Permalink
Browse files

Update as of 8/15/2012

* Refactored ACL functionality:
  * Implementation is not bound to backend area anymore and moved to `Mage_Core` module
  * Covered backwards-incompatible changes with additional migration tool (`dev/tools/migration/Acl`)
* Implemented "move" layout directive and slightly modified behavior of "remove"
* A failure in DB cleanup by integration testing framework is articulated more clearly by throwing `Magento_Exception`
* Fixed security vulnerability of exploiting Magento "cookie restriction" feature
* Fixed caching mechanism of loading modules declaration to not cause additional performance overhead
* Adjusted include path in unit tests to use the original include path at the end, rather than at the beginning
  • Loading branch information...
1 parent e0f1c29 commit 37bf8f24f6b0ce307e0e0520c2f5c758df70f3fc @magento-team magento-team committed Aug 16, 2012
Showing with 5,088 additions and 911 deletions.
  1. +11 −0 CHANGELOG.markdown
  2. +1 −1 app/code/core/Mage/Adminhtml/Block/Cache/Notifications.php
  3. +1 −1 app/code/core/Mage/Adminhtml/Block/Catalog/Product/Edit/Tab/Attributes.php
  4. +2 −2 app/code/core/Mage/Adminhtml/Block/Catalog/Product/Edit/Tabs.php
  5. +1 −1 app/code/core/Mage/Adminhtml/Block/Catalog/Product/Grid.php
  6. +1 −1 app/code/core/Mage/Adminhtml/Block/Cms/Page.php
  7. +1 −1 app/code/core/Mage/Adminhtml/Block/Cms/Page/Edit.php
  8. +1 −1 app/code/core/Mage/Adminhtml/Block/Cms/Page/Edit/Tab/Content.php
  9. +1 −1 app/code/core/Mage/Adminhtml/Block/Cms/Page/Edit/Tab/Design.php
  10. +1 −1 app/code/core/Mage/Adminhtml/Block/Cms/Page/Edit/Tab/Main.php
  11. +1 −1 app/code/core/Mage/Adminhtml/Block/Cms/Page/Edit/Tab/Meta.php
  12. +1 −1 app/code/core/Mage/Adminhtml/Block/Customer/Edit.php
  13. +15 −13 app/code/core/Mage/Adminhtml/Block/Customer/Edit/Tabs.php
  14. +1 −1 app/code/core/Mage/Adminhtml/Block/Customer/Online/Grid.php
  15. +2 −1 app/code/core/Mage/Adminhtml/Block/Notification/Survey.php
  16. +0 −17 app/code/core/Mage/Adminhtml/Block/Notification/Window.php
  17. +1 −1 app/code/core/Mage/Adminhtml/Block/Sales/Creditmemo/Grid.php
  18. +1 −1 app/code/core/Mage/Adminhtml/Block/Sales/Invoice/Grid.php
  19. +1 −1 app/code/core/Mage/Adminhtml/Block/Sales/Items/Abstract.php
  20. +1 −1 app/code/core/Mage/Adminhtml/Block/Sales/Order.php
  21. +1 −1 app/code/core/Mage/Adminhtml/Block/Sales/Order/Creditmemo/View.php
  22. +5 −5 app/code/core/Mage/Adminhtml/Block/Sales/Order/Grid.php
  23. +1 −1 app/code/core/Mage/Adminhtml/Block/Sales/Order/Invoice/Create/Items.php
  24. +1 −1 app/code/core/Mage/Adminhtml/Block/Sales/Order/Invoice/View.php
  25. +1 −1 app/code/core/Mage/Adminhtml/Block/Sales/Order/Shipment/View.php
  26. +1 −1 app/code/core/Mage/Adminhtml/Block/Sales/Order/View.php
  27. +1 −1 app/code/core/Mage/Adminhtml/Block/Sales/Order/View/History.php
  28. +1 −1 app/code/core/Mage/Adminhtml/Block/Sales/Order/View/Tab/Transactions.php
  29. +1 −1 app/code/core/Mage/Adminhtml/Block/Sales/Shipment/Grid.php
  30. +1 −1 app/code/core/Mage/Adminhtml/Block/Sales/Transactions/Detail.php
  31. +1 −1 app/code/core/Mage/Adminhtml/Block/System/Config/Tabs.php
  32. +35 −1 app/code/core/Mage/Adminhtml/Controller/Action.php
  33. +1 −1 app/code/core/Mage/Adminhtml/Controller/Sales/Creditmemo.php
  34. +1 −1 app/code/core/Mage/Adminhtml/Controller/Sales/Invoice.php
  35. +1 −1 app/code/core/Mage/Adminhtml/Controller/Sales/Shipment.php
  36. +1 −1 app/code/core/Mage/Adminhtml/controllers/Api/RoleController.php
  37. +1 −1 app/code/core/Mage/Adminhtml/controllers/Api/UserController.php
  38. +1 −1 app/code/core/Mage/Adminhtml/controllers/CacheController.php
  39. +1 −1 app/code/core/Mage/Adminhtml/controllers/Catalog/CategoryController.php
  40. +1 −1 app/code/core/Mage/Adminhtml/controllers/Catalog/Product/Action/AttributeController.php
  41. +1 −1 app/code/core/Mage/Adminhtml/controllers/Catalog/Product/AttributeController.php
  42. +1 −1 app/code/core/Mage/Adminhtml/controllers/Catalog/Product/GalleryController.php
  43. +1 −1 app/code/core/Mage/Adminhtml/controllers/Catalog/Product/GroupController.php
  44. +2 −2 app/code/core/Mage/Adminhtml/controllers/Catalog/Product/ReviewController.php
  45. +1 −1 app/code/core/Mage/Adminhtml/controllers/Catalog/Product/SetController.php
  46. +1 −1 app/code/core/Mage/Adminhtml/controllers/Catalog/ProductController.php
  47. +1 −1 app/code/core/Mage/Adminhtml/controllers/Catalog/SearchController.php
