Merge remote-tracking branch 'mainline/2.3-develop' into MAGETWO-87490-decode-directives

Author: krissyhiserote

COPYING.txt

@@ -1,4 +1,4 @@
-Copyright © 2013-2017 Magento, Inc.
+Copyright © 2013-2018 Magento, Inc.
 
 Each Magento source file included in this distribution is licensed under OSL 3.0 or the Magento Enterprise Edition (MEE) license
 

README.md

@@ -38,8 +38,10 @@ To suggest documentation improvements, click [here][4].
 | ![reject](http://devdocs.magento.com/common/images/github_reject.png) | The pull request has been rejected and will not be merged into mainline code. Possible reasons can include but are not limited to: issue has already been fixed in another code contribution, or there is an issue with the code contribution. |
 | ![bug report](http://devdocs.magento.com/common/images/github_bug.png) | The Magento Team has confirmed that this issue contains the minimum required information to reproduce. |
 | ![acknowledged](http://devdocs.magento.com/common/images/gitHub_acknowledged.png) | The Magento Team has validated the issue and an internal ticket has been created. |
-| ![acknowledged](http://devdocs.magento.com/common/images/github_inProgress.png) | The internal ticket is currently in progress, fix is scheduled to be delivered. |
-| ![acknowledged](http://devdocs.magento.com/common/images/github_needsUpdate.png) | The Magento Team needs additional information from the reporter to properly prioritize and process the issue or pull request. |
+| ![in progress](http://devdocs.magento.com/common/images/github_inProgress.png) | The internal ticket is currently in progress, fix is scheduled to be delivered. |
+| ![needs update](http://devdocs.magento.com/common/images/github_needsUpdate.png) | The Magento Team needs additional information from the reporter to properly prioritize and process the issue or pull request. |
+
+To learn more about issue gate labels click [here](https://github.com/magento/magento2/wiki/Magento-Issue-Gates)
 
 <h2>Reporting security issues</h2>
 

app/bootstrap.php

@@ -49,12 +49,13 @@
     unset($_SERVER['ORIG_PATH_INFO']);
 }
 
-if (!empty($_SERVER['MAGE_PROFILER'])
+if (
+    (!empty($_SERVER['MAGE_PROFILER']) || file_exists(BP . '/var/profiler.flag'))
     && isset($_SERVER['HTTP_ACCEPT'])
     && strpos($_SERVER['HTTP_ACCEPT'], 'text/html') !== false
 ) {
     \Magento\Framework\Profiler::applyConfig(
-        $_SERVER['MAGE_PROFILER'],
+        (isset($_SERVER['MAGE_PROFILER']) && strlen($_SERVER['MAGE_PROFILER'])) ? $_SERVER['MAGE_PROFILER'] : trim(file_get_contents(BP . '/var/profiler.flag')),
         BP,
         !empty($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest'
     );

app/code/Magento/Analytics/Model/Connector/Http/JsonConverter.php

@@ -22,6 +22,9 @@ class JsonConverter implements ConverterInterface
      */
     private $serializer;
 
+    /**
+     * @param Json $serializer
+     */
     public function __construct(Json $serializer)
     {
         $this->serializer = $serializer;

app/code/Magento/Authorizenet/Controller/Directpost/Payment/Place.php

@@ -122,7 +122,7 @@ public function execute()
     /**
      * Place order for checkout flow
      *
-     * @return string
+     * @return void
      */
     protected function placeCheckoutOrder()
     {

app/code/Magento/Backend/Block/Cache.php

@@ -22,24 +22,29 @@ protected function _construct()
         $this->_headerText = __('Cache Storage Management');
         parent::_construct();
         $this->buttonList->remove('add');
-        $this->buttonList->add(
-            'flush_magento',
-            [
-                'label' => __('Flush Magento Cache'),
-                'onclick' => 'setLocation(\'' . $this->getFlushSystemUrl() . '\')',
-                'class' => 'primary flush-cache-magento'
-            ]
-        );
 
