ACP2E-3664: Page Builder's Product component doesn't work if the user doesn't have Widget permission

Author: aplapana

app/code/Magento/PageBuilder/Model/Stage/Config.php

@@ -223,7 +223,8 @@ private function getAcl()
     {
         return [
             'template_save' => $this->authorization->isAllowed(self::TEMPLATE_SAVE_RESOURCE),
-            'template_apply' => $this->authorization->isAllowed(self::TEMPLATE_APPLY_RESOURCE)
+            'template_apply' => $this->authorization->isAllowed(self::TEMPLATE_APPLY_RESOURCE),
+            'widget' => $this->authorization->isAllowed('Magento_Widget::widget_instance')
         ];
     }
 

app/code/Magento/PageBuilder/Test/Mftf/Test/AdminPageBuilderProductsCarouselTest/AdminPageBuilderProductsForbiddenEditTest.xml

@@ -0,0 +1,113 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright 2025 Adobe
+  * All Rights Reserved.
+  */
+-->
+<tests xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/testSchema.xsd">
+    <test name="AdminPageBuilderProductsForbiddenEditTest">
+        <annotations>
+            <features value="PageBuilder"/>
+            <stories value="Products"/>
+            <title value="Can't edit products widget"/>
+            <description value="Clicking products edit widget will display an error."/>
+            <severity value="MINOR"/>
+            <useCaseId value="AC-14344"/>
+            <testCaseId value="ACP2E-3664"/>
+            <group value="pagebuilder"/>
+            <group value="pagebuilder-products"/>
+            <group value="cloud"/>
+        </annotations>
+        <before>
+            <createData entity="_defaultCmsPage" stepKey="createCmsPage"/>
+            <actionGroup ref="AdminLoginActionGroup" stepKey="loginAsAdmin"/>
+            <createData entity="PageBuilderProductsSubCategory" stepKey="createPreReqCategory"/>
+            <createData entity="_defaultProduct" stepKey="createPreReqProduct1">
+                <requiredEntity createDataKey="createPreReqCategory"/>
+            </createData>
+            <createData entity="_defaultProduct" stepKey="createPreReqProduct2">
+                <requiredEntity createDataKey="createPreReqCategory"/>
+            </createData>
+            <amOnPage url="{{AdminCmsPageEditPage.url($$createCmsPage.id$$)}}" stepKey="openEditCmsPage"/>
+            <actionGroup ref="switchToPageBuilderStage" stepKey="switchToPageBuilderStage"/>
+            <actionGroup ref="dragContentTypeToStage" stepKey="dragRowToRootContainer">
+                <argument name="contentType" value="PageBuilderRowContentType"/>
+                <argument name="containerTargetType" value="PageBuilderRootContainerContentType"/>
+            </actionGroup>
+        </before>
+        <after>
+            <deleteData createDataKey="createPreReqProduct1" stepKey="deletePreReqProduct1"/>
+            <deleteData createDataKey="createPreReqProduct2" stepKey="deletePreReqProduct2"/>
+            <deleteData createDataKey="createPreReqCategory" stepKey="deletePreReqCategory"/>
+            <deleteData createDataKey="createCmsPage" stepKey="deleteCreateCmsPage"/>
+            <actionGroup ref="AdminLogoutActionGroup" stepKey="logoutExistingUser"/>
+            <actionGroup ref="AdminLoginActionGroup" stepKey="loginAsAdminClean"/>
+            <!--Delete created user-->
+            <actionGroup ref="AdminDeleteUserActionGroup" stepKey="deleteRestrictedAdmin">
+                <argument name="user" value="NewAdminUser"/>
+            </actionGroup>
+            <actionGroup ref="ClearFiltersAdminDataGridActionGroup" stepKey="clearFilterAfterDeletingNewAdminUser"/>
+            <!--Delete created user role-->
+            <actionGroup ref="AdminDeleteCreatedRoleActionGroup" stepKey="deleteRestrictedRole">
+                <argument name="role" value="adminRole"/>