  48. +1 −1 app/code/core/Mage/Adminhtml/controllers/Checkout/AgreementController.php
  49. +1 −1 app/code/core/Mage/Adminhtml/controllers/Cms/BlockController.php
  50. +3 −3 app/code/core/Mage/Adminhtml/controllers/Cms/PageController.php
  51. +1 −1 app/code/core/Mage/Adminhtml/controllers/Cms/Wysiwyg/ImagesController.php
  52. +1 −1 app/code/core/Mage/Adminhtml/controllers/Customer/Cart/Product/Composite/CartController.php
  53. +1 −1 app/code/core/Mage/Adminhtml/controllers/Customer/GroupController.php
  54. +1 −1 app/code/core/Mage/Adminhtml/controllers/Customer/OnlineController.php
  55. +1 −1 app/code/core/Mage/Adminhtml/controllers/Customer/Wishlist/Product/Composite/WishlistController.php
  56. +346 −202 app/code/core/Mage/Adminhtml/controllers/CustomerController.php
  57. +1 −1 app/code/core/Mage/Adminhtml/controllers/DashboardController.php
  58. +2 −2 app/code/core/Mage/Adminhtml/controllers/IndexController.php
  59. +1 −1 app/code/core/Mage/Adminhtml/controllers/Media/EditorController.php
  60. +1 −1 app/code/core/Mage/Adminhtml/controllers/Media/UploaderController.php
  61. +1 −1 app/code/core/Mage/Adminhtml/controllers/Newsletter/ProblemController.php
  62. +1 −1 app/code/core/Mage/Adminhtml/controllers/Newsletter/QueueController.php
  63. +1 −1 app/code/core/Mage/Adminhtml/controllers/Newsletter/SubscriberController.php
  64. +1 −1 app/code/core/Mage/Adminhtml/controllers/Newsletter/TemplateController.php
  65. +1 −1 app/code/core/Mage/Adminhtml/controllers/NotificationController.php
  66. +1 −1 app/code/core/Mage/Adminhtml/controllers/Poll/AnswerController.php
  67. +1 −1 app/code/core/Mage/Adminhtml/controllers/PollController.php
  68. +1 −1 app/code/core/Mage/Adminhtml/controllers/Promo/CatalogController.php
  69. +1 −1 app/code/core/Mage/Adminhtml/controllers/Promo/QuoteController.php
  70. +1 −1 app/code/core/Mage/Adminhtml/controllers/Promo/WidgetController.php
  71. +1 −1 app/code/core/Mage/Adminhtml/controllers/PromoController.php
  72. +1 −1 app/code/core/Mage/Adminhtml/controllers/RatingController.php
  73. +4 −4 app/code/core/Mage/Adminhtml/controllers/Report/CustomerController.php
  74. +4 −4 app/code/core/Mage/Adminhtml/controllers/Report/ProductController.php
  75. +3 −3 app/code/core/Mage/Adminhtml/controllers/Report/ReviewController.php
  76. +9 −9 app/code/core/Mage/Adminhtml/controllers/Report/SalesController.php
  77. +4 −4 app/code/core/Mage/Adminhtml/controllers/Report/ShopcartController.php
  78. +1 −1 app/code/core/Mage/Adminhtml/controllers/Report/StatisticsController.php
  79. +5 −5 app/code/core/Mage/Adminhtml/controllers/Report/TagController.php
  80. +2 −2 app/code/core/Mage/Adminhtml/controllers/ReportController.php
  81. +3 −3 app/code/core/Mage/Adminhtml/controllers/Sales/Billing/AgreementController.php
  82. +2 −2 app/code/core/Mage/Adminhtml/controllers/Sales/Order/CreateController.php
  83. +1 −1 app/code/core/Mage/Adminhtml/controllers/Sales/Order/EditController.php
  84. +1 −1 app/code/core/Mage/Adminhtml/controllers/Sales/Order/StatusController.php
  85. +1 −1 app/code/core/Mage/Adminhtml/controllers/Sales/OrderController.php
  86. +2 −2 app/code/core/Mage/Adminhtml/controllers/Sales/TransactionsController.php
  87. +1 −1 app/code/core/Mage/Adminhtml/controllers/SitemapController.php
  88. +1 −1 app/code/core/Mage/Adminhtml/controllers/SurveyController.php
  89. +1 −1 app/code/core/Mage/Adminhtml/controllers/System/AccountController.php
  90. +1 −1 app/code/core/Mage/Adminhtml/controllers/System/BackupController.php
  91. +6 −9 app/code/core/Mage/Adminhtml/controllers/System/ConfigController.php
  92. +1 −1 app/code/core/Mage/Adminhtml/controllers/System/Convert/GuiController.php
  93. +1 −1 app/code/core/Mage/Adminhtml/controllers/System/Convert/ProfileController.php
  94. +1 −1 app/code/core/Mage/Adminhtml/controllers/System/CurrencyController.php
  95. +1 −1 app/code/core/Mage/Adminhtml/controllers/System/DesignController.php
  96. +1 −1 app/code/core/Mage/Adminhtml/controllers/System/Email/TemplateController.php
  97. +1 −1 app/code/core/Mage/Adminhtml/controllers/System/StoreController.php
  98. +1 −1 app/code/core/Mage/Adminhtml/controllers/System/VariableController.php
  99. +1 −1 app/code/core/Mage/Adminhtml/controllers/SystemController.php
  100. +3 −3 app/code/core/Mage/Adminhtml/controllers/TagController.php
  101. +1 −1 app/code/core/Mage/Adminhtml/controllers/Tax/Class/CustomerController.php
