56,26 +56,26 @@ class DataProviderTest extends \PHPUnit_Framework_TestCase
*/
protected function setUp()
{
- $this->eavConfigMock = $this->getMockBuilder('Magento\Eav\Model\Config')
+ $this->eavConfigMock = $this->getMockBuilder(\Magento\Eav\Model\Config::class)
->disableOriginalConstructor()
->getMock();
$this->customerCollectionFactoryMock = $this->getMock(
- 'Magento\Customer\Model\ResourceModel\Customer\CollectionFactory',
+ \Magento\Customer\Model\ResourceModel\Customer\CollectionFactory::class,
['create'],
[],
'',
false
);
$this->eavValidationRulesMock = $this
- ->getMockBuilder('Magento\Ui\DataProvider\EavValidationRules')
+ ->getMockBuilder(\Magento\Ui\DataProvider\EavValidationRules::class)
->disableOriginalConstructor()
->getMock();
- $this->fileProcessor = $this->getMockBuilder('Magento\Customer\Model\FileProcessor')
+ $this->fileProcessor = $this->getMockBuilder(\Magento\Customer\Model\FileProcessor::class)
->disableOriginalConstructor()
->getMock();
- $this->fileProcessorFactory = $this->getMockBuilder('Magento\Customer\Model\FileProcessorFactory')
+ $this->fileProcessorFactory = $this->getMockBuilder(\Magento\Customer\Model\FileProcessorFactory::class)
->disableOriginalConstructor()
->setMethods(['create'])
->getMock();
@@ -159,7 +159,7 @@ public function getAttributesMetaDataProvider()
*/
protected function getCustomerCollectionFactoryMock()
{
- $collectionMock = $this->getMockBuilder('Magento\Customer\Model\ResourceModel\Customer\Collection')
+ $collectionMock = $this->getMockBuilder(\Magento\Customer\Model\ResourceModel\Customer\Collection::class)
->disableOriginalConstructor()
->getMock();
@@ -196,7 +196,7 @@ protected function getEavConfigMock()
*/
protected function getTypeCustomerMock()
{
- $typeCustomerMock = $this->getMockBuilder('Magento\Eav\Model\Entity\Type')
+ $typeCustomerMock = $this->getMockBuilder(\Magento\Eav\Model\Entity\Type::class)
->disableOriginalConstructor()
->getMock();
@@ -212,7 +212,7 @@ protected function getTypeCustomerMock()
*/
protected function getTypeAddressMock()
{
- $typeAddressMock = $this->getMockBuilder('Magento\Eav\Model\Entity\Type')
+ $typeAddressMock = $this->getMockBuilder(\Magento\Eav\Model\Entity\Type::class)
->disableOriginalConstructor()
->getMock();
@@ -228,11 +228,11 @@ protected function getTypeAddressMock()
*/
protected function getAttributeMock()
{
- $attributeMock = $this->getMockBuilder('Magento\Eav\Model\Entity\Attribute\AbstractAttribute')
+ $attributeMock = $this->getMockBuilder(\Magento\Eav\Model\Entity\Attribute\AbstractAttribute::class)
->setMethods(['getAttributeCode', 'getDataUsingMethod', 'usesSource', 'getSource'])
->disableOriginalConstructor()
->getMockForAbstractClass();
- $sourceMock = $this->getMockBuilder('Magento\Eav\Model\Entity\Attribute\Source\AbstractSource')
+ $sourceMock = $this->getMockBuilder(\Magento\Eav\Model\Entity\Attribute\Source\AbstractSource::class)
->disableOriginalConstructor()
->getMockForAbstractClass();
@@ -267,13 +267,48 @@ function ($origName) {
public function testGetData()
{
- $customer = $this->getMockBuilder('Magento\Customer\Model\Customer')
+ $customerId = 1;
+ $addressId = 2;
+ $customerData = [
+ 'email' => 'test@test.ua',
+ 'default_billing' => $addressId,
+ 'default_shipping' => $addressId,
+ 'password_hash' => 'password_hash',
