Skip to content

Commit

Permalink
2.0.0.0-dev84
Browse files Browse the repository at this point in the history 
* Fixed bugs:
  * Fixed an issue where an invalidly filled option did not become in focus after saving attempt on the Create New Order page in the backend
  * Fixed an issue with the default configuration not being applied properly in the CAPTCHA configuration section
  * Fixed an issue with optional State/Province fields on the Create New Order page being marked as required
  * Fixed an issue with incorrect Customer model usage on session in community modules
  * Fixed an issue where cache was not invalidated after applying catalog price rule
  * Fixed an issue where an admin with custom permissions could not create Shopping Cart Price Rule/Catalog Price Rule
  * Fixed an issue with REST request and response format being inconsistent
  * Fixed an issue where there was an error on a bundle product page if bundle items contained an out of stock product
  * Fixed a JS issue which appeared when adding associated products for a grouped product
  * Fixed an issue where layered navigation was absent on the Advanced Search results page
  * Fixed an issue where the leading "0" in numbers were truncated when exporting using Excel XML
  * Fixed the price type attribute filter in Layered Navigation
  * Fixed an issue with a fatal error in \Magento\Framework\ArchiveTest when bz2 extension was not installed
  * Fixed an issue where an admin could search product by attributes set on the Store View level (except default store view)
  * Fixed an issue where extra spaces in search values were not ignored during search and thus wrong search results were given
* GitHub requests:
  * [#542]  Fix ImportExport bug which occurs while importing multiple rows per entity
  * [#544]  Performance tests not working
* Framework improvements:
  * Covered the following Magento application components with unit tests:
      * `Customer/Model/Address.php`
      * `Customer/Model/Address/AbstractAddress.php `
      * `Customer/Model/Address/Converter.php`
      * `Customer/Model/Customer.php`
      * `Customer/Model/Customer/Attribute/Backend/Billing.php`
      * `Customer/Model/Customer/Attribute/Backend/Shipping.php`
      * `Customer/Model/Customer/Attribute/Backend/Store.php `
      * `Customer/Model/Customer/Attribute/Backend/Website.php `
      * `Customer/Model/Customer/Attribute/Backend/PasswordTest.php`
      * `Customer/Helper/Address.php`
      * `Customer/Helper/View.php`
      * `Customer/Service/V1/CustomerAccountService.php`
  * Covered Magento lib with unit tests:
      * `lib/internal/Magento/Framework/Filter/*`
      * `lib/internal/Magento/Framework/Model/Resource/Db/AbstractDb.php`
      * `lib/internal/Magento/Framework/Model/Resource/Db/Collection/AbstractCollection.php`
      * `lib/internal/Magento/Framework/File/Uploader.php`
      * `lib/internal/Magento/Framework/File/Csv.php`
      * `lib/internal/Magento/Framework/Less/File/Collector/Aggregated.php`
      * `lib/internal/Magento/Framework/Less/File/Collector/Library.php`
      * `lib/internal/Magento/Framework/Locale/Config.php`
      * `lib/internal/Magento/Framework/Locale/Currency.php`
      * `lib/internal/Magento/Framework/App/Config/Element.php`
      * `lib/internal/Magento/Framework/App/Config/Value.php`
      * `lib/internal/Magento/Framework/App/DefaultPath/DefaultPath.php`
      * `lib/internal/Magento/Framework/App/EntryPoint/EntryPoint.php`
      * `lib/internal/Magento/Framework/App/Helper/AbstractHelper.php`
      * `lib/internal/Magento/Framework/App/Resource/ConnectionFactory.php`
      * `lib/internal/Magento/Framework/App/Route/Config.php`
  * Implemented the ability for a mobile client to get a partial response
  * Added authentication support for mobile
  * Refactored the Oauth lib exception not to reference module classes
  * Moved the authorization services according to the new directory format: was \Magento\Authz\Service\AuthorizationV1Interface, became \Magento\Authz\Service\V1\AuthorizationInterface
  * Moved the integration services according to the new directory format:
    * Was \Magento\Integration\Service\IntegrationV1, became \Magento\Integration\Service\V1\Integration
    * Was \Magento\Integration\Service\OauthV1, became \Magento\Integration\Service\V1\Oauth
  * Improved security of the integration registration
  * Introduced language packages with ability to inherit dictionaries
* Improved modularity of ImportExport
* Created Service API for Magento_Catalog module:
   * Implemented Product Attribute Media API
   * Implemented Product Group Price API
   * Implemented Product Attribute Write API
   * Implemented Product Attribute Options Read and Write API
* Created Service for the Magento Tax module:
  * Implemented Tax Rule Service
  * Implemented Tax Rate Service
  * Implemented Tax Calculation Data Objects
  * Implemented Tax Calculation Builders
  * Implemented Tax Calculation Service
* Covered the part of the Catalog Module with unit tests
* Added PayPall Bill Me Later button
* Streamlined checkout experience
* Improved order review page for PayPal Express Checkout
