Merge pull request #436 from adobe-commerce-tier-4/PR_2025_05_28

alzota · web-flow · commit bd9181b6205d · 2025-06-03T14:58:21.000+03:00
[Support Tier-4 chittima] 05-28-2025 Regular delivery of bugfixes and improvements
diff --git a/app/code/Magento/PageBuilder/Model/Stage/Config.php b/app/code/Magento/PageBuilder/Model/Stage/Config.php
@@ -223,7 +223,8 @@ private function getAcl()
     {
         return [
             'template_save' => $this->authorization->isAllowed(self::TEMPLATE_SAVE_RESOURCE),
-            'template_apply' => $this->authorization->isAllowed(self::TEMPLATE_APPLY_RESOURCE)
+            'template_apply' => $this->authorization->isAllowed(self::TEMPLATE_APPLY_RESOURCE),
+            'widget' => $this->authorization->isAllowed('Magento_Widget::widget_instance')
         ];
     }
 
diff --git a/app/code/Magento/PageBuilder/Test/Mftf/Data/TemplateData.xml b/app/code/Magento/PageBuilder/Test/Mftf/Data/TemplateData.xml
@@ -82,6 +82,7 @@
             <item name="Magento_Cms::page">Magento_Cms::page</item>
             <item name="Magento_Cms::save">Magento_Cms::save</item>
             <item name="Magento_PageBuilder::templates">Magento_PageBuilder::templates</item>
+            <item name="Magento_Widget::widget_instance">Magento_Widget::widget_instance</item>
         </array>
     </entity>
     <entity name="rolePageBuilderSaveTemplates" type="user_role" extends="adminRestrictedProductRole">
@@ -101,6 +102,7 @@
             <item name="Magento_Cms::save">Magento_Cms::save</item>
             <item name="Magento_PageBuilder::templates">Magento_PageBuilder::templates</item>
             <item name="Magento_PageBuilder::template_save">Magento_PageBuilder::template_save</item>
+            <item name="Magento_Widget::widget_instance">Magento_Widget::widget_instance</item>
         </array>
     </entity>
     <entity name="rolePageBuilderApplyTemplates" type="user_role" extends="adminRestrictedProductRole">
@@ -120,6 +122,7 @@
             <item name="Magento_Cms::save">Magento_Cms::save</item>
             <item name="Magento_PageBuilder::templates">Magento_PageBuilder::templates</item>
             <item name="Magento_PageBuilder::template_apply">Magento_PageBuilder::template_apply</item>
+            <item name="Magento_Widget::widget_instance">Magento_Widget::widget_instance</item>
         </array>
     </entity>
     <entity name="rolePageBuilderDeleteTemplates" type="user_role" extends="adminRestrictedProductRole">
diff --git a/app/code/Magento/PageBuilder/Test/Mftf/Test/AdminPageBuilderProductsCarouselTest/AdminPageBuilderProductsForbiddenEditTest.xml b/app/code/Magento/PageBuilder/Test/Mftf/Test/AdminPageBuilderProductsCarouselTest/AdminPageBuilderProductsForbiddenEditTest.xml
@@ -0,0 +1,113 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright 2025 Adobe
+  * All Rights Reserved.
+  */
+-->
+<tests xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/testSchema.xsd">
+    <test name="AdminPageBuilderProductsForbiddenEditTest">
+        <annotations>
+            <features value="PageBuilder"/>
+            <stories value="Products"/>
+            <title value="Can't edit products widget"/>
+            <description value="Clicking products edit widget will display an error."/>
+            <severity value="MINOR"/>
+            <useCaseId value="AC-14344"/>
+            <testCaseId value="ACP2E-3664"/>
+            <group value="pagebuilder"/>
+            <group value="pagebuilder-products"/>
+            <group value="cloud"/>
+        </annotations>
+        <before>
+            <createData entity="_defaultCmsPage" stepKey="createCmsPage"/>
+            <actionGroup ref="AdminLoginActionGroup" stepKey="loginAsAdmin"/>
+            <createData entity="PageBuilderProductsSubCategory" stepKey="createPreReqCategory"/>
+            <createData entity="_defaultProduct" stepKey="createPreReqProduct1">
+                <requiredEntity createDataKey="createPreReqCategory"/>
+            </createData>
+            <createData entity="_defaultProduct" stepKey="createPreReqProduct2">
+                <requiredEntity createDataKey="createPreReqCategory"/>
+            </createData>
+            <amOnPage url="{{AdminCmsPageEditPage.url($$createCmsPage.id$$)}}" stepKey="openEditCmsPage"/>
+            <actionGroup ref="switchToPageBuilderStage" stepKey="switchToPageBuilderStage"/>
+            <actionGroup ref="dragContentTypeToStage" stepKey="dragRowToRootContainer">
+                <argument name="contentType" value="PageBuilderRowContentType"/>
+                <argument name="containerTargetType" value="PageBuilderRootContainerContentType"/>
+            </actionGroup>
+        </before>
+        <after>
+            <deleteData createDataKey="createPreReqProduct1" stepKey="deletePreReqProduct1"/>
+            <deleteData createDataKey="createPreReqProduct2" stepKey="deletePreReqProduct2"/>
+            <deleteData createDataKey="createPreReqCategory" stepKey="deletePreReqCategory"/>
+            <deleteData createDataKey="createCmsPage" stepKey="deleteCreateCmsPage"/>
+            <actionGroup ref="AdminLogoutActionGroup" stepKey="logoutExistingUser"/>
+            <actionGroup ref="AdminLoginActionGroup" stepKey="loginAsAdminClean"/>
+            <!--Delete created user-->
+            <actionGroup ref="AdminDeleteUserActionGroup" stepKey="deleteRestrictedAdmin">
+                <argument name="user" value="NewAdminUser"/>
+            </actionGroup>