  102. +1 −1 app/code/core/Mage/Adminhtml/controllers/Tax/Class/ProductController.php
  103. +2 −2 app/code/core/Mage/Adminhtml/controllers/Tax/ClassController.php
  104. +3 −3 app/code/core/Mage/Adminhtml/controllers/Tax/RateController.php
  105. +1 −1 app/code/core/Mage/Adminhtml/controllers/Tax/RuleController.php
  106. +1 −1 app/code/core/Mage/Adminhtml/controllers/UrlrewriteController.php
  107. +1 −1 app/code/core/Mage/Adminhtml/view/adminhtml/page/header.phtml
  108. +1 −1 app/code/core/Mage/Adminhtml/view/adminhtml/system/config/switcher.phtml
  109. +1 −3 app/code/core/Mage/Api2/Block/Adminhtml/Attribute/Grid.php
  110. +1 −3 app/code/core/Mage/Api2/Block/Adminhtml/Roles.php
  111. +1 −4 app/code/core/Mage/Api2/Block/Adminhtml/Roles/Grid.php
  112. +1 −3 app/code/core/Mage/Api2/controllers/Adminhtml/Api2/RoleController.php
  113. +55 −6 app/code/core/Mage/Backend/Controller/ActionAbstract.php
  114. +2 −2 app/code/core/Mage/Backend/Helper/Data.php
  115. +3 −3 app/code/core/Mage/Backend/Model/Acl/Config.php
  116. +3 −3 app/code/core/Mage/Backend/Model/Auth/Session.php
  117. +56 −0 app/code/core/Mage/Backend/Model/Authorization/RoleLocator.php
  118. +1 −1 app/code/core/Mage/Backend/Model/Menu/Item.php
  119. +3 −3 app/code/core/Mage/Backend/Model/Menu/Item/Factory.php
  120. +1 −1 app/code/core/Mage/Backend/Model/Menu/Item/Validator.php
  121. +2 −0 app/code/core/Mage/Backend/etc/config.xml
  122. +1 −1 app/code/core/Mage/Backup/Helper/Data.php
  123. +62 −73 app/code/core/Mage/Centinel/Model/State/Jcb.php
  124. +1 −1 app/code/core/Mage/Cms/Model/Wysiwyg/Config.php
  125. +1 −1 app/code/core/Mage/Connect/controllers/Adminhtml/Extension/CustomController.php
  126. +14 −2 app/code/core/Mage/Core/Controller/Varien/Action.php
  127. +21 −19 app/code/core/Mage/Core/Controller/Varien/Router/Base.php
  128. +49 −8 app/code/core/Mage/Core/Helper/Cookie.php
  129. +18 −9 app/code/core/Mage/Core/Model/Acl/Builder.php
  130. +137 −0 app/code/core/Mage/Core/Model/Authorization.php
  131. +84 −19 app/code/core/Mage/Core/Model/Config.php
  132. +205 −76 app/code/core/Mage/Core/Model/Layout.php
  133. +65 −0 app/code/core/Mage/Core/Model/Registry.php
  134. +1 −1 app/code/core/Mage/CurrencySymbol/controllers/Adminhtml/System/CurrencysymbolController.php
  135. +1 −1 app/code/core/Mage/DesignEditor/controllers/Adminhtml/System/Design/EditorController.php
  136. +1 −1 app/code/core/Mage/Downloadable/controllers/Adminhtml/Downloadable/FileController.php
  137. +1 −1 app/code/core/Mage/GoogleOptimizer/Block/Adminhtml/Cms/Page/Edit/Tab/Googleoptimizer.php
  138. +1 −1 app/code/core/Mage/GoogleShopping/controllers/Adminhtml/Googleshopping/ItemsController.php
  139. +1 −1 app/code/core/Mage/GoogleShopping/controllers/Adminhtml/Googleshopping/TypesController.php
  140. +1 −1 app/code/core/Mage/ImportExport/controllers/Adminhtml/ExportController.php
  141. +1 −1 app/code/core/Mage/ImportExport/controllers/Adminhtml/ImportController.php
  142. +1 −1 app/code/core/Mage/Index/Block/Adminhtml/Notifications.php
  143. +1 −1 app/code/core/Mage/Index/controllers/Adminhtml/ProcessController.php
  144. +1 −3 app/code/core/Mage/Oauth/Block/Adminhtml/Oauth/AuthorizedTokens/Grid.php
  145. +1 −3 app/code/core/Mage/Oauth/Block/Adminhtml/Oauth/Consumer.php
  146. +3 −3 app/code/core/Mage/Oauth/Block/Adminhtml/Oauth/Consumer/Edit.php
  147. +1 −3 app/code/core/Mage/Oauth/Block/Adminhtml/Oauth/Consumer/Grid.php
  148. +1 −3 app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/Admin/TokenController.php
  149. +1 −3 app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizedTokensController.php
  150. +1 −3 app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/ConsumerController.php
  151. +1 −1 app/code/core/Mage/PageCache/Block/Adminhtml/Cache/Additional.php
  152. +1 −1 app/code/core/Mage/PageCache/controllers/Adminhtml/PageCacheController.php
  153. +7 −5 app/code/core/Mage/Paypal/Block/Adminhtml/Settlement/Report.php
  154. +3 −3 app/code/core/Mage/Paypal/controllers/Adminhtml/Paypal/ReportsController.php
  155. +4 −1 app/code/core/Mage/Rss/controllers/CatalogController.php
  156. +1 −1 app/code/core/Mage/Rss/controllers/OrderController.php
  157. +1 −1 app/code/core/Mage/Sales/Block/Adminhtml/Billing/Agreement/View.php
  158. +1 −1 app/code/core/Mage/Sales/Block/Adminhtml/Recurring/Profile/View/Tab/Orders.php
  159. +1 −1 app/code/core/Mage/Sales/Model/Observer.php
  160. +9 −4 app/code/core/Mage/User/Block/Role/Tab/Edit.php
