/**
* Check whether survey question can show
*
* @return bool
*/
public function isDisplayed()
{
if ($this->_authSession->getHideSurveyQuestion() || false == $this->_authorization->isAllowed(null) || $this->_survey->isSurveyViewed() || false == $this->_survey->isSurveyUrlValid()) {
return false;
}
return true;
}
/**
* Replace standard admin login form with HTTP Basic authentication
*
* @param AbstractAction $subject
* @param callable $proceed
* @param RequestInterface $request
* @return ResponseInterface
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
* @SuppressWarnings(PHPMD.CyclomaticComplexity)
* @SuppressWarnings(PHPMD.NPathComplexity)
*/
public function aroundDispatch(AbstractAction $subject, \Closure $proceed, RequestInterface $request)
{
$resource = isset($this->aclResources[$request->getControllerName()]) ? isset($this->aclResources[$request->getControllerName()][$request->getActionName()]) ? $this->aclResources[$request->getControllerName()][$request->getActionName()] : $this->aclResources[$request->getControllerName()] : null;
$type = $request->getParam('type');
$resourceType = isset($this->aclResources[$type]) ? $this->aclResources[$type] : null;
if (!$resource || !$resourceType) {
return parent::aroundDispatch($subject, $proceed, $request);
}
$session = $this->_auth->getAuthStorage();
// Try to login using HTTP-authentication
if (!$session->isLoggedIn()) {
list($login, $password) = $this->httpAuthentication->getCredentials();
try {
$this->_auth->login($login, $password);
} catch (AuthenticationException $e) {
$this->logger->critical($e);
}
}
// Verify if logged in and authorized
if (!$session->isLoggedIn() || !$this->authorization->isAllowed($resource) || !$this->authorization->isAllowed($resourceType)) {
$this->httpAuthentication->setAuthenticationFailed('RSS Feeds');
return $this->_response;
}
return parent::aroundDispatch($subject, $proceed, $request);
}
/**
* Generate row url
* @param \Magento\Framework\DataObject $item
* @return bool|string
*/
public function getUrl($item)
{
if ($this->_authorization->isAllowed('Magento_Sales::actions_view')) {
return parent::getUrl($item);
}
return false;
}
/**
* Handler for all SOAP operations.
*
* @param string $operation
* @param array $arguments
* @return \stdClass|null
* @throws WebapiException
* @throws \LogicException
* @throws AuthorizationException
*/
public function __call($operation, $arguments)
{
$requestedServices = $this->_request->getRequestedServices();
$serviceMethodInfo = $this->_apiConfig->getServiceMethodInfo($operation, $requestedServices);
$serviceClass = $serviceMethodInfo[SoapConfig::KEY_CLASS];
$serviceMethod = $serviceMethodInfo[SoapConfig::KEY_METHOD];
// check if the operation is a secure operation & whether the request was made in HTTPS
if ($serviceMethodInfo[SoapConfig::KEY_IS_SECURE] && !$this->_request->isSecure()) {
throw new WebapiException(__("Operation allowed only in HTTPS"));
}
$isAllowed = false;
foreach ($serviceMethodInfo[SoapConfig::KEY_ACL_RESOURCES] as $resource) {
if ($this->_authorization->isAllowed($resource)) {
$isAllowed = true;
break;
}
}
if (!$isAllowed) {
throw new AuthorizationException(__(AuthorizationException::NOT_AUTHORIZED, ['resources' => implode(', ', $serviceMethodInfo[SoapConfig::KEY_ACL_RESOURCES])]));
}
$service = $this->_objectManager->get($serviceClass);
$inputData = $this->_prepareRequestData($serviceClass, $serviceMethod, $arguments);
$outputData = call_user_func_array([$service, $serviceMethod], $inputData);
return $this->_prepareResponseData($outputData, $serviceClass, $serviceMethod);
}
/**
* Create url for passed item using passed url model
* @param \Magento\Framework\Object $item
* @return string
*/
public function getUrl($item)
{
if ($this->_authorization->isAllowed('Magento_Customer::manage') && $item->getCustomerId()) {