+            <actionGroup ref="ClearFiltersAdminDataGridActionGroup" stepKey="clearFilterAfterDeletingNewAdminUser"/>
+            <!--Delete created user role-->
+            <actionGroup ref="AdminDeleteCreatedRoleActionGroup" stepKey="deleteRestrictedRole">
+                <argument name="role" value="adminRole"/>
+            </actionGroup>
+            <actionGroup ref="AdminLogoutActionGroup" stepKey="logout"/>
+        </after>
+        <actionGroup ref="addPageBuilderPageTitle" stepKey="enterPageTitle">
+            <argument name="contentType" value="PageBuilderProductsContentType"/>
+        </actionGroup>
+        <actionGroup ref="expandPageBuilderPanelMenuSection" stepKey="expandMenuSectionAddContent">
+            <argument name="contentType" value="PageBuilderProductsContentType"/>
+        </actionGroup>
+        <actionGroup ref="dragContentTypeToStage" stepKey="dragProductsIntoStage">
+            <argument name="contentType" value="PageBuilderProductsContentType"/>
+        </actionGroup>
+        <actionGroup ref="openPageBuilderEditPanel" stepKey="openEditAfterDrop">
+            <argument name="contentType" value="PageBuilderProductsContentType"/>
+        </actionGroup>
+        <actionGroup ref="chooseVisualSelectOption" stepKey="chooseSelectProductsBy">
+            <argument name="property" value="PageBuilderProductsSelectProductsByCondition"/>
+        </actionGroup>
+        <actionGroup ref="addConditionToProductConditions" stepKey="addCategory">
+            <argument name="conditionInput" value="$$createPreReqCategory.id$$"/>
+        </actionGroup>
+        <actionGroup ref="saveEditPanelSettings" stepKey="saveEditPanelSettings"/>
+        <actionGroup ref="exitPageBuilderFullScreen" stepKey="exitPageBuilderFullScreen"/>
+        <actionGroup ref="SaveAndContinueEditCmsPageActionGroup" stepKey="saveAndContinueEditCmsPage"/>
+
+        <!--Create user role with resource access-->
+        <actionGroup ref="AdminStartCreateUserRoleActionGroup" stepKey="startCreateUserRole">
+            <argument name="roleName" value="{{adminRole.name}}"/>
+            <argument name="userPassword" value="{{_CREDS.magento/MAGENTO_ADMIN_PASSWORD}}"/>
+            <argument name="resourceAccess" value="Custom"/>
+            <argument name="storeName" value="{{_defaultWebsite.name}}"/>
+        </actionGroup>
+        <actionGroup ref="AdminSelectUserRoleResourceActionGroup" stepKey="addCategoryAccess">
+            <argument name="resourceId" value="Magento_Catalog::categories_anchor"/>
+        </actionGroup>
+        <actionGroup ref="AdminSelectUserRoleResourceActionGroup" stepKey="addPageAccess">
+            <argument name="resourceId" value="Magento_Cms::page_anchor"/>
+        </actionGroup>
+        <actionGroup ref="AdminSaveUserRoleActionGroup" stepKey="saveRole"/>
+
+        <!--Create user role-->
+        <actionGroup ref="AdminCreateUserWithRoleActionGroup" stepKey="createRestrictedAdmin">
+            <argument name="role" value="adminRole"/>
+            <argument name="user" value="NewAdminUser"/>
+        </actionGroup>
+
+        <!-- Login as newly created admin user -->
+        <actionGroup ref="AdminLogoutActionGroup" stepKey="logoutFromAdmin"/>
+        <actionGroup ref="AdminLoginActionGroup" stepKey="loginAsRestrictedAdmin">
+            <argument name="username" value="{{NewAdminUser.username}}"/>
+            <argument name="password" value="{{NewAdminUser.password}}"/>
+        </actionGroup>
+
+        <amOnPage url="{{AdminCmsPageEditPage.url($$createCmsPage.id$$)}}" stepKey="openEditCmsPageSecond"/>
+        <actionGroup ref="switchToPageBuilderStage" stepKey="switchToPageBuilderStage2"/>
+        <waitForElementVisible selector="{{AdminGridConfirmActionSection.message}}" stepKey="waitForConfirmModal"/>
+        <see selector="{{AdminGridConfirmActionSection.message}}" userInput="Sorry, you need permissions to view this content." stepKey="seeForbiddenMessage"/>
+    </test>
+</tests>
diff --git a/app/code/Magento/PageBuilder/etc/graphql/di.xml b/app/code/Magento/PageBuilder/etc/graphql/di.xml
@@ -9,4 +9,7 @@
     <type name="Magento\Framework\Filter\Template">
         <plugin name="convertBackgroundImages" type="Magento\PageBuilder\Plugin\Filter\TemplatePlugin" disabled="true"/>
     </type>
+    <type name="Magento\CatalogWidget\Block\Product\ProductsList">
+        <plugin name="pagebuilder_product_list" type="Magento\PageBuilder\Plugin\Catalog\Block\Product\ProductsListPlugin" sortOrder="1"/>
+    </type>
 </config>
diff --git a/app/code/Magento/PageBuilder/i18n/en_US.csv b/app/code/Magento/PageBuilder/i18n/en_US.csv
@@ -323,3 +323,5 @@ OK,OK
 "Save Content as Template","Save Content as Template"
 "Template Name","Template Name"
 "Could not delete the Template: %1","Could not delete the Template: %1"
+"Forbidden. You do not have permission to perform this action.","Forbidden. You do not have permission to perform this action."
+"Permission Error","Permission Error"
diff --git a/app/code/Magento/PageBuilder/view/adminhtml/web/js/form/element/conditions-loader.js b/app/code/Magento/PageBuilder/view/adminhtml/web/js/form/element/conditions-loader.js
@@ -1,10 +1,14 @@
+/**
+ * Copyright 2018 Adobe
+ * All Rights Reserved.
+ */
 define([
     'jquery',
     'Magento_Rule/rules',
     'uiRegistry',
     'mage/utils/objects'
 ], function ($, RulesForm, uiRegistry, objectUtils) {
-    'use strict';
+    'use strict'; // eslint-disable-line strict
 