  • Loading branch information
@magento-team
magento-team committed Jun 27, 2014
1 parent ea1a2b7 commit 974d259
Show file tree
Hide file tree
Showing 783 changed files with 29,318 additions and 4,472 deletions.
80 changes: 79 additions & 1 deletion CHANGELOG.md
View file
@@ -1,3 +1,81 @@
2.0.0.0-dev84
=============
* Fixed bugs:
* Fixed an issue where an invalidly filled option did not become in focus after saving attempt on the Create New Order page in the backend
* Fixed an issue with the default configuration not being applied properly in the CAPTCHA configuration section
* Fixed an issue with optional State/Province fields on the Create New Order page being marked as required
* Fixed an issue with incorrect Customer model usage on session in community modules
* Fixed an issue where cache was not invalidated after applying catalog price rule
* Fixed an issue where an admin with custom permissions could not create Shopping Cart Price Rule/Catalog Price Rule
* Fixed an issue with REST request and response format being inconsistent
* Fixed an issue where there was an error on a bundle product page if bundle items contained an out of stock product
* Fixed a JS issue which appeared when adding associated products for a grouped product
* Fixed an issue where layered navigation was absent on the Advanced Search results page
* Fixed an issue where the leading "0" in numbers were truncated when exporting using Excel XML
* Fixed the price type attribute filter in Layered Navigation
* Fixed an issue with a fatal error in \Magento\Framework\ArchiveTest when bz2 extension was not installed
* Fixed an issue where an admin could search product by attributes set on the Store View level (except default store view)
* Fixed an issue where extra spaces in search values were not ignored during search and thus wrong search results were given
* GitHub requests:
* [#542] Fix ImportExport bug which occurs while importing multiple rows per entity
* [#544] Performance tests not working
* Framework improvements:
* Covered the following Magento application components with unit tests:
* `Customer/Model/Address.php`
* `Customer/Model/Address/AbstractAddress.php `
* `Customer/Model/Address/Converter.php`
* `Customer/Model/Customer.php`
* `Customer/Model/Customer/Attribute/Backend/Billing.php`
* `Customer/Model/Customer/Attribute/Backend/Shipping.php`
* `Customer/Model/Customer/Attribute/Backend/Store.php `
* `Customer/Model/Customer/Attribute/Backend/Website.php `
* `Customer/Model/Customer/Attribute/Backend/PasswordTest.php`
* `Customer/Helper/Address.php`
* `Customer/Helper/View.php`
* `Customer/Service/V1/CustomerAccountService.php`
* Covered Magento lib with unit tests:
* `lib/internal/Magento/Framework/Filter/*`
* `lib/internal/Magento/Framework/Model/Resource/Db/AbstractDb.php`
* `lib/internal/Magento/Framework/Model/Resource/Db/Collection/AbstractCollection.php`
* `lib/internal/Magento/Framework/File/Uploader.php`
* `lib/internal/Magento/Framework/File/Csv.php`
* `lib/internal/Magento/Framework/Less/File/Collector/Aggregated.php`
* `lib/internal/Magento/Framework/Less/File/Collector/Library.php`
* `lib/internal/Magento/Framework/Locale/Config.php`
* `lib/internal/Magento/Framework/Locale/Currency.php`
* `lib/internal/Magento/Framework/App/Config/Element.php`
* `lib/internal/Magento/Framework/App/Config/Value.php`
* `lib/internal/Magento/Framework/App/DefaultPath/DefaultPath.php`
* `lib/internal/Magento/Framework/App/EntryPoint/EntryPoint.php`
* `lib/internal/Magento/Framework/App/Helper/AbstractHelper.php`
* `lib/internal/Magento/Framework/App/Resource/ConnectionFactory.php`
* `lib/internal/Magento/Framework/App/Route/Config.php`
* Implemented the ability for a mobile client to get a partial response
* Added authentication support for mobile
* Refactored the Oauth lib exception not to reference module classes
* Moved the authorization services according to the new directory format: was \Magento\Authz\Service\AuthorizationV1Interface, became \Magento\Authz\Service\V1\AuthorizationInterface
* Moved the integration services according to the new directory format:
* Was \Magento\Integration\Service\IntegrationV1, became \Magento\Integration\Service\V1\Integration
* Was \Magento\Integration\Service\OauthV1, became \Magento\Integration\Service\V1\Oauth
* Improved security of the integration registration
* Introduced language packages with ability to inherit dictionaries
* Improved modularity of ImportExport
* Created Service API for Magento_Catalog module:
* Implemented Product Attribute Media API
* Implemented Product Group Price API
* Implemented Product Attribute Write API
* Implemented Product Attribute Options Read and Write API
* Created Service for the Magento Tax module:
* Implemented Tax Rule Service
* Implemented Tax Rate Service
* Implemented Tax Calculation Data Objects
* Implemented Tax Calculation Builders
* Implemented Tax Calculation Service
* Covered the part of the Catalog Module with unit tests
* Added PayPall Bill Me Later button
* Streamlined checkout experience
* Improved order review page for PayPal Express Checkout

