Merge branch 'AC-11642' into cia-2.4.8-beta1-develop-bugfix-06202024

pawan-adobe-security · pawan-adobe-security · commit ee3cdc05e35d · 2024-06-20T15:11:36.000+05:30
diff --git a/app/code/Magento/Sales/ViewModel/Order/Create/SidebarPermissionCheck.php b/app/code/Magento/Sales/ViewModel/Order/Create/SidebarPermissionCheck.php
@@ -0,0 +1,42 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Sales\ViewModel\Order\Create;
+
+use Magento\Framework\AuthorizationInterface;
+use Magento\Framework\View\Element\Block\ArgumentInterface;
+
+/**
+ * Sidebar block permission check
+ */
+class SidebarPermissionCheck implements ArgumentInterface
+{
+    /**
+     * @var AuthorizationInterface
+     */
+    private $authorization;
+
+    /**
+     * Permissions constructor.
+     *
+     * @param AuthorizationInterface $authorization
+     */
+    public function __construct(AuthorizationInterface $authorization)
+    {
+        $this->authorization = $authorization;
+    }
+
+    /**
+     * To check customer permission
+     *
+     * @return bool
+     */
+    public function isAllowed(): bool
+    {
+        return $this->authorization->isAllowed('Magento_Customer::customer');
+    }
+}
diff --git a/app/code/Magento/Sales/view/adminhtml/layout/sales_order_create_index.xml b/app/code/Magento/Sales/view/adminhtml/layout/sales_order_create_index.xml
@@ -36,6 +36,9 @@
                     </block>
                     <block class="Magento\Sales\Block\Adminhtml\Order\Create\Data" template="Magento_Sales::order/create/data.phtml" name="data">
                         <block class="Magento\Sales\Block\Adminhtml\Order\Create\Sidebar" template="Magento_Sales::order/create/sidebar.phtml" name="sidebar">
+                            <arguments>
+                                <argument name="sideBarPermissionCheck" xsi:type="object">Magento\Sales\ViewModel\Order\Create\SidebarPermissionCheck</argument>
+                            </arguments>
                             <block class="Magento\Sales\Block\Adminhtml\Order\Create\Sidebar\Cart" template="Magento_Sales::order/create/sidebar/items.phtml" name="cart"/>
                             <block class="Magento\Sales\Block\Adminhtml\Order\Create\Sidebar\Wishlist" template="Magento_Sales::order/create/sidebar/items.phtml" name="wishlist"/>
                             <block class="Magento\Sales\Block\Adminhtml\Order\Create\Sidebar\Reorder" template="Magento_Sales::order/create/sidebar/items.phtml" name="reorder"/>
diff --git a/app/code/Magento/Sales/view/adminhtml/layout/sales_order_create_load_block_data.xml b/app/code/Magento/Sales/view/adminhtml/layout/sales_order_create_load_block_data.xml
@@ -11,6 +11,9 @@
         <referenceContainer name="content">
             <block class="Magento\Sales\Block\Adminhtml\Order\Create\Data" template="Magento_Sales::order/create/data.phtml" name="data">
                 <block class="Magento\Sales\Block\Adminhtml\Order\Create\Sidebar" template="Magento_Sales::order/create/sidebar.phtml" name="sidebar">
+                    <arguments>
+                        <argument name="sideBarPermissionCheck" xsi:type="object">Magento\Sales\ViewModel\Order\Create\SidebarPermissionCheck</argument>
+                    </arguments>
                     <block class="Magento\Sales\Block\Adminhtml\Order\Create\Sidebar\Cart" template="Magento_Sales::order/create/sidebar/items.phtml" name="cart"/>
                     <block class="Magento\Sales\Block\Adminhtml\Order\Create\Sidebar\Wishlist" template="Magento_Sales::order/create/sidebar/items.phtml" name="wishlist"/>
                     <block class="Magento\Sales\Block\Adminhtml\Order\Create\Sidebar\Reorder" template="Magento_Sales::order/create/sidebar/items.phtml" name="reorder"/>
diff --git a/app/code/Magento/Sales/view/adminhtml/layout/sales_order_create_load_block_sidebar.xml b/app/code/Magento/Sales/view/adminhtml/layout/sales_order_create_load_block_sidebar.xml
@@ -9,6 +9,9 @@
     <body>
         <referenceContainer name="content">
             <block class="Magento\Sales\Block\Adminhtml\Order\Create\Sidebar" template="Magento_Sales::order/create/sidebar.phtml" name="sidebar">
+                <arguments>
+                    <argument name="sideBarPermissionCheck" xsi:type="object">Magento\Sales\ViewModel\Order\Create\SidebarPermissionCheck</argument>
+                </arguments>
                 <block class="Magento\Sales\Block\Adminhtml\Order\Create\Sidebar\Cart" template="Magento_Sales::order/create/sidebar/items.phtml" name="cart"/>
                 <block class="Magento\Sales\Block\Adminhtml\Order\Create\Sidebar\Wishlist" template="Magento_Sales::order/create/sidebar/items.phtml" name="wishlist"/>
                 <block class="Magento\Sales\Block\Adminhtml\Order\Create\Sidebar\Reorder" template="Magento_Sales::order/create/sidebar/items.phtml" name="reorder"/>
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/sidebar.phtml
@@ -4,19 +4,32 @@
  * See COPYING.txt for license details.
  */
 
+use Magento\Framework\Escaper;
+use Magento\Framework\View\Helper\SecureHtmlRenderer;
+use Magento\Sales\Block\Adminhtml\Order\Create\Sidebar;
+use Magento\Sales\ViewModel\Order\Create\SidebarPermissionCheck;
+
 /**
- * @var \Magento\Sales\Block\Adminhtml\Order\Create\Sidebar $block
- * @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer
+ * @var Sidebar $block
+ * @var SecureHtmlRenderer $secureRenderer
+ * @var Escaper $escaper
  */
+
+/**
+ * @var SidebarPermissionCheck $sideBarPermissionCheck
+ */
+$sideBarPermissionCheck = $block->getData('sideBarPermissionCheck');
+
 ?>
+<?php  if ($sideBarPermissionCheck->isAllowed()): ?>
 <div class="customer-current-activity-inner">
-    <h4 class="customer-activity-title"><?= $block->escapeHtml(__('Customer\'s Activities')) ?></h4>
+    <h4 class="customer-activity-title"><?= $escaper->escapeHtml(__('Customer\'s Activities')) ?></h4>
     <div class="create-order-sidebar-container">
     <?= $block->getChildHtml('top_button') ?>
     <?php foreach ($block->getLayout()->getChildBlocks($block->getNameInLayout()) as $_alias => $_child): ?>
         <?php if ($_alias != 'top_button' && $_alias != 'bottom_button'): ?>
             <?php if ($block->canDisplay($_child)): ?>
-                <div class="order-sidebar-block" id="order-sidebar_<?= $block->escapeHtmlAttr($_alias) ?>">
+                <div class="order-sidebar-block" id="order-sidebar_<?= $escaper->escapeHtmlAttr($_alias) ?>">
                     <?= $block->getChildHtml($_alias) ?>
                 </div>
             <?php endif; ?>
@@ -25,6 +38,7 @@
     <?= $block->getChildHtml('bottom_button') ?>
     </div>
 </div>
+<?php endif; ?>
 <?php $scriptString = <<<script
 require([
     "prototype",