+            </actionGroup>
+            <actionGroup ref="AdminLogoutActionGroup" stepKey="logout"/>
+        </after>
+        <actionGroup ref="addPageBuilderPageTitle" stepKey="enterPageTitle">
+            <argument name="contentType" value="PageBuilderProductsContentType"/>
+        </actionGroup>
+        <actionGroup ref="expandPageBuilderPanelMenuSection" stepKey="expandMenuSectionAddContent">
+            <argument name="contentType" value="PageBuilderProductsContentType"/>
+        </actionGroup>
+        <actionGroup ref="dragContentTypeToStage" stepKey="dragProductsIntoStage">
+            <argument name="contentType" value="PageBuilderProductsContentType"/>
+        </actionGroup>
+        <actionGroup ref="openPageBuilderEditPanel" stepKey="openEditAfterDrop">
+            <argument name="contentType" value="PageBuilderProductsContentType"/>
+        </actionGroup>
+        <actionGroup ref="chooseVisualSelectOption" stepKey="chooseSelectProductsBy">
+            <argument name="property" value="PageBuilderProductsSelectProductsByCondition"/>
+        </actionGroup>
+        <actionGroup ref="addConditionToProductConditions" stepKey="addCategory">
+            <argument name="conditionInput" value="$$createPreReqCategory.id$$"/>
+        </actionGroup>
+        <actionGroup ref="saveEditPanelSettings" stepKey="saveEditPanelSettings"/>
+        <actionGroup ref="exitPageBuilderFullScreen" stepKey="exitPageBuilderFullScreen"/>
+        <actionGroup ref="SaveAndContinueEditCmsPageActionGroup" stepKey="saveAndContinueEditCmsPage"/>
+
+        <!--Create user role with resource access-->
+        <actionGroup ref="AdminStartCreateUserRoleActionGroup" stepKey="startCreateUserRole">
+            <argument name="roleName" value="{{adminRole.name}}"/>
+            <argument name="userPassword" value="{{_CREDS.magento/MAGENTO_ADMIN_PASSWORD}}"/>
+            <argument name="resourceAccess" value="Custom"/>
+            <argument name="storeName" value="{{_defaultWebsite.name}}"/>
+        </actionGroup>
+        <actionGroup ref="AdminSelectUserRoleResourceActionGroup" stepKey="addCategoryAccess">
+            <argument name="resourceId" value="Magento_Catalog::categories_anchor"/>
+        </actionGroup>
+        <actionGroup ref="AdminSelectUserRoleResourceActionGroup" stepKey="addPageAccess">
+            <argument name="resourceId" value="Magento_Cms::page_anchor"/>
+        </actionGroup>
+        <actionGroup ref="AdminSaveUserRoleActionGroup" stepKey="saveRole"/>
+
+        <!--Create user role-->
+        <actionGroup ref="AdminCreateUserWithRoleActionGroup" stepKey="createRestrictedAdmin">
+            <argument name="role" value="adminRole"/>
+            <argument name="user" value="NewAdminUser"/>
+        </actionGroup>
+
+        <!-- Login as newly created admin user -->
+        <actionGroup ref="AdminLogoutActionGroup" stepKey="logoutFromAdmin"/>
+        <actionGroup ref="AdminLoginActionGroup" stepKey="loginAsRestrictedAdmin">
+            <argument name="username" value="{{NewAdminUser.username}}"/>
+            <argument name="password" value="{{NewAdminUser.password}}"/>
+        </actionGroup>
+
+        <amOnPage url="{{AdminCmsPageEditPage.url($$createCmsPage.id$$)}}" stepKey="openEditCmsPageSecond"/>
+        <actionGroup ref="switchToPageBuilderStage" stepKey="switchToPageBuilderStage2"/>
+        <waitForElementVisible selector="{{AdminGridConfirmActionSection.message}}" stepKey="waitForConfirmModal"/>
+        <see selector="{{AdminGridConfirmActionSection.message}}" userInput="Sorry, you need permissions to view this content." stepKey="seeForbiddenMessage"/>
+    </test>
+</tests>

app/code/Magento/PageBuilder/view/adminhtml/web/js/form/element/conditions-loader.js