     return function (config, conditionsFormPlaceholder) {
         var $conditionsFormPlaceholder = $(conditionsFormPlaceholder),
@@ -18,11 +22,28 @@ define([
             data: {
                 conditions: conditions
             }
-        })
-        .done(function (response) {
+        }).done(function (response) {
             $conditionsFormPlaceholder.html(response);
             window[config.jsObjectName] = new RulesForm(config.jsObjectName, config.childComponentUrl);
             $('body').trigger('processStop');
+        }).fail(function (response) {
+            if (response.status === 403) {
+                $('body').notification('clear');
+                $('body').notification('add', {
+                    error: true,
+                    message: $.mage.__(
+                        'Forbidden. You do not have permission to perform this action.'
+                    ),
+                    insertMethod: function (message) {
+                        var $wrapper = $('<div></div>').html(message);
+
+                        $('.page-main-actions').after($wrapper);
+                    }
+                });
+                $('.save.primary').attr('disabled', true);
+                $('body').trigger('processStop');
+            }
+            this.loading(false);
         });
     };
 });
diff --git a/app/code/Magento/PageBuilder/view/adminhtml/web/js/form/element/product-totals.js b/app/code/Magento/PageBuilder/view/adminhtml/web/js/form/element/product-totals.js
@@ -1,6 +1,6 @@
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2019 Adobe
+ * All Rights Reserved.
  */
 
 define([
@@ -10,7 +10,7 @@ define([
     'Magento_PageBuilder/js/form/provider/conditions-data-processor',
     'Magento_Ui/js/form/element/abstract'
 ], function (_, $, $t, conditionsDataProcessor, Abstract) {
-    'use strict';
+    'use strict'; // eslint-disable-line strict
 
