magento
diff --git a/‎CHANGELOG.md
Lines changed: 79 additions & 1 deletion b/‎CHANGELOG.md
Lines changed: 79 additions & 1 deletion
diff --git a/‎app/code/Magento/AdminNotification/etc/module.xml
Lines changed: 1 addition & 1 deletion b/‎app/code/Magento/AdminNotification/etc/module.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/code/Magento/Authorizenet/etc/module.xml
Lines changed: 1 addition & 1 deletion b/‎app/code/Magento/Authorizenet/etc/module.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/code/Magento/Authz/Service/AuthorizationV1.php
Lines changed: 103 additions & 38 deletions b/‎app/code/Magento/Authz/Service/AuthorizationV1.php
Lines changed: 103 additions & 38 deletions
diff --git a/‎app/code/Magento/Authz/etc/module.xml
Lines changed: 4 additions & 1 deletion b/‎app/code/Magento/Authz/etc/module.xml
Lines changed: 4 additions & 1 deletion
diff --git a/‎app/code/Magento/Backend/Block/Widget/Grid.php
Lines changed: 0 additions & 11 deletions b/‎app/code/Magento/Backend/Block/Widget/Grid.php
Lines changed: 0 additions & 11 deletions
diff --git a/‎app/code/Magento/Backend/Helper/Data.php
Lines changed: 13 additions & 12 deletions b/‎app/code/Magento/Backend/Helper/Data.php
Lines changed: 13 additions & 12 deletions
@@ -1,3 +1,81 @@
+2.0.0.0-dev84
+=============
+* Fixed bugs:
+  * Fixed an issue where an invalidly filled option did not become in focus after saving attempt on the Create New Order page in the backend
+  * Fixed an issue with the default configuration not being applied properly in the CAPTCHA configuration section
+  * Fixed an issue with optional State/Province fields on the Create New Order page being marked as required
+  * Fixed an issue with incorrect Customer model usage on session in community modules
+  * Fixed an issue where cache was not invalidated after applying catalog price rule
+  * Fixed an issue where an admin with custom permissions could not create Shopping Cart Price Rule/Catalog Price Rule
+  * Fixed an issue with REST request and response format being inconsistent
+  * Fixed an issue where there was an error on a bundle product page if bundle items contained an out of stock product
+  * Fixed a JS issue which appeared when adding associated products for a grouped product
+  * Fixed an issue where layered navigation was absent on the Advanced Search results page
+  * Fixed an issue where the leading "0" in numbers were truncated when exporting using Excel XML
+  * Fixed the price type attribute filter in Layered Navigation
+  * Fixed an issue with a fatal error in \Magento\Framework\ArchiveTest when bz2 extension was not installed
+  * Fixed an issue where an admin could search product by attributes set on the Store View level (except default store view)
+  * Fixed an issue where extra spaces in search values were not ignored during search and thus wrong search results were given
+* GitHub requests:
+  * [#542]  Fix ImportExport bug which occurs while importing multiple rows per entity
+  * [#544]  Performance tests not working
+* Framework improvements:
+  * Covered the following Magento application components with unit tests:
+      * `Customer/Model/Address.php`
+      * `Customer/Model/Address/AbstractAddress.php `
+      * `Customer/Model/Address/Converter.php`
+      * `Customer/Model/Customer.php`
+      * `Customer/Model/Customer/Attribute/Backend/Billing.php`
+      * `Customer/Model/Customer/Attribute/Backend/Shipping.php`
+      * `Customer/Model/Customer/Attribute/Backend/Store.php `
+      * `Customer/Model/Customer/Attribute/Backend/Website.php `
+      * `Customer/Model/Customer/Attribute/Backend/PasswordTest.php`
+      * `Customer/Helper/Address.php`
+      * `Customer/Helper/View.php`
+      * `Customer/Service/V1/CustomerAccountService.php`
+  * Covered Magento lib with unit tests:
+      * `lib/internal/Magento/Framework/Filter/*`
+      * `lib/internal/Magento/Framework/Model/Resource/Db/AbstractDb.php`
+      * `lib/internal/Magento/Framework/Model/Resource/Db/Collection/AbstractCollection.php`
+      * `lib/internal/Magento/Framework/File/Uploader.php`
+      * `lib/internal/Magento/Framework/File/Csv.php`
+      * `lib/internal/Magento/Framework/Less/File/Collector/Aggregated.php`
+      * `lib/internal/Magento/Framework/Less/File/Collector/Library.php`
+      * `lib/internal/Magento/Framework/Locale/Config.php`
+      * `lib/internal/Magento/Framework/Locale/Currency.php`
+      * `lib/internal/Magento/Framework/App/Config/Element.php`
+      * `lib/internal/Magento/Framework/App/Config/Value.php`
+      * `lib/internal/Magento/Framework/App/DefaultPath/DefaultPath.php`
+      * `lib/internal/Magento/Framework/App/EntryPoint/EntryPoint.php`
+      * `lib/internal/Magento/Framework/App/Helper/AbstractHelper.php`
+      * `lib/internal/Magento/Framework/App/Resource/ConnectionFactory.php`
+      * `lib/internal/Magento/Framework/App/Route/Config.php`
+  * Implemented the ability for a mobile client to get a partial response
+  * Added authentication support for mobile
+  * Refactored the Oauth lib exception not to reference module classes
+  * Moved the authorization services according to the new directory format: was \Magento\Authz\Service\AuthorizationV1Interface, became \Magento\Authz\Service\V1\AuthorizationInterface
+  * Moved the integration services according to the new directory format:
+    * Was \Magento\Integration\Service\IntegrationV1, became \Magento\Integration\Service\V1\Integration
+    * Was \Magento\Integration\Service\OauthV1, became \Magento\Integration\Service\V1\Oauth
+  * Improved security of the integration registration
+  * Introduced language packages with ability to inherit dictionaries
+* Improved modularity of ImportExport
+* Created Service API for Magento_Catalog module:
+   * Implemented Product Attribute Media API
+   * Implemented Product Group Price API
+   * Implemented Product Attribute Write API
+   * Implemented Product Attribute Options Read and Write API
+* Created Service for the Magento Tax module:
+  * Implemented Tax Rule Service
+  * Implemented Tax Rate Service
+  * Implemented Tax Calculation Data Objects
+  * Implemented Tax Calculation Builders
+  * Implemented Tax Calculation Service
+* Covered the part of the Catalog Module with unit tests
+* Added PayPall Bill Me Later button
+* Streamlined checkout experience
+* Improved order review page for PayPal Express Checkout
+
 2.0.0.0-dev83
 =============
 * Created the Service API for the Magento_Catalog Module:
@@ -221,7 +299,7 @@
   * Fixed price inconsistencies between catalog and shopping cart
   * Added support for maintaining consistent price including tax for customers with different tax rates
   * Added support for applying tax rules with different priorities to subtotal only
-  
+
 * Fixed bugs:
   * Removed the extra '%' sign in the error\notice message on Gift Card Accounts page on the backend
   * Fixed an issue with image uploading functionality in the Catalog configuration
 