  161. +1 −1 app/code/core/Mage/User/Model/Resource/Rules.php
  162. +1 −1 app/code/core/Mage/User/controllers/Adminhtml/User/RoleController.php
  163. +1 −1 app/code/core/Mage/User/controllers/Adminhtml/UserController.php
  164. +1 −1 app/code/core/Mage/Widget/controllers/Adminhtml/Widget/InstanceController.php
  165. +1 −1 app/code/core/Mage/XmlConnect/controllers/Adminhtml/MobileController.php
  166. +3 −1 dev/tests/integration/framework/Magento/Test/Bootstrap.php
  167. +14 −0 dev/tests/integration/framework/tests/unit/testsuite/Magento/Test/BootstrapTest.php
  168. +1 −0 dev/tests/integration/testsuite/Mage/Adminhtml/Block/Catalog/Product/Edit/TabsTest.php
  169. +286 −0 dev/tests/integration/testsuite/Mage/Adminhtml/controllers/CustomerControllerTest.php
  170. +87 −0 dev/tests/integration/testsuite/Mage/Adminhtml/controllers/_files/customer_sample.php
  171. +52 −0 dev/tests/integration/testsuite/Mage/Backend/Controller/ActionAbstractTest.php
  172. +1 −0 dev/tests/integration/testsuite/Mage/Backend/Model/MenuTest.php
  173. +1 −0 dev/tests/integration/testsuite/Mage/Cms/Model/Wysiwyg/ConfigTest.php
  174. +1 −0 dev/tests/integration/testsuite/Mage/Core/Controller/Varien/ActionTest.php
  175. +101 −1 dev/tests/integration/testsuite/Mage/Core/Model/LayoutTest.php
  176. +8 −5 dev/tests/integration/testsuite/Mage/Core/Model/_files/_layout_update.xml
  177. +95 −2 ...ts/integration/testsuite/Mage/Core/Model/_files/design/frontend/test/default/Mage_Core/layout.xml
  178. +1 −2 dev/tests/integration/testsuite/Mage/User/Block/Role/Tab/EditTest.php
  179. +4 −4 dev/tests/integration/testsuite/integrity/modular/AclConfigFilesTest.php
  180. +34 −8 dev/tests/integration/testsuite/integrity/modular/TemplateFilesTest.php
  181. +9 −3 dev/tests/static/testsuite/Legacy/ObsoleteCodeTest.php
  182. +1 −0 dev/tests/static/testsuite/Php/_files/blacklist/core.txt
  183. +1 −0 dev/tests/static/testsuite/Php/_files/whitelist/core.txt
  184. +2 −2 dev/tests/unit/framework/bootstrap.php
  185. +4 −4 dev/tests/unit/testsuite/Mage/Backend/Model/Acl/ConfigTest.php
  186. +59 −0 dev/tests/unit/testsuite/Mage/Backend/Model/Authorization/RoleLocatorTest.php
  187. +1 −1 dev/tests/unit/testsuite/Mage/Backend/Model/Menu/Item/FactoryTest.php
  188. +1 −1 dev/tests/unit/testsuite/Mage/Backend/Model/Menu/Item/ValidatorTest.php
  189. +1 −1 dev/tests/unit/testsuite/Mage/Backend/Model/Menu/ItemTest.php
  190. +0 −10 dev/tests/unit/testsuite/Mage/Backend/Model/UrlTest.php
  191. +619 −0 dev/tests/unit/testsuite/Mage/Centinel/Model/State/JcbTest.php
  192. +151 −0 dev/tests/unit/testsuite/Mage/Core/Helper/CookieTest.php
  193. +74 −0 dev/tests/unit/testsuite/Mage/Core/Model/AuthorizationTest.php
  194. +2 −1 dev/tests/unit/testsuite/Mage/Eav/Model/Resource/Entity/AttributeTest.php
  195. +7 −7 dev/tests/unit/testsuite/{Mage/Backend/Model → Magento}/Acl/Config/ReaderTest.php
  196. +40 −0 dev/tests/unit/testsuite/Magento/Acl/_files/acl_1.xml
  197. +42 −0 dev/tests/unit/testsuite/Magento/Acl/_files/acl_2.xml
  198. +45 −0 dev/tests/unit/testsuite/Magento/Acl/_files/acl_merged.xml
  199. +86 −0 dev/tests/unit/testsuite/Magento/Authorization/Policy/AclTest.php
  200. +43 −0 dev/tests/unit/testsuite/Magento/Authorization/Policy/DefaultTest.php
  201. +62 −0 dev/tests/unit/testsuite/Varien/Simplexml/ElementTest.php
  202. +9 −8 ...t/testsuite/{tools/migration/Acl/_files/template_document.xml → Varien/Simplexml/_files/data.xml}
  203. +87 −0 dev/tests/unit/testsuite/tools/migration/Acl/Db/Adapter/FactoryTest.php
  204. +63 −0 dev/tests/unit/testsuite/tools/migration/Acl/Db/FileReaderTest.php
  205. +39 −0 dev/tests/unit/testsuite/tools/migration/Acl/Db/Logger/ConsoleTest.php
  206. +80 −0 dev/tests/unit/testsuite/tools/migration/Acl/Db/Logger/FactoryTest.php
  207. +45 −0 dev/tests/unit/testsuite/tools/migration/Acl/Db/Logger/FileTest.php
  208. +73 −0 dev/tests/unit/testsuite/tools/migration/Acl/Db/LoggerAbstractTest.php
  209. +79 −0 dev/tests/unit/testsuite/tools/migration/Acl/Db/ReaderTest.php
  210. +107 −0 dev/tests/unit/testsuite/tools/migration/Acl/Db/UpdaterTest.php
  211. +69 −0 dev/tests/unit/testsuite/tools/migration/Acl/Db/WriterTest.php
  212. +5 −5 dev/tests/unit/testsuite/tools/migration/Acl/GeneratorRemoveTest.php
  213. +6 −6 dev/tests/unit/testsuite/tools/migration/Acl/GeneratorSaveTest.php
  214. +38 −71 dev/tests/unit/testsuite/tools/migration/Acl/GeneratorTest.php