2.0.0.0-dev83
=============
* Created the Service API for the Magento_Catalog Module:
Expand Down Expand Up @@ -221,7 +299,7 @@
* Fixed price inconsistencies between catalog and shopping cart
* Added support for maintaining consistent price including tax for customers with different tax rates
* Added support for applying tax rules with different priorities to subtotal only

* Fixed bugs:
* Removed the extra '%' sign in the error\notice message on Gift Card Accounts page on the backend
* Fixed an issue with image uploading functionality in the Catalog configuration
Expand Down
2 changes: 1 addition & 1 deletion app/code/Magento/AdminNotification/etc/module.xml
View file
Expand Up @@ -24,7 +24,7 @@
*/
-->
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="../../../../../lib/internal/Magento/Framework/Module/etc/module.xsd">
<module name="Magento_AdminNotification" version="2.0.0.0" active="true">
<module name="Magento_AdminNotification" schema_version="2.0.0.0" active="true">
<sequence>
<module name="Magento_Core"/>
<module name="Magento_Store"/>
Expand Down
2 changes: 1 addition & 1 deletion app/code/Magento/Authorizenet/etc/module.xml
View file
Expand Up @@ -24,7 +24,7 @@
*/
-->
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="../../../../../lib/internal/Magento/Framework/Module/etc/module.xsd">
<module name="Magento_Authorizenet" version="1.5.0.0" active="true">
<module name="Magento_Authorizenet" schema_version="1.5.0.0" active="true">
<sequence>
<module name="Magento_Sales"/>
<module name="Magento_Checkout"/>
Expand Down
141 changes: 103 additions & 38 deletions app/code/Magento/Authz/Service/AuthorizationV1.php
View file
Expand Up @@ -23,18 +23,18 @@
*/
namespace Magento\Authz\Service;

use Magento\Framework\Acl\Builder as AclBuilder;
use Magento\Framework\Acl;
use Magento\Authz\Model\UserIdentifier;
use Magento\Framework\Acl;
use Magento\Framework\Acl\Builder as AclBuilder;
use Magento\Framework\Acl\RootResource as RootAclResource;
use Magento\Framework\Logger;
use Magento\Webapi\ServiceException as ServiceException;
use Magento\Webapi\ServiceResourceNotFoundException;
use Magento\User\Model\Resource\Role\CollectionFactory as RoleCollectionFactory;
use Magento\User\Model\Resource\Rules\CollectionFactory as RulesCollectionFactory;
use Magento\User\Model\Role;
use Magento\User\Model\RoleFactory;
use Magento\User\Model\RulesFactory;
use Magento\Framework\Acl\RootResource as RootAclResource;
use Magento\Webapi\ServiceException as ServiceException;
use Magento\Webapi\ServiceResourceNotFoundException;