@@ -24,7 +24,7 @@
  */
 -->
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="../../../../../lib/internal/Magento/Framework/Module/etc/module.xsd">
-    <module name="Magento_AdminNotification" version="2.0.0.0" active="true">
+    <module name="Magento_AdminNotification" schema_version="2.0.0.0" active="true">
         <sequence>
             <module name="Magento_Core"/>
             <module name="Magento_Store"/>
 
@@ -24,7 +24,7 @@
  */
 -->
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="../../../../../lib/internal/Magento/Framework/Module/etc/module.xsd">
-    <module name="Magento_Authorizenet" version="1.5.0.0" active="true">
+    <module name="Magento_Authorizenet" schema_version="1.5.0.0" active="true">
         <sequence>
             <module name="Magento_Sales"/>
             <module name="Magento_Checkout"/>
 
@@ -23,18 +23,18 @@
  */
 namespace Magento\Authz\Service;
 
-use Magento\Framework\Acl\Builder as AclBuilder;
-use Magento\Framework\Acl;
 use Magento\Authz\Model\UserIdentifier;
+use Magento\Framework\Acl;
+use Magento\Framework\Acl\Builder as AclBuilder;
+use Magento\Framework\Acl\RootResource as RootAclResource;
 use Magento\Framework\Logger;
-use Magento\Webapi\ServiceException as ServiceException;
-use Magento\Webapi\ServiceResourceNotFoundException;
 use Magento\User\Model\Resource\Role\CollectionFactory as RoleCollectionFactory;
 use Magento\User\Model\Resource\Rules\CollectionFactory as RulesCollectionFactory;
 use Magento\User\Model\Role;
 use Magento\User\Model\RoleFactory;
 use Magento\User\Model\RulesFactory;
-use Magento\Framework\Acl\RootResource as RootAclResource;
+use Magento\Webapi\ServiceException as ServiceException;
+use Magento\Webapi\ServiceResourceNotFoundException;
 