  215. +8 −8 dev/tests/unit/testsuite/tools/migration/Acl/Menu/GeneratorTest.php
  216. 0 ...t/testsuite/tools/migration/Acl/_files/app/code/core/{Mage → ANamespace}/Module/etc/adminhtml.xml
  217. 0 ...tsuite/tools/migration/Acl/_files/app/code/core/{Mage → ANamespace}/Module/etc/adminhtml/menu.xml
  218. 0 ...suite/tools/migration/Acl/_files/app/code/core/{Enterprise → BNamespace}/Module/etc/adminhtml.xml
  219. 0 .../tools/migration/Acl/_files/app/code/core/{Enterprise → BNamespace}/Module/etc/adminhtml/menu.xml
  220. +1 −0 dev/tests/unit/testsuite/tools/migration/Acl/_files/log/AclXPathToAclId.log
  221. +59 −0 dev/tools/migration/Acl/Db/Adapter/Factory.php
  222. +53 −0 dev/tools/migration/Acl/Db/FileReader.php
  223. +39 −0 dev/tools/migration/Acl/Db/Logger/Console.php
  224. +68 −0 dev/tools/migration/Acl/Db/Logger/Factory.php
  225. +63 −0 dev/tools/migration/Acl/Db/Logger/File.php
  226. +116 −0 dev/tools/migration/Acl/Db/LoggerAbstract.php
  227. +72 −0 dev/tools/migration/Acl/Db/Reader.php
  228. +96 −0 dev/tools/migration/Acl/Db/Updater.php
  229. +66 −0 dev/tools/migration/Acl/Db/Writer.php
  230. +12 −1 dev/tools/migration/Acl/{FileWriter.php → FileManager.php}
  231. +28 −44 dev/tools/migration/Acl/Generator.php
  232. +6 −6 dev/tools/migration/Acl/Menu/Generator.php
  233. +81 −0 dev/tools/migration/Acl/db.php
  234. +2 −2 dev/tools/migration/acl.php
  235. +1 −1 downloader/Maged/Model/Session.php
  236. +9 −8 {app/code/core/Mage/Backend/Model → lib/Magento}/Acl/Config/Reader.php
  237. +6 −5 {app/code/core/Mage/Backend/Model → lib/Magento}/Acl/Config/Reader/Dom.php
  238. +6 −5 {app/code/core/Mage/Backend/Model → lib/Magento}/Acl/Config/ReaderInterface.php
  239. 0 {app/code/core/Mage/Backend/Model → lib/Magento}/Acl/Config/acl.xsd
  240. +40 −0 lib/Magento/Authorization/Policy.php
  241. +69 −0 lib/Magento/Authorization/Policy/Acl.php
  242. +45 −0 lib/Magento/Authorization/Policy/Default.php
  243. +36 −0 lib/Magento/Authorization/RoleLocator.php
  244. +39 −0 lib/Magento/Authorization/RoleLocator/Default.php
  245. +4 −4 lib/Magento/Data/Structure.php
  246. +25 −2 lib/Varien/Simplexml/Element.php
View
@@ -1,3 +1,14 @@
+Update as of 8/15/2012
+======================
+* Refactored ACL functionality:
+ * Implementation is not bound to backend area anymore and moved to `Mage_Core` module
+ * Covered backwards-incompatible changes with additional migration tool (`dev/tools/migration/Acl`)
+* Implemented "move" layout directive and slightly modified behavior of "remove"
+* A failure in DB cleanup by integration testing framework is articulated more clearly by throwing `Magento_Exception`
+* Fixed security vulnerability of exploiting Magento "cookie restriction" feature
+* Fixed caching mechanism of loading modules declaration to not cause additional performance overhead
+* Adjusted include path in unit tests to use the original include path at the end, rather than at the beginning
+
Update as of 8/9/2012
=====================
* Improvements:
@@ -58,7 +58,7 @@ public function getManageUrl()
*/
protected function _toHtml()
{
- if (Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed('Mage_Adminhtml::cache')) {
+ if (Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed('Mage_Adminhtml::cache')) {
return parent::_toHtml();
}
return '';
@@ -99,7 +99,7 @@ protected function _prepareForm()
// Add new attribute button if it is not an image tab
if (!$form->getElement('media_gallery')
- && Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed('Mage_Catalog::attributes_attributes')
+ && Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed('Mage_Catalog::attributes_attributes')
) {
$headerBar = $this->getLayout()->createBlock('Mage_Adminhtml_Block_Catalog_Product_Edit_Tab_Attributes_Create');
@@ -146,7 +146,7 @@ protected function _prepareLayout()
if( $this->getRequest()->getParam('id', false) ) {
if (Mage::helper('Mage_Catalog_Helper_Data')->isModuleEnabled('Mage_Review')) {
- if (Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed('Mage_Review::reviews_ratings')){
+ if (Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed('Mage_Review::reviews_ratings')){
$this->addTab('reviews', array(
'label' => Mage::helper('Mage_Catalog_Helper_Data')->__('Product Reviews'),
'url' => $this->getUrl('*/*/reviews', array('_current' => true)),
@@ -155,7 +155,7 @@ protected function _prepareLayout()
}
}
if (Mage::helper('Mage_Catalog_Helper_Data')->isModuleEnabled('Mage_Tag')) {
- if (Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed('Mage_Tag::tag')){
