Merge pull request #6088 from magento-tango/TANGO-PR-09-01-2020_24

TANGO PR 09-01-2020 v2.4

Author: dhorytskyi

app/code/Magento/Catalog/etc/db_schema.xml

@@ -154,7 +154,7 @@
                 default="0" comment="Store ID"/>
         <column xsi:type="int" name="entity_id" unsigned="true" nullable="false" identity="false"
                 default="0" comment="Entity ID"/>
-        <column xsi:type="text" name="value" nullable="true" comment="Value"/>
+        <column xsi:type="mediumtext" name="value" nullable="true" comment="Value"/>
         <constraint xsi:type="primary" referenceId="PRIMARY">
             <column name="value_id"/>
         </constraint>
@@ -408,7 +408,7 @@
                 default="0" comment="Store ID"/>
         <column xsi:type="int" name="entity_id" unsigned="true" nullable="false" identity="false"
                 default="0" comment="Entity ID"/>
-        <column xsi:type="text" name="value" nullable="true" comment="Value"/>
+        <column xsi:type="mediumtext" name="value" nullable="true" comment="Value"/>
         <constraint xsi:type="primary" referenceId="PRIMARY">
             <column name="value_id"/>
         </constraint>

app/code/Magento/Checkout/Test/Mftf/Section/CheckoutPaymentSection.xml

@@ -15,6 +15,8 @@
         <element name="billingNewAddressForm" type="text" selector="[data-form='billing-new-address']"/>
         <element name="billingAddressNotSameCheckbox" type="checkbox" selector="#billing-address-same-as-shipping-checkmo"/>
         <element name="editAddress" type="button" selector="button.action.action-edit-address"/>
+        <element name="addressDropdown" type="select" selector="[name=billing_address_id]"/>
+        <element name="addressDropdownSelected" type="select" selector="[name=billing_address_id] option:checked"/>
         <element name="placeOrderDisabled" type="button" selector="#checkout-payment-method-load button.disabled"/>
         <element name="update" type="button" selector=".payment-method._active .payment-method-billing-address .action.action-update"/>
         <element name="guestFirstName" type="input" selector=".payment-method._active .billing-address-form input[name='firstname']"/>

app/code/Magento/Checkout/Test/Mftf/Test/OnePageCheckoutAsCustomerUsingNonDefaultAddressTest.xml

@@ -26,7 +26,7 @@
             </createData>
 
             <!-- Create customer -->
-            <createData entity="Customer_US_UK_DE" stepKey="createCustomer"/>
+            <createData entity="Customer_DE_UK_US" stepKey="createCustomer"/>
         </before>
         <after>
             <!-- Admin log out -->
@@ -70,7 +70,8 @@
 
         <!-- Change the address -->
         <click selector="{{CheckoutPaymentSection.editAddress}}" stepKey="editAddress"/>
-        <waitForElementVisible selector="{{CheckoutShippingSection.addressDropdown}}" stepKey="waitForDropDownToBeVisible"/>
+        <waitForElementVisible selector="{{CheckoutPaymentSection.addressDropdown}}" stepKey="waitForDropDownToBeVisible"/>
+        <see selector="{{CheckoutPaymentSection.addressDropdownSelected}}" userInput="{{US_Address_NY.street[0]}}" stepKey="seeDefaultBillingAddressStreet"/>
         <selectOption selector="{{CheckoutShippingSection.addressDropdown}}" userInput="{{UK_Not_Default_Address.street[0]}}" stepKey="addAddress"/>
 
         <!-- Check order summary in checkout -->

app/code/Magento/Checkout/view/frontend/web/js/view/billing-address/list.js

@@ -23,6 +23,9 @@ define([
         },
         addressOptions = addressList().filter(function (address) {
             return address.getType() === 'customer-address';
+        }),
+        addressDefaultIndex = addressOptions.findIndex(function (address) {
+            return address.isDefaultBilling();
         });
 
     return Component.extend({
@@ -53,7 +56,8 @@ define([
             this._super()
                 .observe('selectedAddress isNewAddressSelected')
                 .observe({
-                    isNewAddressSelected: !customer.isLoggedIn() || !addressOptions.length
+                    isNewAddressSelected: !customer.isLoggedIn() || !addressOptions.length,
+                    selectedAddress: this.addressOptions[addressDefaultIndex]
                 });
 
             return this;