+ 'rp_token' => 'rp_token',
+ 'confirmation' => 'confirmation',
+ ];
+ $customerDataFiltered = [
+ 'email' => 'test@test.ua',
+ 'default_billing' => $addressId,
+ 'default_shipping' => $addressId
+ ];
+ $addressData = [
+ 'firstname' => 'firstname',
+ 'lastname' => 'lastname',
+ 'street' => "street\nstreet",
+ ];
+ $expectedAddressData = [
+ $addressId => [
+ 'firstname' => 'firstname',
+ 'lastname' => 'lastname',
+ 'street' => [
+ 'street',
+ 'street',
+ ],
+ 'default_billing' => $addressId,
+ 'default_shipping' => $addressId,
+ ]
+ ];
+ $customer = $this->getMockBuilder(\Magento\Customer\Model\Customer::class)
+ ->disableOriginalConstructor()
+ ->getMock();
+ $customer = $this->getMockBuilder(\Magento\Customer\Model\Customer::class)
->disableOriginalConstructor()
->getMock();
- $address = $this->getMockBuilder('Magento\Customer\Model\Address')
+ $address = $this->getMockBuilder(\Magento\Customer\Model\Address::class)
->disableOriginalConstructor()
->getMock();
- $collectionMock = $this->getMockBuilder('Magento\Customer\Model\ResourceModel\Customer\Collection')
+ $collectionMock = $this->getMockBuilder(\Magento\Customer\Model\ResourceModel\Customer\Collection::class)
->disableOriginalConstructor()
->getMock();
@@ -290,24 +325,23 @@ public function testGetData()
->willReturn([$customer]);
$customer->expects($this->once())
->method('getData')
- ->willReturn([
- 'email' => 'test@test.ua',
- 'default_billing' => 2,
- 'default_shipping' => 2,
- ]);
+ ->willReturn($customerData);
$customer->expects($this->once())
->method('getAddresses')
->willReturn([$address]);
$customer->expects($this->once())
->method('getAttributes')
->willReturn([]);
+ $customer->expects($this->once())
+ ->method('getId')
+ ->willReturn($customerId);
$address->expects($this->atLeastOnce())
->method('getId')
- ->willReturn(2);
+ ->willReturn($addressId);
$address->expects($this->once())
->method('load')
- ->with(2)
+ ->with($addressId)
->willReturnSelf();
$address->expects($this->once())
->method('getData')
@@ -330,29 +364,18 @@ public function testGetData()
$this->fileProcessorFactory
);
+ $result = $dataProvider->getData();
+ $this->assertArrayHasKey($customerId, $result);
+ $this->assertArrayHasKey('customer', $result[$customerId]);
+ $this->assertArrayHasKey('address', $result[$customerId]);
+ // assert that filtered fields are removed from the customer
$this->assertEquals(
- [
- '' => [
- 'customer' => [
- 'email' => 'test@test.ua',
- 'default_billing' => 2,
- 'default_shipping' => 2,
- ],
- 'address' => [
- 2 => [
- 'firstname' => 'firstname',
- 'lastname' => 'lastname',
- 'street' => [
- 'street',
- 'street',
- ],
- 'default_billing' => 2,
- 'default_shipping' => 2,
- ]
- ]
- ]
- ],
- $dataProvider->getData()
+ $customerDataFiltered,
+ $result[$customerId]['customer']
+ );
+ $this->assertEquals(
+ $expectedAddressData,
+ $result[$customerId]['address']
);
}
@@ -378,7 +401,7 @@ public function testGetDataWithCustomAttributeImage()
],
];
- $attributeMock = $this->getMockBuilder('Magento\Customer\Model\Attribute')
+ $attributeMock = $this->getMockBuilder(\Magento\Customer\Model\Attribute::class)
->disableOriginalConstructor()
->getMock();
$attributeMock->expects($this->any())
@@ -388,14 +411,14 @@ public function testGetDataWithCustomAttributeImage()
->method('getAttributeCode')
->willReturn('img1');