/**
* Authorization service.
Expand All @@ -44,6 +44,9 @@
*/
class AuthorizationV1 implements AuthorizationV1Interface
{
const PERMISSION_ANONYMOUS = 'anonymous';
const PERMISSION_SELF = 'self';

/**
* @var AclBuilder
*/
Expand Down Expand Up @@ -121,29 +124,12 @@ public function __construct(
*/
public function isAllowed($resources, UserIdentifier $userIdentifier = null)
{
$resources = is_array($resources) ? $resources : array($resources);
$resources = is_array($resources) ? $resources : [$resources];
$userIdentifier = $userIdentifier ? $userIdentifier : $this->_userIdentifier;
try {
$role = $this->_getUserRole($userIdentifier);
if (!$role) {
throw new ServiceResourceNotFoundException(
__(
'Role for user with ID "%1" and user type "%2" cannot be found.',
$userIdentifier->getUserId(),
$userIdentifier->getUserType()
)
);
}
foreach ($resources as $resource) {
if (!$this->_aclBuilder->getAcl()->isAllowed($role->getId(), $resource)) {
return false;
}
}
if ($this->_isAnonymousOrSelfAllowed($resources, $userIdentifier)) {
return true;
} catch (\Exception $e) {
$this->_logger->logException($e);
return false;
}
return $this->_isUserWithRoleAllowed($resources, $userIdentifier);
}

/**
Expand Down Expand Up @@ -180,7 +166,12 @@ public function grantAllPermissions(UserIdentifier $userIdentifier)
*/
public function getAllowedResources(UserIdentifier $userIdentifier)
{
$allowedResources = array();
if ($userIdentifier->getUserType() == UserIdentifier::USER_TYPE_GUEST) {
return [self::PERMISSION_ANONYMOUS];
} elseif ($userIdentifier->getUserType() == UserIdentifier::USER_TYPE_CUSTOMER) {
return [self::PERMISSION_SELF];
}
$allowedResources = [];
try {
$role = $this->_getUserRole($userIdentifier);
if (!$role) {
Expand Down Expand Up @@ -234,6 +225,9 @@ public function removePermissions(UserIdentifier $userIdentifier)
protected function _createRole($userIdentifier)
{
$userType = $userIdentifier->getUserType();
if (!$this->_canRoleBeCreatedForUserType($userType)) {
throw new \LogicException("The role with user type '{$userType}' cannot be created");
}
$userId = $userIdentifier->getUserId();
switch ($userType) {
case UserIdentifier::USER_TYPE_INTEGRATION:
Expand All @@ -246,17 +240,12 @@ protected function _createRole($userIdentifier)
throw new \LogicException("Unknown user type: '{$userType}'.");
}
$role = $this->_roleFactory->create();
$role->setRoleName(
$roleName
)->setUserType(
$userType
)->setUserId(
$userId
)->setRoleType(
$roleType
)->setParentId(
$parentId
)->save();
$role->setRoleName($roleName)
->setUserType($userType)
->setUserId($userId)
->setRoleType($roleType)
->setParentId($parentId)
->save();
return $role;
}

Expand All @@ -270,6 +259,9 @@ protected function _createRole($userIdentifier)
protected function _deleteRole($userIdentifier)
{
$userType = $userIdentifier->getUserType();
if (!$this->_canRoleBeCreatedForUserType($userType)) {
throw new \LogicException("The role with user type '{$userType}' cannot be created or deleted.");
}
$userId = $userIdentifier->getUserId();
switch ($userType) {
case UserIdentifier::USER_TYPE_INTEGRATION:
Expand All @@ -287,13 +279,19 @@ protected function _deleteRole($userIdentifier)
*
* @param UserIdentifier $userIdentifier
* @return Role|false Return false in case when no role associated with provided user was found.
* @throws \LogicException
*/
protected function _getUserRole($userIdentifier)
{
if (!$this->_canRoleBeCreatedForUserType($userIdentifier)) {
throw new \LogicException(
"The role with user type '{$userIdentifier->getUserType()}' does not exist and cannot be created"
);
}
$roleCollection = $this->_roleCollectionFactory->create();
$userType = $userIdentifier->getUserType();
$userId = $userIdentifier->getUserId();
/** @var Role $role */
$userId = $userIdentifier->getUserId();
$role = $roleCollection->setUserFilter($userId, $userType)->getFirstItem();
return $role->getId() ? $role : false;
}
Expand All @@ -304,11 +302,78 @@ protected function _getUserRole($userIdentifier)
* @param Role $role
* @param string[] $resources
* @return void
* @throws \LogicException
*/
protected function _associateResourcesWithRole($role, array $resources)
{
/** @var \Magento\User\Model\Rules $rules */
$rules = $this->_rulesFactory->create();
$rules->setRoleId($role->getId())->setResources($resources)->saveRel();
}

