Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Issue] Add ACL role ID to category tree cache id #28306

Closed
4 tasks
ghost opened this issue May 20, 2020 · 5 comments · Fixed by #27429
Closed
4 tasks

[Issue] Add ACL role ID to category tree cache id #28306

ghost opened this issue May 20, 2020 · 5 comments · Fixed by #27429
Assignees
@quangdo-aligent
Labels
Component: Acl Component: Backend Component: Catalog Fixed in 2.4.x The issue has been fixed in 2.4-develop branch Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed Issue: Format is valid Gate 1 Passed. Automatic verification of issue format passed Issue: Ready for Work Gate 4. Acknowledged. Issue is added to backlog and ready for development Priority: P2 A defect with this priority could have functionality issues which are not to expectations. Reproduced on 2.4.x The issue has been reproduced on latest 2.4-develop branch Severity: S1 Affects critical data or functionality and forces users to employ a workaround. Triage: Done Has been reviewed and prioritized during Triage with Product Managers
Projects
Community Backlog

Comments

@ghost
Copy link

ghost commented May 20, 2020
edited by engcom-Alfa
Loading

This issue is automatically created based on existing pull request: #27429: Add ACL role ID to category tree cache id

Preconditions: (*)

When an admin user views a product's category tree (by editing a product), the category tree is cached with an ID akin to CATALOG_PRODUCT_CATEGORY_TREE_0_ (the $filter option is not used in the Magento codebase).

This is not compatible with admin users that have limited Role Scopes. If the first admin user to view a product category tree has access to all websites (e.g. Administrator), this then caches the full category tree for all websites. Then the limited admin user will also see this full category tree even if they should be limited to a single website's category tree. Similarly, if the limited admin user views the category tree after the block cache is cleaned, the Administrator user will only see a limited category tree.

This pull request adds the admin's user's ACL role ID to the cache ID. This is probably about as performant as we can get.

Steps to reproduce: (*)

  1. Create a product, category -> Default Category/default and assign it to Main Website Store;
  2. Create a new root category with child (Second Category/second_category for ex.);
    Screenshot from 2020-04-27 13-39-26
  3. Create a new Website, Store, Store view ( Second Website, Second Website Store, Second Website Store view) and set Second Category as default;
    screenshot_1
  4. Assign a few products to the new website and new category;
  5. Create a new website-limited admin user with only access to the new website.
    Admin_GWS functionality
    newwww
  6. Clean block_html cache and view a product's category tree as an Administrator admin user;
  7. Log in as the website-limited admin user and view the category tree for any product.

Actual Result: (*)

✖️ The categories from Main Website is shown

Peek 2020-04-27 14-17afaf

Expected Result: (*)

✔️ user should only see a limited category tree

Contribution checklist (*)

  • Pull request has a meaningful description of its purpose
  • All commits are accompanied by meaningful commit messages
  • All new or changed code is covered with unit/integration tests (if applicable)
  • All automated tests passed successfully (all builds are green)
@ghost ghost added Component: Catalog Priority: P2 A defect with this priority could have functionality issues which are not to expectations. Severity: S1 Affects critical data or functionality and forces users to employ a workaround. labels May 20, 2020
@quangdo-aligent quangdo-aligent mentioned this issue May 20, 2020
Merged
5 tasks
@ghost ghost assigned quangdo-aligent May 20, 2020
@magento-engcom-team magento-engcom-team added the Issue: Format is not valid Gate 1 Failed. Automatic verification of issue format is failed label May 20, 2020
@ghost ghost added this to PR In Progress in Community Backlog May 20, 2020
@sdzhepa
Copy link
Contributor

sdzhepa commented May 21, 2020

@magento give me 2.4-develop instance

@magento-engcom-team
Copy link
Contributor

Hi @sdzhepa. Thank you for your request. I'm working on Magento 2.4-develop instance for you

@magento-engcom-team
Copy link
Contributor

Hi @sdzhepa, here is your Magento instance.
Admin access: https://i-28306-2-4-develop.instances.magento-community.engineering/admin_4b6a
Login: 27a7bf0e Password: 163dd4f0776e
Instance will be terminated in up to 3 hours.

@magento-engcom-team magento-engcom-team added Issue: Format is valid Gate 1 Passed. Automatic verification of issue format passed and removed Issue: Format is not valid Gate 1 Failed. Automatic verification of issue format is failed labels Jun 4, 2020
@engcom-Alfa engcom-Alfa added Component: Acl Component: Backend Reproduced on 2.4.x The issue has been reproduced on latest 2.4-develop branch Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed labels Jun 4, 2020
@magento-engcom-team
Copy link
Contributor

✅ Confirmed by @engcom-Alfa
Thank you for verifying the issue. Based on the provided information internal tickets MC-34948 were created

Issue Available: @engcom-Alfa, You will be automatically unassigned. Contributors/Maintainers can claim this issue to continue. To reclaim and continue work, reassign the ticket to yourself.

@magento-engcom-team magento-engcom-team added the Issue: Ready for Work Gate 4. Acknowledged. Issue is added to backlog and ready for development label Jun 4, 2020
@sdzhepa sdzhepa added the Triage: Done Has been reviewed and prioritized during Triage with Product Managers label Jun 8, 2020
@okorshenko okorshenko added the Priority: P0 This generally occurs in cases when the entire functionality is blocked. label Jun 15, 2020
@ghost ghost removed the Priority: P0 This generally occurs in cases when the entire functionality is blocked. label Jun 15, 2020
@magento-engcom-team magento-engcom-team added the Fixed in 2.4.x The issue has been fixed in 2.4-develop branch label Jun 24, 2020
@magento-engcom-team
Copy link
Contributor

Hi @m2-backlog[bot]. Thank you for your report.
The issue has been fixed in #27429 by @quangdo-aligent in 2.4-develop branch
Related commit(s):

The fix will be available with the upcoming 2.4.1 release.

@ghost ghost moved this from PR In Progress to Done (last 30 days) in Community Backlog Jun 24, 2020
@sdzhepa sdzhepa mentioned this issue May 10, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@quangdo-aligent quangdo-aligent

Labels
Component: Acl Component: Backend Component: Catalog Fixed in 2.4.x The issue has been fixed in 2.4-develop branch Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed Issue: Format is valid Gate 1 Passed. Automatic verification of issue format passed Issue: Ready for Work Gate 4. Acknowledged. Issue is added to backlog and ready for development Priority: P2 A defect with this priority could have functionality issues which are not to expectations. Reproduced on 2.4.x The issue has been reproduced on latest 2.4-develop branch Severity: S1 Affects critical data or functionality and forces users to employ a workaround. Triage: Done Has been reviewed and prioritized during Triage with Product Managers
Projects
No open projects
Community Backlog
  
Done (last 30 days)
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add ACL role ID to category tree cache id quangdo-aligent/magento2
5 participants
@sdzhepa @okorshenko @magento-engcom-team @quangdo-aligent @engcom-Alfa