 /**
  * Authorization service.
@@ -44,6 +44,9 @@
  */
 class AuthorizationV1 implements AuthorizationV1Interface
 {
+    const PERMISSION_ANONYMOUS = 'anonymous';
+    const PERMISSION_SELF = 'self';
+
     /**
      * @var AclBuilder
      */
@@ -121,29 +124,12 @@ public function __construct(
      */
     public function isAllowed($resources, UserIdentifier $userIdentifier = null)
     {
-        $resources = is_array($resources) ? $resources : array($resources);
+        $resources = is_array($resources) ? $resources : [$resources];
         $userIdentifier = $userIdentifier ? $userIdentifier : $this->_userIdentifier;
-        try {
-            $role = $this->_getUserRole($userIdentifier);
-            if (!$role) {
-                throw new ServiceResourceNotFoundException(
-                    __(
-                        'Role for user with ID "%1" and user type "%2" cannot be found.',
-                        $userIdentifier->getUserId(),
-                        $userIdentifier->getUserType()
-                    )
-                );
-            }
-            foreach ($resources as $resource) {
-                if (!$this->_aclBuilder->getAcl()->isAllowed($role->getId(), $resource)) {
-                    return false;
-                }
-            }
+        if ($this->_isAnonymousOrSelfAllowed($resources, $userIdentifier)) {
             return true;
-        } catch (\Exception $e) {
-            $this->_logger->logException($e);
-            return false;
         }
+        return $this->_isUserWithRoleAllowed($resources, $userIdentifier);
     }
 
     /**
@@ -180,7 +166,12 @@ public function grantAllPermissions(UserIdentifier $userIdentifier)
      */
     public function getAllowedResources(UserIdentifier $userIdentifier)
     {
-        $allowedResources = array();
+        if ($userIdentifier->getUserType() == UserIdentifier::USER_TYPE_GUEST) {
+            return [self::PERMISSION_ANONYMOUS];
+        } elseif ($userIdentifier->getUserType() == UserIdentifier::USER_TYPE_CUSTOMER) {
+            return [self::PERMISSION_SELF];
+        }
+        $allowedResources = [];
         try {
             $role = $this->_getUserRole($userIdentifier);
             if (!$role) {
@@ -234,6 +225,9 @@ public function removePermissions(UserIdentifier $userIdentifier)
     protected function _createRole($userIdentifier)
     {
         $userType = $userIdentifier->getUserType();
+        if (!$this->_canRoleBeCreatedForUserType($userType)) {
+            throw new \LogicException("The role with user type '{$userType}' cannot be created");
+        }
         $userId = $userIdentifier->getUserId();
         switch ($userType) {
             case UserIdentifier::USER_TYPE_INTEGRATION:
@@ -246,17 +240,12 @@ protected function _createRole($userIdentifier)
                 throw new \LogicException("Unknown user type: '{$userType}'.");
         }
         $role = $this->_roleFactory->create();
-        $role->setRoleName(
-            $roleName
-        )->setUserType(
-            $userType
-        )->setUserId(
-            $userId
-        )->setRoleType(
-            $roleType
-        )->setParentId(
-            $parentId
-        )->save();
+        $role->setRoleName($roleName)
+            ->setUserType($userType)
+            ->setUserId($userId)
+            ->setRoleType($roleType)
+            ->setParentId($parentId)
+            ->save();
         return $role;
     }
 