app/code/Magento/Customer/Model/Customer/Authorization.php

@@ -0,0 +1,82 @@
+<?php
+/**
+ *
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Customer\Model\Customer;
+
+use Magento\Authorization\Model\UserContextInterface;
+use Magento\Customer\Model\CustomerFactory;
+use Magento\Customer\Model\ResourceModel\Customer as CustomerResource;
+use Magento\Framework\AuthorizationInterface;
+use Magento\Integration\Api\AuthorizationServiceInterface as AuthorizationService;
+use Magento\Store\Model\StoreManagerInterface;
+
+/**
+ * Checks if customer is logged in and authorized in the current store
+ */
+class Authorization implements AuthorizationInterface
+{
+    /**
+     * @var UserContextInterface
+     */
+    private $userContext;
+
+    /**
+     * @var CustomerFactory
+     */
+    private $customerFactory;
+
+    /**
+     * @var CustomerResource
+     */
+    private $customerResource;
+
+    /**
+     * @var StoreManagerInterface
+     */
+    private $storeManager;
+
+    /**
+     * Authorization constructor.
+     *
+     * @param UserContextInterface $userContext
+     * @param CustomerFactory $customerFactory
+     * @param CustomerResource $customerResource
+     * @param StoreManagerInterface $storeManager
+     */
+    public function __construct(
+        UserContextInterface $userContext,
+        CustomerFactory $customerFactory,
+        CustomerResource $customerResource,
+        StoreManagerInterface $storeManager
+    ) {
+        $this->userContext = $userContext;
+        $this->customerFactory = $customerFactory;
+        $this->customerResource = $customerResource;
+        $this->storeManager = $storeManager;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function isAllowed($resource, $privilege = null)
+    {
+        if ($resource === AuthorizationService::PERMISSION_SELF
+            && $this->userContext->getUserId()
+            && $this->userContext->getUserType() === UserContextInterface::USER_TYPE_CUSTOMER
+        ) {
+            $customer = $this->customerFactory->create();
+            $this->customerResource->load($customer, $this->userContext->getUserId());
+            $currentStoreId = $this->storeManager->getStore()->getId();
+            $sharedStoreIds = $customer->getSharedStoreIds();
+
+            return in_array($currentStoreId, $sharedStoreIds);
+        }
+
+        return false;
+    }
+}

app/code/Magento/Customer/Model/Customer/AuthorizationComposite.php

@@ -0,0 +1,50 @@
+<?php
+/**
+ *
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Customer\Model\Customer;
+
+use Magento\Framework\AuthorizationInterface;
+
+/**
+ * Class to invalidate user credentials
+ */
+class AuthorizationComposite implements AuthorizationInterface
+{
+    /**
+     * @var AuthorizationInterface[]
+     */
+    private $authorizationChecks;
+
+    /**
+     * AuthorizationComposite constructor.
+     *
+     * @param AuthorizationInterface[] $authorizationChecks
+     */
+    public function __construct(
+        array $authorizationChecks
+    ) {
+        $this->authorizationChecks = $authorizationChecks;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function isAllowed($resource, $privilege = null)
+    {
+        $result = false;
+
+        foreach ($this->authorizationChecks as $authorizationCheck) {
+            $result = $authorizationCheck->isAllowed($resource, $privilege);
+            if (!$result) {
+                break;
+            }
+        }
+
+        return $result;
+    }
+}

app/code/Magento/Customer/Model/Plugin/CustomerAuthorization.php

@@ -6,11 +6,9 @@
 
 namespace Magento\Customer\Model\Plugin;
 
-use Magento\Authorization\Model\UserContextInterface;
-use Magento\Customer\Model\CustomerFactory;
-use Magento\Customer\Model\ResourceModel\Customer as CustomerResource;
-use Magento\Integration\Api\AuthorizationServiceInterface as AuthorizationService;
-use Magento\Store\Model\StoreManagerInterface;
+use Closure;
+use Magento\Customer\Model\Customer\AuthorizationComposite;
+use Magento\Framework\Authorization;
 
 /**
  * Plugin around \Magento\Framework\Authorization::isAllowed
@@ -20,74 +18,38 @@
 class CustomerAuthorization
 {
     /**
-     * @var UserContextInterface
+     * @var AuthorizationComposite
      */
-    private $userContext;
-
-    /**
-     * @var CustomerFactory
-     */
-    private $customerFactory;
-
-    /**
-     * @var CustomerResource
-     */
-    private $customerResource;
-
-    /**
-     * @var StoreManagerInterface
-     */
-    private $storeManager;
+    private $authorizationComposite;
 
     /**
      * Inject dependencies.
-     *
-     * @param UserContextInterface $userContext
-     * @param CustomerFactory $customerFactory
-     * @param CustomerResource $customerResource
-     * @param StoreManagerInterface $storeManager
+     * @param AuthorizationComposite $composite
      */
     public function __construct(
-        UserContextInterface $userContext,
-        CustomerFactory $customerFactory,
-        CustomerResource $customerResource,
-        StoreManagerInterface $storeManager
+        AuthorizationComposite $composite
     ) {
-        $this->userContext = $userContext;
-        $this->customerFactory = $customerFactory;
-        $this->customerResource = $customerResource;
-        $this->storeManager = $storeManager;
+        $this->authorizationComposite = $composite;
     }
 