     return Abstract.extend({
         defaults: {
@@ -62,12 +62,37 @@ define([
          * @param {Object} jqXHR
          */
         callSuperError: function (jqXHR) {
-            // eslint-disable-next-line jquery-no-bind-unbind
+            /* eslint-disable */
             var superError = $.ajaxSettings.error.bind(window, jqXHR);
+            /* eslint-enable */
 
             superError();
         },
 
+        /**
+         * Show upload error message
+         */
+        showForbiddenErrorMessage: function () {
+            let bodyObj = $('body');
+
+            bodyObj.notification('clear');
+            bodyObj.notification('add', {
+                error: true,
+                message: $.mage.__(
+                    'Forbidden. You do not have permission to perform this action.'
+                ),
+
+                /**
+                 * @param {String} message
+                 */
+                insertMethod: function (message) {
+                    let $wrapper = $('<div></div>').html(message);
+
+                    $('.page-main-actions').after($wrapper);
+                }
+            });
+        },
+
         /**
          * Update product count.
          */
@@ -128,7 +153,13 @@ define([
                 this.loading(false);
             }.bind(this)).fail(function () {
                 if (this.jqXHR.statusText !== 'abort') {
-                    this.value($t('An unknown error occurred. Please try again.'));
+                    if (this.jqXHR.status === 403) {
+                        this.showForbiddenErrorMessage();
+                        $('.save.primary').attr('disabled', true);
+                        $('body').trigger('processStop');
+                    } else {
+                        this.value($t('An unknown error occurred. Please try again.'));
+                    }
                 }
                 this.loading(false);
             }.bind(this));
diff --git a/app/code/Magento/PageBuilder/view/adminhtml/web/js/form/element/wysiwyg.js b/app/code/Magento/PageBuilder/view/adminhtml/web/js/form/element/wysiwyg.js
@@ -1,6 +1,6 @@
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2017 Adobe
+ * All Rights Reserved.
  */
 
 define([
@@ -11,9 +11,10 @@ define([
     'Magento_PageBuilder/js/events',
     'Magento_Ui/js/lib/view/utils/dom-observer',
     'Magento_PageBuilder/js/page-builder',
+    'Magento_Ui/js/modal/alert',
     'Magento_Ui/js/lib/view/utils/async'
-], function ($, _, Wysiwyg, $t, events, domObserver, PageBuilder) {
-    'use strict';
+], function ($, _, Wysiwyg, $t, events, domObserver, PageBuilder, alertDialog) {
+    'use strict'; // eslint-disable-line strict
 
     /**
      * Extend the original WYSIWYG with added PageBuilder functionality
@@ -67,6 +68,15 @@ define([
          * Handle button click, init the Page Builder application
          */
         pageBuilderEditButtonClick: function (context, event) {
+            let aclResource = this.pageBuilder.config && this.pageBuilder.config.acl;
+
+            if (aclResource !== undefined && aclResource.widget === false) {
+                return alertDialog({
+                    content: $t('Sorry, you need permissions to view this content.'),
+                    title: $t('Permission Error')
+                });
+            }
+
             this.determineIfWithinModal(event.currentTarget);
             this.transition(false);
 
@@ -85,8 +95,8 @@ define([
             if (!this.isComponentInitialized()) {
                 this.loading(true);
                 this.pageBuilder = new PageBuilder(
-                  this.wysiwygConfigData(),
-                  this.initialValue
+                    this.wysiwygConfigData(),
+                    this.initialValue
                 );
                 if (!this.source.get('pageBuilderInstances')) {
                     this.source.set('pageBuilderInstances', []);
diff --git a/dev/tests/api-functional/testsuite/Magento/PageBuilder/Api/CMSContentProductListingTest.php b/dev/tests/api-functional/testsuite/Magento/PageBuilder/Api/CMSContentProductListingTest.php

Original file line number	Diff line number	Diff line change
`@@ -223,7 +223,8 @@ private function getAcl()`
`223`	`223`	`{`
`224`	`224`	`return [`
`225`	`225`	`'template_save' => $this->authorization->isAllowed(self::TEMPLATE_SAVE_RESOURCE),`
`226`		`- 'template_apply' => $this->authorization->isAllowed(self::TEMPLATE_APPLY_RESOURCE)`
	`226`	`+ 'template_apply' => $this->authorization->isAllowed(self::TEMPLATE_APPLY_RESOURCE),`
	`227`	`+ 'widget' => $this->authorization->isAllowed('Magento_Widget::widget_instance')`
`227`	`228`	`];`
`228`	`229`	`}`
`229`	`230`