-        $message = __('The cache storage may contain additional data. Are you sure that you want to flush it?');
-        $this->buttonList->add(
-            'flush_system',
-            [
-                'label' => __('Flush Cache Storage'),
-                'onclick' => 'confirmSetLocation(\'' . $message . '\', \'' . $this->getFlushStorageUrl() . '\')',
-                'class' => 'flush-cache-storage'
-            ]
-        );
+        if ($this->_authorization->isAllowed('Magento_Backend::flush_magento_cache')) {
+            $this->buttonList->add(
+                'flush_magento',
+                [
+                    'label' => __('Flush Magento Cache'),
+                    'onclick' => 'setLocation(\'' . $this->getFlushSystemUrl() . '\')',
+                    'class' => 'primary flush-cache-magento'
+                ]
+            );
+        }
+
+        if ($this->_authorization->isAllowed('Magento_Backend::flush_cache_storage')) {
+            $message = __('The cache storage may contain additional data. Are you sure that you want to flush it?');
+            $this->buttonList->add(
+                'flush_system',
+                [
+                    'label' => __('Flush Cache Storage'),
+                    'onclick' => 'confirmSetLocation(\'' . $message . '\', \'' . $this->getFlushStorageUrl() . '\')',
+                    'class' => 'flush-cache-storage'
+                ]
+            );
+        }
     }
 
     /**

app/code/Magento/Backend/Block/Cache/Permissions.php

@@ -0,0 +1,62 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\Backend\Block\Cache;
+
+use Magento\Framework\AuthorizationInterface;
+use Magento\Framework\View\Element\Block\ArgumentInterface;
+
+/**
+ * Class Permissions
+ */
+class Permissions implements ArgumentInterface
+{
+    /**
+     * @var AuthorizationInterface
+     */
+    private $authorization;
+
+    /**
+     * Permissions constructor.
+     *
+     * @param AuthorizationInterface $authorization
+     */
+    public function __construct(AuthorizationInterface $authorization)
+    {
+        $this->authorization = $authorization;
+    }
+
+    /**
+     * @return bool
+     */
+    public function hasAccessToFlushCatalogImages()
+    {
+        return $this->authorization->isAllowed('Magento_Backend::flush_catalog_images');
+    }
+    /**
+     * @return bool
+     */
+    public function hasAccessToFlushJsCss()
+    {
+        return $this->authorization->isAllowed('Magento_Backend::flush_js_css');
+    }
+    /**
+     * @return bool
+     */
+    public function hasAccessToFlushStaticFiles()
+    {
+        return $this->authorization->isAllowed('Magento_Backend::flush_static_files');
+    }
+    /**
+     * @return bool
+     */
+    public function hasAccessToAdditionalActions()
+    {
+        return ($this->hasAccessToFlushCatalogImages()
+                || $this->hasAccessToFlushJsCss()
+                || $this->hasAccessToFlushStaticFiles());
+    }
+}

app/code/Magento/Backend/Block/Widget/Grid/Massaction.php

@@ -3,8 +3,15 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+
 namespace Magento\Backend\Block\Widget\Grid;
 
+use Magento\Backend\Block\Template\Context;
+use Magento\Framework\App\ObjectManager;
+use Magento\Framework\AuthorizationInterface;
+use Magento\Framework\DataObject;
+use Magento\Framework\Json\EncoderInterface;
+
 /**
  * Grid widget massaction default block
  *
@@ -14,4 +21,72 @@
  */
 class Massaction extends \Magento\Backend\Block\Widget\Grid\Massaction\AbstractMassaction
 {
+    /**
+     * @var AuthorizationInterface
+     */
+    private $authorization;
+
+    /**
+     * Map bind item id to a particular acl type
+     * itemId => acl
+     *
+     * @var array
+     */
+    private $restrictions = [
+        'enable'  => 'Magento_Backend::toggling_cache_type',
+        'disable' => 'Magento_Backend::toggling_cache_type',
+        'refresh' => 'Magento_Backend::refresh_cache_type',
+    ];
+
+    /**
+     * Massaction constructor.
+     *
+     * @param Context $context
+     * @param EncoderInterface $jsonEncoder
+     * @param array $data
+     * @param AuthorizationInterface $authorization
+     */
+    public function __construct(
+        Context $context,
+        EncoderInterface $jsonEncoder,
+        array $data = [],
+        AuthorizationInterface $authorization = null
+    ) {
+        $this->authorization = $authorization ?: ObjectManager::getInstance()->get(AuthorizationInterface::class);
+
+        parent::__construct($context, $jsonEncoder, $data);
+    }
+
+    /**
+     * {@inheritdoc}
+     *
+     * @param string $itemId
+     * @param array|DataObject $item
+     *
+     * @return $this
+     */
+    public function addItem($itemId, $item)
+    {
+        if (!$this->isRestricted($itemId)) {
+            parent::addItem($itemId, $item);
+        }
+
+        return $this;
+    }
+
+    /**
+     * Check if access to action restricted
+     *
+     * @param string $itemId
+     *
+     * @return bool
+     */
+    private function isRestricted(string $itemId): bool
+    {
+        if (!key_exists($itemId, $this->restrictions)) {
+            return false;
+        }
+
+        return !$this->authorization->isAllowed($this->restrictions[$itemId]);
+    }
 }