     /**
-     * Check if resource for which access is needed has self permissions defined in webapi config.
+     * Verify if to allow customer users to access resources with self permission
      *
-     * @param \Magento\Framework\Authorization $subject
-     * @param callable $proceed
-     * @param string $resource
-     * @param string $privilege
-     *
-     * @return bool true If resource permission is self, to allow
-     * customer access without further checks in parent method
      * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     * @param Authorization $subject
+     * @param Closure $proceed
+     * @param string $resource
+     * @param mixed $privilege
+     * @return bool
      */
     public function aroundIsAllowed(
-        \Magento\Framework\Authorization $subject,
-        \Closure $proceed,
-        $resource,
+        Authorization $subject,
+        Closure $proceed,
+        string $resource,
         $privilege = null
     ) {
-        if ($resource == AuthorizationService::PERMISSION_SELF
-            && $this->userContext->getUserId()
-            && $this->userContext->getUserType() === UserContextInterface::USER_TYPE_CUSTOMER
-        ) {
-            $customer = $this->customerFactory->create();
-            $this->customerResource->load($customer, $this->userContext->getUserId());
-            $currentStoreId = $this->storeManager->getStore()->getId();
-            $sharedStoreIds = $customer->getSharedStoreIds();
-            if (in_array($currentStoreId, $sharedStoreIds)) {
-                return true;
-            }
+        if ($this->authorizationComposite->isAllowed($resource, $privilege)) {
+            return true;
         }
 
         return $proceed($resource, $privilege);

app/code/Magento/Customer/Test/Mftf/Data/CustomerData.xml

@@ -285,6 +285,21 @@
         <requiredEntity type="address">DE_Address_Berlin_Not_Default_Address</requiredEntity>
         <requiredEntity type="address">UK_Not_Default_Address</requiredEntity>
     </entity>
+    <entity name="Customer_DE_UK_US" type="customer">
+        <data key="group_id">1</data>
+        <data key="default_billing">true</data>
+        <data key="default_shipping">true</data>
+        <data key="email" unique="prefix">[email protected]</data>
+        <data key="firstname">John</data>
+        <data key="lastname">Doe</data>
+        <data key="fullname">John Doe</data>
+        <data key="password">pwdTest123!</data>
+        <data key="store_id">0</data>
+        <data key="website_id">0</data>
+        <requiredEntity type="address">DE_Address_Berlin_Not_Default_Address</requiredEntity>
+        <requiredEntity type="address">UK_Not_Default_Address</requiredEntity>
+        <requiredEntity type="address">US_Address_NY</requiredEntity>
+    </entity>
     <entity name="Retailer_Customer" type="customer">
         <data key="group_id">3</data>
         <data key="default_billing">true</data>

app/code/Magento/Customer/etc/webapi_rest/di.xml

@@ -22,4 +22,13 @@
     <type name="Magento\Customer\Api\CustomerRepositoryInterface">
         <plugin name="updateCustomerByIdFromRequest" type="Magento\Customer\Model\Plugin\UpdateCustomer" />
     </type>
+    <type name="Magento\Customer\Model\Customer\AuthorizationComposite">
+        <arguments>
+            <argument name="authorizationChecks" xsi:type="array">
+                <item name="rest_customer_authorization" xsi:type="object">
+                    Magento\Customer\Model\Customer\Authorization
+                </item>
+            </argument>
+        </arguments>
+    </type>
 </config>

app/code/Magento/Customer/etc/webapi_soap/di.xml

@@ -9,4 +9,13 @@
      <type name="Magento\Framework\Authorization">
         <plugin name="customerAuthorization" type="Magento\Customer\Model\Plugin\CustomerAuthorization" />
     </type>
+    <type name="Magento\Customer\Model\Customer\AuthorizationComposite">
+        <arguments>
+            <argument name="authorizationChecks" xsi:type="array">
+                <item name="soap_customer_authorization" xsi:type="object">
+                    Magento\Customer\Model\Customer\Authorization
+                </item>
+            </argument>
+        </arguments>
+    </type>
 </config>

app/code/Magento/Customer/view/frontend/web/js/customer-data.js

@@ -261,6 +261,9 @@ define([
                 }
             });
 
+            //remove expired section names of previously installed/enable modules
+            expiredSectionNames = _.intersection(expiredSectionNames, sectionConfig.getSectionNames());
+
             return _.uniq(expiredSectionNames);
         },