/**
* Check if there role can be associated with user having provided user type.
*
* Roles cannot be created for guests and customers.
*
* @param string $userType
* @return bool
*/
protected function _canRoleBeCreatedForUserType($userType)
{
return ($userType != UserIdentifier::USER_TYPE_CUSTOMER) && ($userType != UserIdentifier::USER_TYPE_GUEST);
}

/**
* Check if the user has permission to access the requested resources.
*
* @param string[] $resources
* @param UserIdentifier $userIdentifier
* @return bool
*/
protected function _isAnonymousOrSelfAllowed($resources, UserIdentifier $userIdentifier)
{
if (count($resources) == 1) {
$resource = reset($resources);
$isAnonymousAccess = ($resource == self::PERMISSION_ANONYMOUS);
$isSelfAccess = ($userIdentifier->getUserType() == UserIdentifier::USER_TYPE_CUSTOMER)
&& ($resource == self::PERMISSION_SELF);
if ($isAnonymousAccess || $isSelfAccess) {
return true;
}
}
return false;
}

/**
* Check if user who has role is allowed to access requested resources.
*
* @param string[] $resources
* @param UserIdentifier $userIdentifier
* @return bool
*/
protected function _isUserWithRoleAllowed($resources, UserIdentifier $userIdentifier)
{
try {
$role = $this->_getUserRole($userIdentifier);
if (!$role) {
throw new ServiceResourceNotFoundException(
__(
'Role for user with ID "%1" and user type "%2" cannot be found.',
$userIdentifier->getUserId(),
$userIdentifier->getUserType()
)
);
}
foreach ($resources as $resource) {
if (!$this->_aclBuilder->getAcl()->isAllowed($role->getId(), $resource)) {
return false;
}
}
return true;
} catch (\Exception $e) {
$this->_logger->logException($e);
return false;
}
}
}
5 changes: 4 additions & 1 deletion app/code/Magento/Authz/etc/module.xml
View file
Expand Up @@ -24,7 +24,10 @@
*/
-->
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="../../../../../lib/internal/Magento/Framework/Module/etc/module.xsd">
<module name="Magento_Authz" version="1.0.0.0" active="true">
<module name="Magento_Authz" schema_version="1.0.0.0" active="true">
<sequence>
<module name="Magento_User"/>
</sequence>
<depends>
<!--TODO: Dependency on Magento_User is temporary and should be eliminated when ACL is made global-->
<module name="Magento_User"/>
Expand Down
11 changes: 0 additions & 11 deletions app/code/Magento/Backend/Block/Widget/Grid.php
View file
Expand Up @@ -397,17 +397,6 @@ protected function _prepareCollection()
return $this;
}

/**
* Decode URL encoded filter value recursive callback method
*
* @param string &$value
* @return void
*/
protected function _decodeFilter(&$value)
{
$value = $this->_backendHelper->decodeFilter($value);
}

/**
* Apply pagination to collection
*
Expand Down
25 changes: 13 additions & 12 deletions app/code/Magento/Backend/Helper/Data.php
View file
Expand Up @@ -177,21 +177,22 @@ public function prepareFilterString($filterString)
$data = array();
$filterString = base64_decode($filterString);
parse_str($filterString, $data);
array_walk_recursive($data, array($this, 'decodeFilter'));
array_walk_recursive(
$data,
// @codingStandardsIgnoreStart
/**
* Decodes URL-encoded string and trims whitespaces from the beginning and end of a string
*
* @param string $value
*/
// @codingStandardsIgnoreEnd
function (&$value) {
$value = trim(rawurldecode($value));
}
);
return $data;
}

/**
* Decode URL encoded filter value recursive callback method
*
* @param string &$value
* @return void
*/
public function decodeFilter(&$value)
{
$value = rawurldecode($value);
}

/**
* Generate unique token for reset password confirmation link
*
Expand Down

0 comments on commit 974d259

Please sign in to comment.