MAGETWO-95536: [2.3] Admin users are deleted from role upon Role save

Oleksandr Dubovyk · Oleksandr Dubovyk · commit 8a64a2991dc9 · 2018-10-29T14:43:57.000+02:00
- fixed
- added test
diff --git a/app/code/Magento/Integration/Plugin/Model/AdminUser.php b/app/code/Magento/Integration/Plugin/Model/AdminUser.php
@@ -3,6 +3,7 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+
 namespace Magento\Integration\Plugin\Model;
 
 use Magento\Integration\Model\AdminTokenService;
@@ -31,14 +32,15 @@ public function __construct(
      *
      * @param \Magento\User\Model\User $subject
      * @param \Magento\Framework\DataObject $object
-     * @return $this
+     * @return \Magento\User\Model\User
+     * @throws \Magento\Framework\Exception\LocalizedException
      */
     public function afterSave(
         \Magento\User\Model\User $subject,
         \Magento\Framework\DataObject $object
-    ) {
+    ): \Magento\User\Model\User {
         $isActive = $object->getIsActive();
-        if (isset($isActive) && $isActive == 0) {
+        if ($isActive !== null && $isActive == 0) {
             $this->adminTokenService->revokeAdminAccessToken($object->getId());
         }
         return $subject;
diff --git a/app/code/Magento/User/Controller/Adminhtml/User/Role/SaveRole.php b/app/code/Magento/User/Controller/Adminhtml/User/Role/SaveRole.php
@@ -11,6 +11,7 @@
 use Magento\Authorization\Model\Acl\Role\Group as RoleGroup;
 use Magento\Authorization\Model\UserContextInterface;
 use Magento\Framework\Controller\ResultFactory;
+use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\Exception\State\UserLockedException;
 use Magento\Security\Model\SecurityCookie;
 
@@ -77,10 +78,8 @@ public function execute()
 
         $rid = $this->getRequest()->getParam('role_id', false);
         $resource = $this->getRequest()->getParam('resource', false);
-        $roleUsers = $this->getRequest()->getParam('in_role_user', null);
-        parse_str($roleUsers, $roleUsers);
-        $roleUsers = array_keys($roleUsers);
-
+        $oldRoleUsers = $this->parseRequestVariable('in_role_user_old');
+        $roleUsers = $this->parseRequestVariable('in_role_user');
         $isAll = $this->getRequest()->getParam('all');
         if ($isAll) {
             $resource = [$this->_objectManager->get(\Magento\Framework\Acl\RootResource::class)->getId()];
@@ -106,28 +105,24 @@ public function execute()
             $role->save();
 
             $this->_rulesFactory->create()->setRoleId($role->getId())->setResources($resource)->saveRel();
-
-            $this->processPreviousUsers($role);
-
-            foreach ($roleUsers as $nRuid) {
-                $this->_addUserToRole($nRuid, $role->getId());
-            }
-            $this->messageManager->addSuccess(__('You saved the role.'));
+            $this->processPreviousUsers($role, $oldRoleUsers);
+            $this->processCurrentUsers($role, $roleUsers);
+            $this->messageManager->addSuccessMessage(__('You saved the role.'));
         } catch (UserLockedException $e) {
             $this->_auth->logout();
             $this->getSecurityCookie()->setLogoutReasonCookie(
                 \Magento\Security\Model\AdminSessionsManager::LOGOUT_REASON_USER_LOCKED
             );
             return $resultRedirect->setPath('*');
         } catch (\Magento\Framework\Exception\AuthenticationException $e) {
-            $this->messageManager->addError(
+            $this->messageManager->addErrorMessage(
                 __('The password entered for the current user is invalid. Verify the password and try again.')
             );
             return $this->saveDataToSessionAndRedirect($role, $this->getRequest()->getPostValue(), $resultRedirect);
         } catch (\Magento\Framework\Exception\LocalizedException $e) {
-            $this->messageManager->addError($e->getMessage());
+            $this->messageManager->addErrorMessage($e->getMessage());
         } catch (\Exception $e) {
-            $this->messageManager->addError(__('An error occurred while saving this role.'));
+            $this->messageManager->addErrorMessage(__('An error occurred while saving this role.'));
         }
 
         return $resultRedirect->setPath('*/*/');
@@ -151,32 +146,64 @@ protected function validateUser()
         return $this;
     }
 