+ if (Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed('Mage_Tag::tag')){
$this->addTab('tags', array(
'label' => Mage::helper('Mage_Catalog_Helper_Data')->__('Product Tags'),
'url' => $this->getUrl('*/*/tagGrid', array('_current' => true)),
@@ -301,7 +301,7 @@ protected function _prepareMassaction()
)
));
- if (Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed('Mage_Catalog::update_attributes')){
+ if (Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed('Mage_Catalog::update_attributes')){
$this->getMassactionBlock()->addItem('attributes', array(
'label' => Mage::helper('Mage_Catalog_Helper_Data')->__('Update Attributes'),
'url' => $this->getUrl('*/catalog_product_action_attribute/edit', array('_current'=>true))
@@ -61,7 +61,7 @@ public function __construct()
*/
protected function _isAllowedAction($resourceId)
{
- return Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed($resourceId);
+ return Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed($resourceId);
}
}
@@ -86,7 +86,7 @@ public function getHeaderText()
*/
protected function _isAllowedAction($resourceId)
{
- return Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed($resourceId);
+ return Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed($resourceId);
}
/**
@@ -148,6 +148,6 @@ public function isHidden()
*/
protected function _isAllowedAction($resourceId)
{
- return Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed($resourceId);
+ return Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed($resourceId);
}
}
@@ -181,6 +181,6 @@ public function isHidden()
*/
protected function _isAllowedAction($resourceId)
{
- return Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed($resourceId);
+ return Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed($resourceId);
}
}
@@ -172,6 +172,6 @@ public function isHidden()
*/
protected function _isAllowedAction($resourceId)
{
- return Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed($resourceId);
+ return Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed($resourceId);
}
}
@@ -130,6 +130,6 @@ public function isHidden()
*/
protected function _isAllowedAction($resourceId)
{
- return Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed($resourceId);
+ return Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed($resourceId);
}
}
@@ -39,7 +39,7 @@ public function __construct()
$this->_controller = 'customer';
if ($this->getCustomerId() &&
- Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed('Mage_Sales::create')) {
+ Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed('Mage_Sales::create')) {
$this->_addButton('order', array(
'label' => Mage::helper('Mage_Customer_Helper_Data')->__('Create Order'),
'onclick' => 'setLocation(\'' . $this->getCreateOrderUrl() . '\')',
@@ -44,15 +44,17 @@ public function __construct()
protected function _beforeToHtml()
{
-/*
- if (Mage::registry('current_customer')->getId()) {
- $this->addTab('view', array(
- 'label' => Mage::helper('Mage_Customer_Helper_Data')->__('Customer View'),
- 'content' => $this->getLayout()->createBlock('Mage_Adminhtml_Block_Customer_Edit_Tab_View')->toHtml(),
- 'active' => true
- ));
- }
-*/
+ Magento_Profiler::start('customer/tabs');
+
+ /*
+ if (Mage::registry('current_customer')->getId()) {
+ $this->addTab('view', array(
+ 'label' => Mage::helper('Mage_Customer_Helper_Data')->__('Customer View'),
+ 'content' => $this->getLayout()->createBlock('Mage_Adminhtml_Block_Customer_Edit_Tab_View')->toHtml(),
+ 'active' => true
+ ));
+ }
+ */
$this->addTab('account', array(
'label' => Mage::helper('Mage_Customer_Helper_Data')->__('Account Information'),
'content' => $this->getLayout()
@@ -71,7 +73,7 @@ protected function _beforeToHtml()
if (Mage::registry('current_customer')->getId()) {
- if (Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed('Mage_Sales::actions_view')) {
+ if (Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed('Mage_Sales::actions_view')) {
$this->addTab('orders', array(
'label' => Mage::helper('Mage_Customer_Helper_Data')->__('Orders'),
'class' => 'ajax',
@@ -91,23 +93,23 @@ protected function _beforeToHtml()
'url' => $this->getUrl('*/*/wishlist', array('_current' => true)),
));
- if (Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed('Mage_Newsletter::subscriber')) {
+ if (Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed('Mage_Newsletter::subscriber')) {
$this->addTab('newsletter', array(
