[Issue] add permission check for "reload data" data button #38283
Description
This issue is automatically created based on existing pull request: #38279: add permission check for "reload data" data button
despite that the user does not have permission for refreshing the statistics button, it is shown and when pressed a "not permitted" page is shown.
therefore add the check that is used with that controller action.
Description (*)
Related Pull Requests
Fixed Issues (if relevant)
- Fixes magento/magento2#<issue_number>
Manual testing scenarios (*)
- create a new user role, without the permission Magento_Reports::statistics
- create a new user with that role
Expected:
3. no "Reload Data" button is shown, as there is no permission for that
Actual:
3. the "Reload Data" button is shown and clickable
4. on click of the "Reload Data" button a "not permitted"-page is shown to the user
Questions or comments
Additional to that missing permission check, this function (including the controller \Magento\Backend\Controller\Adminhtml\Dashboard\RefreshStatistics) should be migrated to the reporting module for dependencies sakes and the refreshstatistics.phtml be renamed to dashboard_actions.phtml or so as it already shows all childhtml elements (so anyone could contribute new actions) - the reload-feature should not be any different
Contribution checklist (*)
- Pull request has a meaningful description of its purpose
- All commits are accompanied by meaningful commit messages
- All new or changed code is covered with unit/integration tests (if applicable)
- README.md files for modified modules are updated and included in the pull request if any README.md predefined sections require an update
- All automated tests passed successfully (all builds are green)