app/code/Magento/Backend/Controller/Adminhtml/Cache/CleanImages.php

@@ -11,6 +11,13 @@
 
 class CleanImages extends \Magento\Backend\Controller\Adminhtml\Cache
 {
+    /**
+     * Authorization level of a basic admin session
+     *
+     * @see _isAllowed()
+     */
+    const ADMIN_RESOURCE = 'Magento_Backend::flush_catalog_images';
+
     /**
      * Clean JS/css files cache
      *

app/code/Magento/Backend/Controller/Adminhtml/Cache/CleanMedia.php

@@ -11,6 +11,13 @@
 
 class CleanMedia extends \Magento\Backend\Controller\Adminhtml\Cache
 {
+    /**
+     * Authorization level of a basic admin session
+     *
+     * @see _isAllowed()
+     */
+    const ADMIN_RESOURCE = 'Magento_Backend::flush_js_css';
+
     /**
      * Clean JS/css files cache
      *

app/code/Magento/Backend/Controller/Adminhtml/Cache/CleanStaticFiles.php

@@ -10,6 +10,13 @@
 
 class CleanStaticFiles extends \Magento\Backend\Controller\Adminhtml\Cache
 {
+    /**
+     * Authorization level of a basic admin session
+     *
+     * @see _isAllowed()
+     */
+    const ADMIN_RESOURCE = 'Magento_Backend::flush_static_files';
+
     /**
      * Clean static files cache
      *

app/code/Magento/Backend/Controller/Adminhtml/Cache/FlushAll.php

@@ -8,6 +8,13 @@
 
 class FlushAll extends \Magento\Backend\Controller\Adminhtml\Cache
 {
+    /**
+     * Authorization level of a basic admin session
+     *
+     * @see _isAllowed()
+     */
+    const ADMIN_RESOURCE = 'Magento_Backend::flush_cache_storage';
+
     /**
      * Flush cache storage
      *

app/code/Magento/Backend/Controller/Adminhtml/Cache/FlushSystem.php

@@ -8,6 +8,13 @@
 
 class FlushSystem extends \Magento\Backend\Controller\Adminhtml\Cache
 {
+    /**
+     * Authorization level of a basic admin session
+     *
+     * @see _isAllowed()
+     */
+    const ADMIN_RESOURCE = 'Magento_Backend::flush_magento_cache';
+
     /**
      * Flush all magento cache
      *

app/code/Magento/Backend/Controller/Adminhtml/Cache/MassDisable.php

@@ -16,6 +16,13 @@
  */
 class MassDisable extends \Magento\Backend\Controller\Adminhtml\Cache
 {
+    /**
+     * Authorization level of a basic admin session
+     *
+     * @see _isAllowed()
+     */
+    const ADMIN_RESOURCE = 'Magento_Backend::toggling_cache_type';
+
     /**
      * @var State
      */

app/code/Magento/Backend/Controller/Adminhtml/Cache/MassEnable.php

@@ -16,6 +16,13 @@
  */
 class MassEnable extends \Magento\Backend\Controller\Adminhtml\Cache
 {
+    /**
+     * Authorization level of a basic admin session
+     *
+     * @see _isAllowed()
+     */
+    const ADMIN_RESOURCE = 'Magento_Backend::toggling_cache_type';
+
     /**
      * @var State
      */

app/code/Magento/Backend/Controller/Adminhtml/Cache/MassRefresh.php

@@ -11,6 +11,13 @@
 
 class MassRefresh extends \Magento\Backend\Controller\Adminhtml\Cache
 {
+    /**
+     * Authorization level of a basic admin session
+     *
+     * @see _isAllowed()
+     */
+    const ADMIN_RESOURCE = 'Magento_Backend::refresh_cache_type';
+
     /**
      * Mass action for cache refresh
      *