Add ACL role ID to category tree cache id

[quangdo-aligent]

Related Pull Requests

• https://github.com/magento/partners-magento2ee/pull/252

Description (*)

When an admin user views a product's category tree (by editing a product), the category tree is cached with an ID akin to CATALOG_PRODUCT_CATEGORY_TREE_0_ (the $filter option is not used in the Magento codebase).

This is not compatible with admin users that have limited Role Scopes. If the first admin user to view a product category tree has access to all websites (e.g. Administrator), this then caches the full category tree for all websites. Then the limited admin user will also see this full category tree even if they should be limited to a single website's category tree. Similarly, if the limited admin user views the category tree after the block cache is cleaned, the Administrator user will only see a limited category tree.

This pull request adds the admin's user's ACL role ID to the cache ID. This is probably about as performant as we can get.

Manual testing scenarios (*)

1. Create a new category (and any sub-categories if desired) and assign it to a new website.
2. Assign a few products to the new website.
3. Create a new website-limited admin user with only access to the new website.
4. Clean block_html cache and view a product's category tree as an Administrator admin user.
5. Log in as the website-limited admin user and view the category tree for any product.
6. Observe that the full category tree is visible.

Contribution checklist (*)

• Pull request has a meaningful description of its purpose
• All commits are accompanied by meaningful commit messages
• All new or changed code is covered with unit/integration tests (if applicable)
• All automated tests passed successfully (all builds are green)

Resolved issues:

1. resolves [Issue] Add ACL role ID to category tree cache id #28306: Add ACL role ID to category tree cache id

[m2-assistant]

Hi @quangdo-aligent. Thank you for your contribution
Here is some useful tips how you can test your changes using Magento test environment.
Add the comment under your pull request to deploy test or vanilla Magento instance:

• @magento give me test instance - deploy test instance based on PR changes
• @magento give me 2.4-develop instance - deploy vanilla Magento instance

For more details, please, review the Magento Contributor Guide documentation.

[onkz19]

it's good

[aleron75]

Hello @quangdo-aligent first of all, thanks for your contribution, this seems to be a nasty bug.

Due to Magento Definition of Done, all code must be covered by tests.

For this specific case, you should cover your fix by automated tests with the scenario which leads to an issue. Tests should fail on the mainline and pass with your fix.

To answer the question "which kind of tests should I write", the answer is:
pick the most lightweight (execution time-wise) test type that will provide sufficient coverage.

In Magento codebase, you already find two kinds of test for this class:

• \Magento\Catalog\Test\Unit\Ui\DataProvider\Product\Form\Modifier\CategoriesTest
• \Magento\Catalog\Ui\DataProvider\Product\Form\Modifier\CategoriesTest

So my suggestion would be to try with a unit test.

Thank you again!

[aleron75]

@magento run all tests

[aleron75]

Hello @quangdo-aligent can you please check why some tests fail?
Thank you!

[aleron75]

@magento run all tests

[aleron75]

Hi @quangdo-aligent all tests passed, well done!

[magento-engcom-team]

Hi @slavvka, thank you for the review.
ENGCOM-7420 has been created to process this Pull Request

[engcom-Alfa]

✔️ QA Passed
The result the same as in comment

[m2-assistant]

Hi @quangdo-aligent, thank you for your contribution!
Please, complete Contribution Survey, it will take less than a minute.
Your feedback will help us to improve contribution process.