@@ -270,6 +259,9 @@ protected function _createRole($userIdentifier)
     protected function _deleteRole($userIdentifier)
     {
         $userType = $userIdentifier->getUserType();
+        if (!$this->_canRoleBeCreatedForUserType($userType)) {
+            throw new \LogicException("The role with user type '{$userType}' cannot be created or deleted.");
+        }
         $userId = $userIdentifier->getUserId();
         switch ($userType) {
             case UserIdentifier::USER_TYPE_INTEGRATION:
@@ -287,13 +279,19 @@ protected function _deleteRole($userIdentifier)
      *
      * @param UserIdentifier $userIdentifier
      * @return Role|false Return false in case when no role associated with provided user was found.
+     * @throws \LogicException
      */
     protected function _getUserRole($userIdentifier)
     {
+        if (!$this->_canRoleBeCreatedForUserType($userIdentifier)) {
+            throw new \LogicException(
+                "The role with user type '{$userIdentifier->getUserType()}' does not exist and cannot be created"
+            );
+        }
         $roleCollection = $this->_roleCollectionFactory->create();
         $userType = $userIdentifier->getUserType();
-        $userId = $userIdentifier->getUserId();
         /** @var Role $role */
+        $userId = $userIdentifier->getUserId();
         $role = $roleCollection->setUserFilter($userId, $userType)->getFirstItem();
         return $role->getId() ? $role : false;
     }
@@ -304,11 +302,78 @@ protected function _getUserRole($userIdentifier)
      * @param Role $role
      * @param string[] $resources
      * @return void
+     * @throws \LogicException
      */
     protected function _associateResourcesWithRole($role, array $resources)
     {
         /** @var \Magento\User\Model\Rules $rules */
         $rules = $this->_rulesFactory->create();
         $rules->setRoleId($role->getId())->setResources($resources)->saveRel();
     }
+
+    /**
+     * Check if there role can be associated with user having provided user type.
+     *
+     * Roles cannot be created for guests and customers.
+     *
+     * @param string $userType
+     * @return bool
+     */
+    protected function _canRoleBeCreatedForUserType($userType)
+    {
+        return ($userType != UserIdentifier::USER_TYPE_CUSTOMER) && ($userType != UserIdentifier::USER_TYPE_GUEST);
+    }
+
+    /**
+     * Check if the user has permission to access the requested resources.
+     *
+     * @param string[] $resources
+     * @param UserIdentifier $userIdentifier
+     * @return bool
+     */
+    protected function _isAnonymousOrSelfAllowed($resources, UserIdentifier $userIdentifier)
+    {
+        if (count($resources) == 1) {
+            $resource = reset($resources);
+            $isAnonymousAccess = ($resource == self::PERMISSION_ANONYMOUS);
+            $isSelfAccess = ($userIdentifier->getUserType() == UserIdentifier::USER_TYPE_CUSTOMER)
+                && ($resource == self::PERMISSION_SELF);
+            if ($isAnonymousAccess || $isSelfAccess) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * Check if user who has role is allowed to access requested resources.
+     *
+     * @param string[] $resources
+     * @param UserIdentifier $userIdentifier
+     * @return bool
+     */
+    protected function _isUserWithRoleAllowed($resources, UserIdentifier $userIdentifier)
+    {
+        try {
+            $role = $this->_getUserRole($userIdentifier);
+            if (!$role) {
+                throw new ServiceResourceNotFoundException(
+                    __(
+                        'Role for user with ID "%1" and user type "%2" cannot be found.',
+                        $userIdentifier->getUserId(),
+                        $userIdentifier->getUserType()
+                    )
+                );
+            }
+            foreach ($resources as $resource) {
+                if (!$this->_aclBuilder->getAcl()->isAllowed($role->getId(), $resource)) {
+                    return false;
+                }
+            }
+            return true;
+        } catch (\Exception $e) {
+            $this->_logger->logException($e);
+            return false;
+        }
+    }
 }
@@ -24,7 +24,10 @@
  */
 -->
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="../../../../../lib/internal/Magento/Framework/Module/etc/module.xsd">
-    <module name="Magento_Authz" version="1.0.0.0" active="true">
+    <module name="Magento_Authz" schema_version="1.0.0.0" active="true">
+        <sequence>
+            <module name="Magento_User"/>
+        </sequence>
         <depends>
             <!--TODO: Dependency on Magento_User is temporary and should be eliminated when ACL is made global-->
             <module name="Magento_User"/>
 
@@ -397,17 +397,6 @@ protected function _prepareCollection()
         return $this;
     }
 
-    /**
-     * Decode URL encoded filter value recursive callback method
-     *
-     * @param string &$value
-     * @return void
-     */
-    protected function _decodeFilter(&$value)
-    {
-        $value = $this->_backendHelper->decodeFilter($value);
-    }
-
     /**
      * Apply pagination to collection
      *
 
@@ -177,21 +177,22 @@ public function prepareFilterString($filterString)
         $data = array();
         $filterString = base64_decode($filterString);
         parse_str($filterString, $data);
-        array_walk_recursive($data, array($this, 'decodeFilter'));
+        array_walk_recursive(
+            $data,
+            // @codingStandardsIgnoreStart
+            /**
+             * Decodes URL-encoded string and trims whitespaces from the beginning and end of a string
+             *
+             * @param string $value
+             */
+            // @codingStandardsIgnoreEnd
+            function (&$value) {
+                $value = trim(rawurldecode($value));
+            }
+        );
         return $data;
     }
 
-    /**
-     * Decode URL encoded filter value recursive callback method
-     *
-     * @param string &$value
-     * @return void
-     */
-    public function decodeFilter(&$value)
-    {
-        $value = rawurldecode($value);
-    }
-
     /**
      * Generate unique token for reset password confirmation link
      *