magento/graphql-ce#732: Guest User can SendFriend products ignoring restrictions

naydav · naydav · commit 2dded7cfb70b · 2019-06-21T12:57:12.000-05:00
diff --git a/app/code/Magento/SendFriendGraphQl/Model/Resolver/SendEmailToFriend.php b/app/code/Magento/SendFriendGraphQl/Model/Resolver/SendEmailToFriend.php
@@ -7,12 +7,12 @@
 
 namespace Magento\SendFriendGraphQl\Model\Resolver;
 
-use Magento\Authorization\Model\UserContextInterface;
 use Magento\Framework\GraphQl\Config\Element\Field;
 use Magento\Framework\GraphQl\Exception\GraphQlAuthorizationException;
 use Magento\Framework\GraphQl\Exception\GraphQlInputException;
 use Magento\Framework\GraphQl\Query\ResolverInterface;
 use Magento\Framework\GraphQl\Schema\Type\ResolveInfo;
+use Magento\GraphQl\Model\Query\ContextInterface;
 use Magento\SendFriend\Helper\Data as SendFriendHelper;
 use Magento\SendFriendGraphQl\Model\SendFriend\SendEmail;
 
@@ -48,10 +48,10 @@ public function __construct(
      */
     public function resolve(Field $field, $context, ResolveInfo $info, array $value = null, array $args = null)
     {
-        $userId = $context->getUserId();
-        $userType = $context->getUserType();
-
-        if (!$this->sendFriendHelper->isAllowForGuest() && $this->isUserGuest($userId, $userType)) {
+        /** @var ContextInterface $context */
+        if (!$this->sendFriendHelper->isAllowForGuest()
+            && false === $context->getExtensionAttributes()->getIsCustomer()
+        ) {
             throw new GraphQlAuthorizationException(__('The current customer isn\'t authorized.'));
         }
 
@@ -63,7 +63,6 @@ public function resolve(Field $field, $context, ResolveInfo $info, array $value
             $senderData,
             $recipientsData
         );
-
         return array_merge($senderData, $recipientsData);
     }
 
@@ -123,19 +122,4 @@ private function extractSenderData(array $args): array
             ],
         ];
     }
-
-    /**
-     * Checking if current customer is guest
-     *
-     * @param int|null $customerId
-     * @param int|null $customerType
-     * @return bool
-     */
-    private function isUserGuest(?int $customerId, ?int $customerType): bool
-    {
-        if (null === $customerId || null === $customerType) {
-            return true;
-        }
-        return 0 === (int)$customerId || (int)$customerType === UserContextInterface::USER_TYPE_GUEST;
-    }
 }
diff --git a/app/code/Magento/SendFriendGraphQl/composer.json b/app/code/Magento/SendFriendGraphQl/composer.json
@@ -7,9 +7,6 @@
         "magento/framework": "*",
         "magento/module-catalog": "*",
         "magento/module-send-friend": "*",
-        "magento/module-authorization": "*"
-    },
-    "suggest": {
         "magento/module-graph-ql": "*"
     },
     "license": [