+    /**
+     * Parse request value from string
+     *
+     * @param string $paramName
+     * @return array
+     */
+    private function parseRequestVariable($paramName): array
+    {
+        $value = $this->getRequest()->getParam($paramName, null);
+        parse_str($value, $value);
+        $value = array_keys($value);
+        return $value;
+    }
+
     /**
      * Process previous users
      *
      * @param \Magento\Authorization\Model\Role $role
+     * @param array $oldRoleUsers
      * @return $this
      * @throws \Exception
      */
-    protected function processPreviousUsers(\Magento\Authorization\Model\Role $role)
+    protected function processPreviousUsers(\Magento\Authorization\Model\Role $role, array $oldRoleUsers): self
     {
-        $oldRoleUsers = $this->getRequest()->getParam('in_role_user_old');
-        parse_str($oldRoleUsers, $oldRoleUsers);
-        $oldRoleUsers = array_keys($oldRoleUsers);
-
         foreach ($oldRoleUsers as $oUid) {
             $this->_deleteUserFromRole($oUid, $role->getId());
         }
 
         return $this;
     }
 
+    /**
+     * Processes users to be assigned to roles
+     *
+     * @param \Magento\Authorization\Model\Role $role
+     * @param array $roleUsers
+     * @return $this
+     */
+    private function processCurrentUsers(\Magento\Authorization\Model\Role $role, array $roleUsers): self
+    {
+        foreach ($roleUsers as $nRuid) {
+            try {
+                $this->_addUserToRole($nRuid, $role->getId());
+            } catch (LocalizedException $e) {
+                $this->messageManager->addErrorMessage($e->getMessage());
+            }
+        }
+
+        return $this;
+    }
+
     /**
      * Assign user to role
      *
      * @param int $userId
      * @param int $roleId
      * @return bool
+     * @throws LocalizedException
      */
     protected function _addUserToRole($userId, $roleId)
     {
diff --git a/dev/tests/integration/testsuite/Magento/User/Controller/Adminhtml/User/Role/SaveRoleTest.php b/dev/tests/integration/testsuite/Magento/User/Controller/Adminhtml/User/Role/SaveRoleTest.php
@@ -0,0 +1,77 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\User\Controller\Adminhtml\User\Role;
+
+use Magento\TestFramework\Helper\Bootstrap;
+use Magento\User\Model\User;
+use Magento\Backend\Model\Auth\Session;
+use Magento\Framework\Message\MessageInterface;
+use Magento\User\Controller\Adminhtml\User\Role\SaveRole;
+
+/**
+ * Test class for \Magento\User\Controller\Adminhtml\User\Role.
+ *
+ * @magentoAppArea adminhtml
+ */
+class SaveRoleTest extends \Magento\TestFramework\TestCase\AbstractBackendController
+{
+    /**
+     * Test execute method
+     *
+     * @magentoDataFixture Magento/User/_files/two_users_with_role.php
+     * @magentoDbIsolation disabled
+     */
+    public function testExecute()
+    {
+        $objectManager = Bootstrap::getObjectManager();
+        /** @var \Magento\User\Model\User $currentAdmin */
+        $currentAdmin = $objectManager->create(User::class)
+            ->loadByUsername('user');
+        /** @var \Magento\Backend\Model\Auth\Session $authSession */
+        $authSession = $objectManager->create(Session::class);
+        $authSession->setUser($currentAdmin);
+        $user1Id = $objectManager->create(User::class)
+            ->loadByUsername('johnAdmin')->getId();
+        $user2Id = $objectManager->create(User::class)
+            ->loadByUsername('annAdmin')->getId();