- $entityTypeMock = $this->getMockBuilder('Magento\Eav\Model\Entity\Type')
+ $entityTypeMock = $this->getMockBuilder(\Magento\Eav\Model\Entity\Type::class)
->disableOriginalConstructor()
->getMock();
$entityTypeMock->expects($this->once())
->method('getEntityTypeCode')
->willReturn(CustomerMetadataInterface::ENTITY_TYPE_CUSTOMER);
- $customerMock = $this->getMockBuilder('Magento\Customer\Model\Customer')
+ $customerMock = $this->getMockBuilder(\Magento\Customer\Model\Customer::class)
->disableOriginalConstructor()
->getMock();
$customerMock->expects($this->once())
@@ -417,7 +440,7 @@ public function testGetDataWithCustomAttributeImage()
->method('getEntityType')
->willReturn($entityTypeMock);
- $collectionMock = $this->getMockBuilder('Magento\Customer\Model\ResourceModel\Customer\Collection')
+ $collectionMock = $this->getMockBuilder(\Magento\Customer\Model\ResourceModel\Customer\Collection::class)
->disableOriginalConstructor()
->getMock();
$collectionMock->expects($this->once())
@@ -468,7 +491,7 @@ public function testGetDataWithCustomAttributeImageNoData()
],
];
- $attributeMock = $this->getMockBuilder('Magento\Customer\Model\Attribute')
+ $attributeMock = $this->getMockBuilder(\Magento\Customer\Model\Attribute::class)
->disableOriginalConstructor()
->getMock();
$attributeMock->expects($this->once())
@@ -478,11 +501,11 @@ public function testGetDataWithCustomAttributeImageNoData()
->method('getAttributeCode')
->willReturn('img1');
- $entityTypeMock = $this->getMockBuilder('Magento\Eav\Model\Entity\Type')
+ $entityTypeMock = $this->getMockBuilder(\Magento\Eav\Model\Entity\Type::class)
->disableOriginalConstructor()
->getMock();
- $customerMock = $this->getMockBuilder('Magento\Customer\Model\Customer')
+ $customerMock = $this->getMockBuilder(\Magento\Customer\Model\Customer::class)
->disableOriginalConstructor()
->getMock();
$customerMock->expects($this->once())
@@ -503,7 +526,7 @@ public function testGetDataWithCustomAttributeImageNoData()
->method('getEntityType')
->willReturn($entityTypeMock);
- $collectionMock = $this->getMockBuilder('Magento\Customer\Model\ResourceModel\Customer\Collection')
+ $collectionMock = $this->getMockBuilder(\Magento\Customer\Model\ResourceModel\Customer\Collection::class)
->disableOriginalConstructor()
->getMock();
$collectionMock->expects($this->once())
@@ -516,7 +539,7 @@ public function testGetDataWithCustomAttributeImageNoData()
$objectManager = new ObjectManager($this);
$dataProvider = $objectManager->getObject(
- '\Magento\Customer\Model\Customer\DataProvider',
+ \Magento\Customer\Model\Customer\DataProvider::class,
[
'name' => 'test-name',
'primaryFieldName' => 'primary-field-name',
@@ -538,7 +561,7 @@ public function testGetAttributesMetaWithCustomAttributeImage()
$allowedExtension = 'ext1 ext2';
$attributeCode = 'img1';
- $collectionMock = $this->getMockBuilder('Magento\Customer\Model\ResourceModel\Customer\Collection')
+ $collectionMock = $this->getMockBuilder(\Magento\Customer\Model\ResourceModel\Customer\Collection::class)
->disableOriginalConstructor()
->getMock();
$collectionMock->expects($this->once())
@@ -549,7 +572,7 @@ public function testGetAttributesMetaWithCustomAttributeImage()
->method('create')
->willReturn($collectionMock);
- $attributeMock = $this->getMockBuilder('Magento\Eav\Model\Entity\Attribute\AbstractAttribute')