@@ -18,11 +18,28 @@ define([
             data: {
                 conditions: conditions
             }
-        })
-        .done(function (response) {
+        }).done(function (response) {
             $conditionsFormPlaceholder.html(response);
             window[config.jsObjectName] = new RulesForm(config.jsObjectName, config.childComponentUrl);
             $('body').trigger('processStop');
+        }).fail(function (response) {
+            if (response.status === 403) {
+                $('body').notification('clear');
+                $('body').notification('add', {
+                    error: true,
+                    message: $.mage.__(
+                        'Forbidden. You do not have permission to perform this action.'
+                    ),
+                    insertMethod: function (message) {
+                        var $wrapper = $('<div></div>').html(message);
+
+                        $('.page-main-actions').after($wrapper);
+                    }
+                });
+                $('.save.primary').attr('disabled', true);
+                $('body').trigger('processStop');
+            }
+            this.loading(false);
         });
     };
 });

app/code/Magento/PageBuilder/view/adminhtml/web/js/form/element/product-totals.js

@@ -68,6 +68,30 @@ define([
             superError();
         },
 
+        /**
+         * Show upload error message
+         */
+        showForbiddenErrorMessage: function () {
+            let bodyObj = $('body');
+
+            bodyObj.notification('clear');
+            bodyObj.notification('add', {
+                error: true,
+                message: $.mage.__(
+                    'Forbidden. You do not have permission to perform this action.'
+                ),
+
+                /**
+                 * @param {String} message
+                 */
+                insertMethod: function (message) {
+                    let $wrapper = $('<div></div>').html(message);
+
+                    $('.page-main-actions').after($wrapper);
+                }
+            });
+        },
+
         /**
          * Update product count.
          */
@@ -128,7 +152,13 @@ define([
                 this.loading(false);
             }.bind(this)).fail(function () {
                 if (this.jqXHR.statusText !== 'abort') {
-                    this.value($t('An unknown error occurred. Please try again.'));
+                    if (this.jqXHR.status === 403) {
+                        this.showForbiddenErrorMessage();
+                        $('.save.primary').attr('disabled', true);
+                        $('body').trigger('processStop');
+                    } else {
+                        this.value($t('An unknown error occurred. Please try again.'));
+                    }
                 }
                 this.loading(false);
             }.bind(this));

app/code/Magento/PageBuilder/view/adminhtml/web/js/form/element/wysiwyg.js

@@ -11,8 +11,9 @@ define([
     'Magento_PageBuilder/js/events',
     'Magento_Ui/js/lib/view/utils/dom-observer',
     'Magento_PageBuilder/js/page-builder',
+    'Magento_Ui/js/modal/alert',
     'Magento_Ui/js/lib/view/utils/async'
-], function ($, _, Wysiwyg, $t, events, domObserver, PageBuilder) {
+], function ($, _, Wysiwyg, $t, events, domObserver, PageBuilder, alertDialog) {
     'use strict';
 
     /**
@@ -67,6 +68,20 @@ define([
          * Handle button click, init the Page Builder application
          */
         pageBuilderEditButtonClick: function (context, event) {
+            let aclResource = this.pageBuilder.config?.acl;
+
+            if (
+                aclResource !== undefined &&
+                aclResource.widget === false &&
+                aclResource.template_apply !== true &&
+                aclResource.template_save !== true
+            ) {
+                return alertDialog({
+                    content: $t('Sorry, you need permissions to view this content.'),
+                    title: $t('Permission Error')
+                });
+            }
+
             this.determineIfWithinModal(event.currentTarget);
             this.transition(false);
 
@@ -85,8 +100,8 @@ define([
             if (!this.isComponentInitialized()) {
                 this.loading(true);
                 this.pageBuilder = new PageBuilder(
-                  this.wysiwygConfigData(),
-                  this.initialValue
+                    this.wysiwygConfigData(),
+                    this.initialValue
                 );
                 if (!this.source.get('pageBuilderInstances')) {
                     this.source.set('pageBuilderInstances', []);