+
+        /** @var \Magento\Authorization\Model\RoleFactory $roleFactory */
+        $roleFactory = $objectManager->create(\Magento\Authorization\Model\RoleFactory::class);
+        $role = $roleFactory->create()->load(1);
+
+        /** @var \Magento\AdminGws\Model\Role $gwsRole */
+        $gwsRole = $objectManager->get(\Magento\AdminGws\Model\Role::class);
+        $gwsRole->setAdminRole($role);
+        $gwsRole->setStoreGroupIds([1]);
+
+        $params = [
+            'role_id' => 1,
+            'in_role_user_old'=> $user1Id . '=true&' . $user2Id . '=true',
+            'in_role_user'=> $user1Id . '=true&' . $user2Id . '=true',
+            'all' => 1,
+            'current_password' => 'password1',
+            'rolename' => 'Administrators',
+        ];
+
+        $post = [
+            'gws_is_all' => 1,
+            'gws_store_groups' => ['1'],
+        ];
+
+        $this->getRequest()->setParams($params);
+        $this->getRequest()->setPostValue($post);
+
+        $model = $objectManager->create(SaveRole::class);
+        $model->execute();
+        $this->assertSessionMessages(
+            $this->equalTo(['You saved the role.']),
+            MessageInterface::TYPE_SUCCESS
+        );
+    }
+}
diff --git a/dev/tests/integration/testsuite/Magento/User/_files/two_users_with_role.php b/dev/tests/integration/testsuite/Magento/User/_files/two_users_with_role.php
@@ -0,0 +1,52 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+use Magento\TestFramework\Helper\Bootstrap;
+use Magento\User\Model\User;
+
+/**
+ * Create an admin user with an assigned role
+ */
+
+$objectManager = Bootstrap::getObjectManager();
+
+/** @var \Magento\User\Model\ResourceModel\User $model */
+$userResource = $objectManager->create(\Magento\User\Model\ResourceModel\User::class);
+
+/** @var $user User */
+$user = $objectManager->create(User::class);
+$user->setFirstname("John")
+    ->setIsActive(true)
+    ->setLastname("Doe")
+    ->setUsername('johnAdmin')
+    ->setPassword(\Magento\TestFramework\Bootstrap::ADMIN_PASSWORD)
+    ->setEmail('JohnadminUser@example.com')
+    ->setRoleType('G')
+    ->setResourceId('Magento_Backend::all')
+    ->setPrivileges("")
+    ->setAssertId(0)
+    ->setRoleId(1)
+    ->setPermission('allow');
+
+$userResource->save($user);
+
+/** @var $user User */
+$user = $objectManager->create(User::class);
+$user->setFirstname("Ann")
+    ->setIsActive(true)
+    ->setLastname("Doe")
+    ->setUsername('annAdmin')
+    ->setPassword(\Magento\TestFramework\Bootstrap::ADMIN_PASSWORD)
+    ->setEmail('JaneadminUser@example.com')
+    ->setRoleType('G')
+    ->setResourceId('Magento_Backend::all')
+    ->setPrivileges("")
+    ->setAssertId(0)
+    ->setRoleId(1)
+    ->setPermission('allow');
+
+$userResource->save($user);
diff --git a/dev/tests/integration/testsuite/Magento/User/_files/two_users_with_role_rollback.php b/dev/tests/integration/testsuite/Magento/User/_files/two_users_with_role_rollback.php
@@ -0,0 +1,21 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+use Magento\TestFramework\Helper\Bootstrap;
+use Magento\User\Model\User;
+
+/**
+ * Create an admin user with an assigned role
+ */
+
+/** @var $user User */
+$user = Bootstrap::getObjectManager()->create(User::class);
+$user->loadByUsername('johnAdmin')->delete();
+
+/** @var $user User */
+$user = Bootstrap::getObjectManager()->create(User::class);
+$user->loadByUsername('annAdmin')->delete();
