Specific ACL for the customer invalidate tokens (force sign-in) admin action

Author: kassner

app/code/Magento/Customer/Block/Adminhtml/Edit/InvalidateTokenButton.php

@@ -27,6 +27,7 @@ public function getButtonData()
                 'class' => 'invalidate-token',
                 'on_click' => 'deleteConfirm("' . $deleteConfirmMsg . '", "' . $this->getInvalidateTokenUrl() . '")',
                 'sort_order' => 65,
+                'aclResource' => 'Magento_Customer::invalidate_tokens',
             ];
         }
         return $data;

app/code/Magento/Customer/Controller/Adminhtml/Customer/InvalidateToken.php

@@ -27,6 +27,13 @@
  */
 class InvalidateToken extends \Magento\Customer\Controller\Adminhtml\Index
 {
+    /**
+     * Authorization level of a basic admin session
+     *
+     * @see _isAllowed()
+     */
+    const ADMIN_RESOURCE = 'Magento_Customer::invalidate_tokens';
+
     /**
      * @var CustomerTokenServiceInterface
      */

app/code/Magento/Customer/etc/acl.xml

@@ -14,6 +14,7 @@
                         <resource id="Magento_Customer::actions" title="Actions" translate="title" sortOrder="10">
                             <resource id="Magento_Customer::delete" title="Delete" translate="title" sortOrder="10" />
                             <resource id="Magento_Customer::reset_password" title="Reset password" translate="title" sortOrder="20" />
+                            <resource id="Magento_Customer::invalidate_tokens" title="Invalidate tokens" translate="title" sortOrder="30" />
                         </resource>
                     </resource>
                     <resource id="Magento_Customer::online" title="Now Online" translate="title" sortOrder="20" />