'label' => Mage::helper('Mage_Customer_Helper_Data')->__('Newsletter'),
'content' => $this->getLayout()
->createBlock('Mage_Adminhtml_Block_Customer_Edit_Tab_Newsletter')->initForm()->toHtml()
));
}
- if (Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed('Mage_Review::reviews_ratings')) {
+ if (Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed('Mage_Review::reviews_ratings')) {
$this->addTab('reviews', array(
'label' => Mage::helper('Mage_Customer_Helper_Data')->__('Product Reviews'),
'class' => 'ajax',
'url' => $this->getUrl('*/*/productReviews', array('_current' => true)),
));
}
- if (Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed('Mage_Tag::tag')) {
+ if (Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed('Mage_Tag::tag')) {
$this->addTab('tags', array(
'label' => Mage::helper('Mage_Customer_Helper_Data')->__('Product Tags'),
'class' => 'ajax',
@@ -160,7 +160,7 @@ protected function _prepareColumns()
*/
public function getRowUrl($row)
{
- return (Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed('Mage_Customer::manage') && $row->getCustomerId())
+ return (Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed('Mage_Customer::manage') && $row->getCustomerId())
? $this->getUrl('*/customer/edit', array('id' => $row->getCustomerId())) : '';
}
}
@@ -43,7 +43,8 @@ public function canShow()
$adminSession = Mage::getSingleton('Mage_Backend_Model_Auth_Session');
$seconds = intval(date('s', time()));
if ($adminSession->getHideSurveyQuestion()
- || !$adminSession->isAllowed(Mage_Backend_Model_Acl_Config::ACL_RESOURCE_ALL)
+ || !Mage::getSingleton('Mage_Core_Model_Authorization')
+ ->isAllowed(Mage_Backend_Model_Acl_Config::ACL_RESOURCE_ALL)
|| Mage_AdminNotification_Model_Survey::isSurveyViewed()
|| !Mage_AdminNotification_Model_Survey::isSurveyUrlValid())
{
@@ -105,11 +105,6 @@ public function canShow()
return false;
}
- if (!$this->_isAllowed()) {
- $this->_available = false;
- return false;
- }
-
if (is_null($this->_available)) {
$this->_available = $this->isShow();
}
@@ -163,16 +158,4 @@ public function getSeverityText()
{
return strtolower(str_replace('SEVERITY_', '', $this->getNoticeSeverity()));
}
-
- /**
- * Check if current block allowed in ACL
- *
- * @param string $resourcePath
- * @return bool
- */
- protected function _isAllowed()
- {
- return Mage::getSingleton('Mage_Backend_Model_Auth_Session')
- ->isAllowed('Mage_AdminNotification::show_toolbar');
- }
}
@@ -144,7 +144,7 @@ protected function _prepareMassaction()
public function getRowUrl($row)
{
- if (!Mage::getSingleton('Mage_Backend_Model_Auth_Session')
+ if (!Mage::getSingleton('Mage_Core_Model_Authorization')
->isAllowed(Mage_Backend_Model_Acl_Config::ACL_RESOURCE_ALL)
) {
return false;
@@ -145,7 +145,7 @@ protected function _prepareMassaction()
public function getRowUrl($row)
{
- if (!Mage::getSingleton('Mage_Backend_Model_Auth_Session')
+ if (!Mage::getSingleton('Mage_Core_Model_Authorization')
->isAllowed(Mage_Backend_Model_Acl_Config::ACL_RESOURCE_ALL)
) {
return false;
@@ -486,7 +486,7 @@ public function canEditQty()
public function canCapture()
{
- if (Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed('Mage_Sales::capture')) {
+ if (Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed('Mage_Sales::capture')) {
return $this->getInvoice()->canCapture();
}
return false;
@@ -40,7 +40,7 @@ public function __construct()
$this->_headerText = Mage::helper('Mage_Sales_Helper_Data')->__('Orders');
$this->_addButtonLabel = Mage::helper('Mage_Sales_Helper_Data')->__('Create New Order');
parent::__construct();
- if (!Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed('Mage_Sales::create')) {
+ if (!Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed('Mage_Sales::create')) {
$this->_removeButton('add');
}
}
@@ -229,6 +229,6 @@ public function updateBackButtonUrl($flag)
*/
public function _isAllowedAction($resourceId)
{
- return Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed($resourceId);
+ return Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed($resourceId);
}
}
@@ -120,7 +120,7 @@ protected function _prepareColumns()
'options' => Mage::getSingleton('Mage_Sales_Model_Order_Config')->getStatuses(),
));
- if (Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed('Mage_Sales::actions_view')) {
+ if (Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed('Mage_Sales::actions_view')) {
$this->addColumn('action',
array(
'header' => Mage::helper('Mage_Sales_Helper_Data')->__('Action'),
