From 68cb9ecd7bc30e8d973cb600c9c6e193fb9adde4 Mon Sep 17 00:00:00 2001
From: Tomasz Gregorczyk <tom@leftcurlybracket.com>
Date: Sun, 21 May 2023 13:04:23 +0200
Subject: [PATCH] Fix admin ACL mismatch for OAuth (#3272) (#3274)

Co-authored-by: Ng Kiat Siong <kiatsiong.ng@gmail.com>
Co-authored-by: Fabrizio Balliano <fabrizio.balliano@gmail.com>
---
 .all-contributorsrc                           | 11 +++++-
 .../Adminhtml/Oauth/Admin/TokenController.php |  2 +-
 .../Oauth/AuthorizedTokensController.php      |  2 +-
 .../Adminhtml/Oauth/ConsumerController.php    |  2 +-
 .../oauth_setup/upgrade-1.0.0.0-1.0.0.1.php   | 35 +++++++++++++++++++
 app/code/core/Mage/Oauth/etc/adminhtml.xml    |  8 ++---
 app/code/core/Mage/Oauth/etc/config.xml       |  2 +-
 7 files changed, 53 insertions(+), 9 deletions(-)
 create mode 100644 app/code/core/Mage/Oauth/data/oauth_setup/upgrade-1.0.0.0-1.0.0.1.php

diff --git a/.all-contributorsrc b/.all-contributorsrc
index 3d7e60208a1..16a3a91a860 100644
--- a/.all-contributorsrc
+++ b/.all-contributorsrc
@@ -1391,7 +1391,16 @@
       "contributions": [
         "code"
       ]
-    }
+    },
+    {
+      "login": "Tomasz-Silpion",
+      "name": "Tomasz Gregorczyk",
+      "avatar_url": "https://avatars.githubusercontent.com/u/5328659?v=4",
+      "profile": "https://github.com/Tomasz-Silpion",
+      "contributions": [
+        "code"
+      ]
+    },
   ],
   "contributorsPerLine": 7
 }
diff --git a/app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/Admin/TokenController.php b/app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/Admin/TokenController.php
index 6914471f929..1e51d84dbb9 100644
--- a/app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/Admin/TokenController.php
+++ b/app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/Admin/TokenController.php
@@ -155,6 +155,6 @@ protected function _isAllowed()
     {
         /** @var Mage_Admin_Model_Session $session */
         $session = Mage::getSingleton('admin/session');
-        return $session->isAllowed('system/acl/admin_token');
+        return $session->isAllowed('system/api/oauth_admin_token');
     }
 }
diff --git a/app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizedTokensController.php b/app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizedTokensController.php
index 55b0e372bc9..d6a1b9e84c6 100644
--- a/app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizedTokensController.php
+++ b/app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizedTokensController.php
@@ -149,7 +149,7 @@ protected function _isAllowed()
     {
         /** @var Mage_Admin_Model_Session $session */
         $session = Mage::getSingleton('admin/session');
-        return $session->isAllowed('system/oauth/authorizedTokens');
+        return $session->isAllowed('system/api/oauth_authorized_tokens');
     }
 
     /**
diff --git a/app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/ConsumerController.php b/app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/ConsumerController.php
index fbf8056771d..bc25301639d 100644
--- a/app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/ConsumerController.php
+++ b/app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/ConsumerController.php
@@ -240,7 +240,7 @@ protected function _isAllowed()
         }
         /** @var Mage_Admin_Model_Session $session */
         $session = Mage::getSingleton('admin/session');
-        return $session->isAllowed('system/oauth/consumer' . $action);
+        return $session->isAllowed('system/api/oauth_consumer' . $action);
     }
 
     /**
diff --git a/app/code/core/Mage/Oauth/data/oauth_setup/upgrade-1.0.0.0-1.0.0.1.php b/app/code/core/Mage/Oauth/data/oauth_setup/upgrade-1.0.0.0-1.0.0.1.php
new file mode 100644
index 00000000000..fd764978c23
--- /dev/null
+++ b/app/code/core/Mage/Oauth/data/oauth_setup/upgrade-1.0.0.0-1.0.0.1.php
@@ -0,0 +1,35 @@
+<?php
+/**
+ * OpenMage
+ *
+ * This source file is subject to the Open Software License (OSL 3.0)
+ * that is bundled with this package in the file LICENSE.txt.
+ * It is also available at https://opensource.org/license/osl-3-0-php
+ *
+ * @category   Mage
+ * @package    Mage_Admin
+ * @copyright  Copyright (c) 2023 The OpenMage Contributors (https://www.openmage.org)
+ * @license    https://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
+ */
+
+/** @var Mage_Core_Model_Resource_Setup $installer */
+$installer = $this;
+$installer->startSetup();
+
+$table = $installer->getTable('admin/rule');
+$resourceIds = [
+    'admin/system/api/consumer' => 'admin/system/api/oauth_consumer',
+    'admin/system/api/consumer/delete' => 'admin/system/api/oauth_consumer/delete',
+    'admin/system/api/consumer/edit' => 'admin/system/api/oauth_consumer/edit',
+    'admin/system/api/authorizedTokens' => 'admin/system/api/oauth_authorized_tokens'
+];
+
+foreach ($resourceIds as $oldId => $newId) {
+    $installer->getConnection()->update(
+        $table,
+        ['resource_id' => $newId],
+        ['resource_id = ?' => $oldId]
+    );
+}
+
+$installer->endSetup();
diff --git a/app/code/core/Mage/Oauth/etc/adminhtml.xml b/app/code/core/Mage/Oauth/etc/adminhtml.xml
index 1e6ea5d4ed0..dc2f3c02664 100644
--- a/app/code/core/Mage/Oauth/etc/adminhtml.xml
+++ b/app/code/core/Mage/Oauth/etc/adminhtml.xml
@@ -23,7 +23,7 @@
                         <children>
                             <api>
                                 <children>
-                                    <consumer translate="title" module="oauth">
+                                    <oauth_consumer translate="title" module="oauth">
                                         <title>OAuth Consumers</title>
                                         <sort_order>20</sort_order>
                                         <children>
@@ -36,11 +36,11 @@
                                                 <sort_order>40</sort_order>
                                             </delete>
                                         </children>
-                                    </consumer>
-                                    <authorizedTokens translate="title" module="oauth">
+                                    </oauth_consumer>
+                                    <oauth_authorized_tokens translate="title" module="oauth">
                                         <title>OAuth Authorized Tokens</title>
                                         <sort_order>30</sort_order>
-                                    </authorizedTokens>
+                                    </oauth_authorized_tokens>
                                     <oauth_admin_token translate="title" module="oauth">
                                         <title>OAuth Admin My Apps</title>
                                         <sort_order>40</sort_order>
diff --git a/app/code/core/Mage/Oauth/etc/config.xml b/app/code/core/Mage/Oauth/etc/config.xml
index d1745e635aa..ccf844d1660 100644
--- a/app/code/core/Mage/Oauth/etc/config.xml
+++ b/app/code/core/Mage/Oauth/etc/config.xml
@@ -17,7 +17,7 @@
 <config>
     <modules>
         <Mage_Oauth>
-            <version>1.0.0.0</version>
+            <version>1.0.0.1</version>
         </Mage_Oauth>
     </modules>
     <global>