+ $attributeMock = $this->getMockBuilder(\Magento\Eav\Model\Entity\Attribute\AbstractAttribute::class)
->setMethods([
'getAttributeCode',
'getFrontendInput',
@@ -571,7 +594,7 @@ function ($origName) {
}
);
- $typeCustomerMock = $this->getMockBuilder('Magento\Eav\Model\Entity\Type')
+ $typeCustomerMock = $this->getMockBuilder(\Magento\Eav\Model\Entity\Type::class)
->disableOriginalConstructor()
->getMock();
$typeCustomerMock->expects($this->once())
@@ -581,7 +604,7 @@ function ($origName) {
->method('getEntityTypeCode')
->willReturn(CustomerMetadataInterface::ENTITY_TYPE_CUSTOMER);
- $typeAddressMock = $this->getMockBuilder('Magento\Eav\Model\Entity\Type')
+ $typeAddressMock = $this->getMockBuilder(\Magento\Eav\Model\Entity\Type::class)
->disableOriginalConstructor()
->getMock();
$typeAddressMock->expects($this->once())
diff --git a/app/code/Magento/Customer/Test/Unit/Model/FileProcessorTest.php b/app/code/Magento/Customer/Test/Unit/Model/FileProcessorTest.php
index 5dd73254554d6..d3de65ecb6104 100644
--- a/app/code/Magento/Customer/Test/Unit/Model/FileProcessorTest.php
+++ b/app/code/Magento/Customer/Test/Unit/Model/FileProcessorTest.php
@@ -44,10 +44,10 @@ class FileProcessorTest extends \PHPUnit_Framework_TestCase
protected function setUp()
{
- $this->mediaDirectory = $this->getMockBuilder('Magento\Framework\Filesystem\Directory\WriteInterface')
+ $this->mediaDirectory = $this->getMockBuilder(\Magento\Framework\Filesystem\Directory\WriteInterface::class)
->getMockForAbstractClass();
- $this->filesystem = $this->getMockBuilder('Magento\Framework\Filesystem')
+ $this->filesystem = $this->getMockBuilder(\Magento\Framework\Filesystem::class)
->disableOriginalConstructor()
->getMock();
$this->filesystem->expects($this->any())
@@ -55,15 +55,15 @@ protected function setUp()
->with(DirectoryList::MEDIA)
->willReturn($this->mediaDirectory);
- $this->uploaderFactory = $this->getMockBuilder('Magento\MediaStorage\Model\File\UploaderFactory')
+ $this->uploaderFactory = $this->getMockBuilder(\Magento\MediaStorage\Model\File\UploaderFactory::class)
->setMethods(['create'])
->disableOriginalConstructor()
->getMock();
- $this->urlBuilder = $this->getMockBuilder('Magento\Framework\UrlInterface')
+ $this->urlBuilder = $this->getMockBuilder(\Magento\Framework\UrlInterface::class)
->getMockForAbstractClass();
- $this->urlEncoder = $this->getMockBuilder('Magento\Framework\Url\EncoderInterface')
+ $this->urlEncoder = $this->getMockBuilder(\Magento\Framework\Url\EncoderInterface::class)
->getMockForAbstractClass();
$this->mime = $this->getMockBuilder(\Magento\Framework\File\Mime::class)
@@ -188,10 +188,13 @@ public function testSaveTemporaryFile()
$expectedResult = [
'file' => 'filename.ext1',
- 'path' => 'filepath',
+ ];
+ $resultWithPath = [
+ 'file' => 'filename.ext1',
+ 'path' => 'filepath'
];
- $uploaderMock = $this->getMockBuilder('Magento\MediaStorage\Model\File\Uploader')
+ $uploaderMock = $this->getMockBuilder(\Magento\MediaStorage\Model\File\Uploader::class)
->disableOriginalConstructor()
->getMock();
$uploaderMock->expects($this->once())
@@ -213,7 +216,7 @@ public function testSaveTemporaryFile()
$uploaderMock->expects($this->once())
->method('save')
->with($absolutePath)
- ->willReturn($expectedResult);
+ ->willReturn($resultWithPath);
