aclResource for UIComponent buttons

kassner · kassner · commit ba9f4f8fba86 · 2019-01-18T15:04:29.000+01:00
diff --git a/app/code/Magento/Sales/view/adminhtml/ui_component/sales_order_grid.xml b/app/code/Magento/Sales/view/adminhtml/ui_component/sales_order_grid.xml
@@ -17,6 +17,7 @@
                 <url path="sales/order_create/start"/>
                 <class>primary</class>
                 <label translate="true">Create New Order</label>
+                <aclResource>Magento_Sales::create</aclResource>
             </button>
         </buttons>
         <spinner>sales_order_columns</spinner>
diff --git a/app/code/Magento/Ui/view/base/ui_component/etc/definition/ui_settings.xsd b/app/code/Magento/Ui/view/base/ui_component/etc/definition/ui_settings.xsd
@@ -476,6 +476,13 @@
                                     </xs:documentation>
                                 </xs:annotation>
                             </xs:element>
+                            <xs:element name="aclResource" type="xs:string" minOccurs="0" maxOccurs="1">
+                                <xs:annotation>
+                                    <xs:documentation>
+                                        ACL Resource used to validate access to UI Component data
+                                    </xs:documentation>
+                                </xs:annotation>
+                            </xs:element>
                             <xs:element ref="param"/>
                         </xs:choice>
                         <xs:attribute name="name" type="xs:string" use="required">
diff --git a/lib/internal/Magento/Framework/View/Element/UiComponent/Context.php b/lib/internal/Magento/Framework/View/Element/UiComponent/Context.php
@@ -6,6 +6,7 @@
 namespace Magento\Framework\View\Element\UiComponent;
 
 use Magento\Framework\App\RequestInterface;
+use Magento\Framework\AuthorizationInterface;
 use Magento\Framework\UrlInterface;
 use Magento\Framework\View\Element\UiComponent\ContentType\ContentTypeFactory;
 use Magento\Framework\View\Element\UiComponent\Control\ActionPoolFactory;
@@ -94,6 +95,11 @@ class Context implements ContextInterface
      */
     protected $uiComponentFactory;
 
+    /**
+     * @var AuthorizationInterface
+     */
+    protected $authorization;
+
     /**
      * @param PageLayoutInterface $pageLayout
      * @param RequestInterface $request
@@ -103,6 +109,7 @@ class Context implements ContextInterface
      * @param UrlInterface $urlBuilder
      * @param Processor $processor
      * @param UiComponentFactory $uiComponentFactory
+     * @param AuthorizationInterface $authorization
      * @param DataProviderInterface|null $dataProvider
      * @param string|null $namespace
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
@@ -116,6 +123,7 @@ public function __construct(
         UrlInterface $urlBuilder,
         Processor $processor,
         UiComponentFactory $uiComponentFactory,
+        AuthorizationInterface $authorization,
         DataProviderInterface $dataProvider = null,
         $namespace = null
     ) {
@@ -129,6 +137,7 @@ public function __construct(
         $this->urlBuilder = $urlBuilder;
         $this->processor = $processor;
         $this->uiComponentFactory = $uiComponentFactory;
+        $this->authorization = $authorization;
         $this->setAcceptType();
     }
 
@@ -280,6 +289,9 @@ public function addButtons(array $buttons, UiComponentInterface $component)
             uasort($buttons, [$this, 'sortButtons']);
 
             foreach ($buttons as $buttonId => $buttonData) {
+                if (isset($buttonData['aclResource']) && !$this->authorization->isAllowed($buttonData['aclResource'])) {
+                    continue;
+                }
                 if (isset($buttonData['url'])) {
                     $buttonData['url'] = $this->getUrl($buttonData['url']);
                 }
diff --git a/lib/internal/Magento/Framework/View/Test/Unit/Element/UiComponent/ContextTest.php b/lib/internal/Magento/Framework/View/Test/Unit/Element/UiComponent/ContextTest.php
@@ -19,6 +19,16 @@ class ContextTest extends \PHPUnit\Framework\TestCase
      */
     protected $context;
 
+    /**
+     * @var \Magento\Framework\View\Element\UiComponent\Control\ActionPoolInterface
+     */
+    private $actionPool;
+
+    /**
+     * @var \Magento\Framework\AuthorizationInterface
+     */
+    private $authorization;
+
     protected function setUp()
     {
         $pageLayout = $this->getMockBuilder(\Magento\Framework\View\LayoutInterface::class)->getMock();
@@ -33,6 +43,10 @@ protected function setUp()
             $this->getMockBuilder(\Magento\Framework\View\Element\UiComponent\Control\ActionPoolFactory::class)
                 ->disableOriginalConstructor()
                 ->getMock();
+        $this->actionPool = $this->getMockBuilder(\Magento\Framework\View\Element\UiComponent\Control\ActionPoolInterface::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+        $actionPoolFactory->method('create')->willReturn($this->actionPool);
         $contentTypeFactory =
             $this->getMockBuilder(\Magento\Framework\View\Element\UiComponent\ContentType\ContentTypeFactory::class)
                 ->disableOriginalConstructor()
@@ -43,6 +57,9 @@ protected function setUp()
             $this->getMockBuilder(\Magento\Framework\View\Element\UiComponentFactory::class)
                 ->disableOriginalConstructor()
                 ->getMock();
+        $this->authorization = $this->getMockBuilder(\Magento\Framework\AuthorizationInterface::class)
+            ->disableOriginalConstructor()
+            ->getMock();
 
         $objectManagerHelper = new ObjectManagerHelper($this);
         $this->context = $objectManagerHelper->getObject(
@@ -55,11 +72,62 @@ protected function setUp()
                 'contentTypeFactory'    => $contentTypeFactory,
                 'urlBuilder'            => $urlBuilder,
                 'processor'             => $processor,
-                'uiComponentFactory'    => $uiComponentFactory
+                'uiComponentFactory'    => $uiComponentFactory,
+                'authorization'         => $this->authorization,
             ]
         );
     }
 
+    public function testAddButtonWithoutAclResource()
+    {
+        $component = $this->getMockBuilder(\Magento\Framework\View\Element\UiComponentInterface::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        $this->actionPool->expects($this->once())->method('add');
+        $this->authorization->expects($this->never())->method('isAllowed');
+
+        $this->context->addButtons([
+            'button_1' => [
+                'name' => 'button_1',
+            ],
+        ], $component);
+    }
+
+    public function testAddButtonWithAclResourceAllowed()
+    {
+        $component = $this->getMockBuilder(\Magento\Framework\View\Element\UiComponentInterface::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        $this->actionPool->expects($this->once())->method('add');
+        $this->authorization->expects($this->once())->method('isAllowed')->willReturn(true);
+
+        $this->context->addButtons([
+            'button_1' => [
+                'name' => 'button_1',
+                'aclResource' => 'Magento_Framwork::acl',
+            ],
+        ], $component);
+    }
+
+    public function testAddButtonWithAclResourceDenied()
+    {
+        $component = $this->getMockBuilder(\Magento\Framework\View\Element\UiComponentInterface::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        $this->actionPool->expects($this->never())->method('add');
+        $this->authorization->expects($this->once())->method('isAllowed')->willReturn(false);
+
+        $this->context->addButtons([
+            'button_1' => [
+                'name' => 'button_1',
+                'aclResource' => 'Magento_Framwork::acl',
+            ],
+        ], $component);
+    }
+
     /**
      * @dataProvider addComponentDefinitionDataProvider
      * @param array $components