@@ -154,21 +154,21 @@ protected function _prepareMassaction()
$this->getMassactionBlock()->setFormFieldName('order_ids');
$this->getMassactionBlock()->setUseSelectAll(false);
- if (Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed('Mage_Sales::cancel')) {
+ if (Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed('Mage_Sales::cancel')) {
$this->getMassactionBlock()->addItem('cancel_order', array(
'label'=> Mage::helper('Mage_Sales_Helper_Data')->__('Cancel'),
'url' => $this->getUrl('*/sales_order/massCancel'),
));
}
- if (Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed('Mage_Sales::hold')) {
+ if (Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed('Mage_Sales::hold')) {
$this->getMassactionBlock()->addItem('hold_order', array(
'label'=> Mage::helper('Mage_Sales_Helper_Data')->__('Hold'),
'url' => $this->getUrl('*/sales_order/massHold'),
));
}
- if (Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed('Mage_Sales::unhold')) {
+ if (Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed('Mage_Sales::unhold')) {
$this->getMassactionBlock()->addItem('unhold_order', array(
'label'=> Mage::helper('Mage_Sales_Helper_Data')->__('Unhold'),
'url' => $this->getUrl('*/sales_order/massUnhold'),
@@ -205,7 +205,7 @@ protected function _prepareMassaction()
public function getRowUrl($row)
{
- if (Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed('Mage_Sales::actions_view')) {
+ if (Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed('Mage_Sales::actions_view')) {
return $this->getUrl('*/sales_order/view', array('order_id' => $row->getId()));
}
return false;
@@ -194,7 +194,7 @@ public function canEditQty()
*/
public function isCaptureAllowed()
{
- return Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed('Mage_Sales::capture');
+ return Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed('Mage_Sales::capture');
}
/**
@@ -207,6 +207,6 @@ public function updateBackButtonUrl($flag)
*/
protected function _isAllowedAction($resourceId)
{
- return $this->_session->isAllowed($resourceId);
+ return Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed($resourceId);
}
}
@@ -48,7 +48,7 @@ public function __construct()
return;
}
- if (Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed('Mage_Sales::emails')) {
+ if (Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed('Mage_Sales::emails')) {
$this->_updateButton('save', 'label', Mage::helper('Mage_Sales_Helper_Data')->__('Send Tracking Information'));
$this->_updateButton('save',
'onclick', "deleteConfirm('"
@@ -278,7 +278,7 @@ public function getVoidPaymentUrl()
protected function _isAllowedAction($resourceId)
{
- return Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed($resourceId);
+ return Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed($resourceId);
}
/**
@@ -70,7 +70,7 @@ public function getOrder()
public function canAddComment()
{
- return Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed('Mage_Sales::comment') &&
+ return Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed('Mage_Sales::comment') &&
$this->getOrder()->canComment();
}
@@ -93,6 +93,6 @@ public function canShowTab()
*/
public function isHidden()
{
- return !Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed('Mage_Sales::transactions_fetch');
+ return !Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed('Mage_Sales::transactions_fetch');
}
}
@@ -139,7 +139,7 @@ protected function _prepareColumns()
*/
public function getRowUrl($row)
{
- if (!Mage::getSingleton('Mage_Backend_Model_Auth_Session')
+ if (!Mage::getSingleton('Mage_Core_Model_Authorization')
->isAllowed(Mage_Backend_Model_Acl_Config::ACL_RESOURCE_ALL)
) {
return false;
@@ -60,7 +60,7 @@ public function __construct()
'class' => 'back'
));
- if (Mage::getSingleton('Mage_Backend_Model_Auth_Session')->isAllowed('Mage_Sales::transactions_fetch')
+ if (Mage::getSingleton('Mage_Core_Model_Authorization')->isAllowed('Mage_Sales::transactions_fetch')
&& $this->_txn->getOrderPaymentObject()->getMethodInstance()->canFetchTransactionInfo()) {
$fetchUrl = $this->getUrl('*/*/fetch' , array('_current' => true));
$this->_addButton('fetch', array(
@@ -327,7 +327,7 @@ public function checkSectionPermissions($aclResourceId=null)
}
if (!$permissions) {
- $permissions = Mage::getSingleton('Mage_Backend_Model_Auth_Session');
+ $permissions = Mage::getSingleton('Mage_Core_Model_Authorization');
}
$showTab = false;
Oops, something went wrong.

0 comments on commit 37bf8f2

Please sign in to comment.