$this->uploaderFactory->expects($this->once())
->method('create')
@@ -246,7 +249,7 @@ public function testSaveTemporaryFileWithError()
$absolutePath = '/absolute/filepath';
- $uploaderMock = $this->getMockBuilder('Magento\MediaStorage\Model\File\Uploader')
+ $uploaderMock = $this->getMockBuilder(\Magento\MediaStorage\Model\File\Uploader::class)
->disableOriginalConstructor()
->getMock();
$uploaderMock->expects($this->once())
diff --git a/app/code/Magento/Customer/composer.json b/app/code/Magento/Customer/composer.json
index 3144d0340848b..b64b55b541856 100644
--- a/app/code/Magento/Customer/composer.json
+++ b/app/code/Magento/Customer/composer.json
@@ -29,7 +29,7 @@
"magento/module-customer-sample-data": "Sample Data version:100.0.*"
},
"type": "magento2-module",
- "version": "100.0.11",
+ "version": "100.0.13",
"license": [
"OSL-3.0",
"AFL-3.0"
diff --git a/app/code/Magento/Customer/view/adminhtml/templates/sales/order/create/address/form/renderer/vat.phtml b/app/code/Magento/Customer/view/adminhtml/templates/sales/order/create/address/form/renderer/vat.phtml
index ddf64a2fa60e6..fb7f8aa806891 100644
--- a/app/code/Magento/Customer/view/adminhtml/templates/sales/order/create/address/form/renderer/vat.phtml
+++ b/app/code/Magento/Customer/view/adminhtml/templates/sales/order/create/address/form/renderer/vat.phtml
@@ -6,8 +6,8 @@
// @codingStandardsIgnoreFile
-?>
-getElement();
$_note = $_element->getNote();
$_class = $_element->getFieldsetHtmlClass();
@@ -23,7 +23,7 @@ $_validateButton = $block->getValidateButton();
getElementHtml(); ?>
" id="note_getId(); ?>">
-
+ escapeHtml($_note); ?>
diff --git a/app/code/Magento/Customer/view/adminhtml/templates/system/config/validatevat.phtml b/app/code/Magento/Customer/view/adminhtml/templates/system/config/validatevat.phtml
index 03b8a7ea738a4..011c1a05c464f 100644
--- a/app/code/Magento/Customer/view/adminhtml/templates/system/config/validatevat.phtml
+++ b/app/code/Magento/Customer/view/adminhtml/templates/system/config/validatevat.phtml
@@ -9,7 +9,7 @@
?>
diff --git a/app/code/Magento/Customer/view/frontend/templates/account/customer.phtml b/app/code/Magento/Customer/view/frontend/templates/account/customer.phtml
index 54230d18a40c9..6052e2b8bac5f 100644
--- a/app/code/Magento/Customer/view/frontend/templates/account/customer.phtml
+++ b/app/code/Magento/Customer/view/frontend/templates/account/customer.phtml
@@ -5,7 +5,7 @@
*/
// @codingStandardsIgnoreFile
-
+/** @var Magento\Customer\Block\Account\Customer $block */
?>
customerLoggedIn()): ?>
@@ -21,7 +21,7 @@
class="action switch"
tabindex="-1"
data-action="customer-menu-toggle">
-
+ escapeHtml(__('Change')) ?>
diff --git a/app/code/Magento/Customer/view/frontend/templates/newcustomer.phtml b/app/code/Magento/Customer/view/frontend/templates/newcustomer.phtml
index 0bdef626b3df7..0ea7562583734 100644
--- a/app/code/Magento/Customer/view/frontend/templates/newcustomer.phtml
+++ b/app/code/Magento/Customer/view/frontend/templates/newcustomer.phtml
@@ -11,19 +11,19 @@
/**
* New Customer block template
*
- * @var $block \Magento\Customer\Block\Form\Login\Info
+ * @var \Magento\Customer\Block\Form\Login\Info $block
*/
?>
getRegistration()->isAllowed()): ?>
-
+ escapeHtml(__('New Customers')) ?>
-
+ escapeHtml(__('Creating an account has many benefits: check out faster, keep more than one address, track orders and more.')) ?>
diff --git a/app/code/Magento/Customer/view/frontend/templates/widget/dob.phtml b/app/code/Magento/Customer/view/frontend/templates/widget/dob.phtml
index 4ca581415c4a7..e7a3f03272ca2 100644
--- a/app/code/Magento/Customer/view/frontend/templates/widget/dob.phtml
+++ b/app/code/Magento/Customer/view/frontend/templates/widget/dob.phtml
@@ -11,17 +11,21 @@ USAGE:
Simple:
-getLayout()->createBlock('Magento\Customer\Block\Widget\Dob')
- ->setDate($block->getCustomer()->getDob())
- ->toHtml() ?>
+getLayout()->createBlock('Magento\Customer\Block\Widget\Dob')
+ ->setDate($block->getCustomer()->getDob())
+ ->toHtml()
+?>
For checkout/onepage/billing.phtml:
-getLayout()->createBlock('Magento\Customer\Block\Widget\Dob')
+getLayout()->createBlock('Magento\Customer\Block\Widget\Dob')
->setDate($block->getCustomer()->getDob())
->setFieldIdFormat('billing:%s')
->setFieldNameFormat('billing[%s]')
- ->toHtml() ?>
+ ->toHtml()
+?>
NOTE: Regarding styles - if we leave it this way, we'll move it to boxes.css
Alternatively we could calculate widths automatically using block input parameters.
@@ -35,12 +39,12 @@ NOTE: Regarding styles - if we leave it this way, we'll move it to boxes.css
$fieldCssClass = 'field date field-' . $block->getHtmlId();
$fieldCssClass .= $block->isRequired() ? ' required' : '';
?>
-
-
+
+
getFieldHtml(); ?>
getAdditionalDescription()) : ?>
-
+ escapeHtml($_message); ?>
diff --git a/app/code/Magento/Customer/view/frontend/templates/widget/gender.phtml b/app/code/Magento/Customer/view/frontend/templates/widget/gender.phtml
index fedb604bcfd4f..dee20246f5fef 100644
--- a/app/code/Magento/Customer/view/frontend/templates/widget/gender.phtml
+++ b/app/code/Magento/Customer/view/frontend/templates/widget/gender.phtml
@@ -6,15 +6,16 @@
// @codingStandardsIgnoreFile
+/** @var \Magento\Customer\Block\Widget\Gender $block */
?>
-
+
-
diff --git a/app/code/Magento/Customer/view/frontend/templates/widget/name.phtml b/app/code/Magento/Customer/view/frontend/templates/widget/name.phtml
index ed9283723e3b8..44bf777df59a3 100644
--- a/app/code/Magento/Customer/view/frontend/templates/widget/name.phtml
+++ b/app/code/Magento/Customer/view/frontend/templates/widget/name.phtml
@@ -11,29 +11,33 @@ USAGE:
Simple:
-getLayout()->createBlock('Magento\Customer\Block\Widget\Name')
- ->setObject($block->getAddress())
- ->toHtml() ?>
+getLayout()->createBlock('Magento\Customer\Block\Widget\Name')
+ ->setObject($block->getAddress())
+ ->toHtml()
+?>
For checkout/onepage/shipping.phtml:
-getLayout()->createBlock('Magento\Customer\Block\Widget\Name')
- ->setObject($block->getAddress())
- ->setFieldIdFormat('shipping:%s')
- ->setFieldNameFormat('shipping[%s]')
- ->setFieldParams('onchange="shipping.setSameAsBilling(false);"')
- ->toHtml() ?>
+getLayout()->createBlock('Magento\Customer\Block\Widget\Name')
+ ->setObject($block->getAddress())
+ ->setFieldIdFormat('shipping:%s')
+ ->setFieldNameFormat('shipping[%s]')
+ ->setFieldParams('onchange="shipping.setSameAsBilling(false);"')
+ ->toHtml()
+?>
*/
-/* @var $block \Magento\Customer\Block\Widget\Name */
+/* @var \Magento\Customer\Block\Widget\Name $block */
$prefix = $block->showPrefix();
$middle = $block->showMiddlename();
$suffix = $block->showSuffix();
?>
getNoWrap()): ?>
-
- |