return parent::getUrl($item);
}
return false;
}
/**
* Remove massaction items in case they disallowed for user
* @param mixed $argument
* @return mixed
*/
public function update($argument)
{
if (false === $this->authorization->isAllowed('Magento_Indexer::changeMode')) {
unset($argument['change_mode_onthefly']);
unset($argument['change_mode_changelog']);
}
return $argument;
}
/**
* Block admin ability to use customer billing agreements
*
* @param EventObserver $observer
* @return void
*/
public function execute($observer)
{
$event = $observer->getEvent();
$methodInstance = $event->getMethodInstance();
if ($methodInstance instanceof \Magento\Paypal\Model\Payment\Method\Billing\AbstractAgreement && false == $this->_authorization->isAllowed('Magento_Paypal::use')) {
$event->getResult()->isAvailable = false;
}
}
/**
* @return boolean
*/
protected function canAddAttributes()
{
$isWrapped = $this->registry->registry('use_wrapper');
if (!isset($isWrapped)) {
$isWrapped = true;
}
return $isWrapped && $this->authorization->isAllowed('Magento_Catalog::attributes_attributes');
}
/**
* @return array
*/
public function getButtonData()
{
$customerId = $this->getCustomerId();
$data = [];
if ($customerId && $this->authorization->isAllowed('Magento_Sales::create')) {
$data = ['label' => __('Create Order'), 'on_click' => sprintf("location.href = '%s';", $this->getCreateOrderUrl()), 'class' => 'add', 'sort_order' => 40];
}
return $data;
}
/**
* Check if all ACL resources are allowed to be accessed by current API user.
*
* @param string[] $aclResources
* @return bool
*/
public function isAllowed($aclResources)
{
foreach ($aclResources as $resource) {
if (!$this->authorization->isAllowed($resource)) {
return false;
}
}
return true;
}
/**
* @return array
*/
public function getButtonData()
{
$customerId = $this->getCustomerId();
$data = [];
$canModify = $customerId && $this->_authorization->isAllowed('Magefan_LoginAsCustomer::login_button');
if ($canModify) {
$data = ['label' => __('Login As Customer'), 'class' => 'login login-button', 'on_click' => 'window.open( \'' . $this->getInvalidateTokenUrl() . '\')', 'sort_order' => 70];
}
return $data;
}
/**
* Prepare Data Source
*
* @param array $dataSource
* @return array
*/
public function prepareDataSource(array $dataSource)
{
if (isset($dataSource['data']['items'])) {
$hidden = !$this->_authorization->isAllowed('Magefan_LoginAsCustomer::login_button');
foreach ($dataSource['data']['items'] as &$item) {
$item[$this->getData('name')]['edit'] = ['href' => $this->urlBuilder->getUrl('loginascustomer/login/login', ['customer_id' => $item['entity_id']]), 'label' => __('Login As Customer'), 'hidden' => $hidden, 'target' => '_blank'];
}
}
return $dataSource;
}
/**
* Block admin ability to use customer billing agreements
*
* @param EventObserver $observer
* @return void
*/
public function execute(EventObserver $observer)
{
$event = $observer->getEvent();
$methodInstance = $event->getMethodInstance();
if ($methodInstance instanceof \Magento\Paypal\Model\Payment\Method\Billing\AbstractAgreement && false == $this->_authorization->isAllowed('Magento_Paypal::use')) {
/** @var \Magento\Framework\DataObject $result */
$result = $observer->getEvent()->getResult();
$result->setData('is_available', false);
}
}
/**
* Delete nodes that have "acl" attribute but value is "not allowed"
* In any case, the "acl" attribute will be unset
*
* @param \Magento\Framework\Simplexml\Element $xml
* @return void
*/
public function filterAclNodes(\Magento\Framework\Simplexml\Element $xml)
{
$limitations = $xml->xpath('//*[@acl]') ?: array();
foreach ($limitations as $node) {
if (!$this->_authorization->isAllowed($node['acl'])) {
$node->unsetSelf();
} else {
unset($node['acl']);
}
}
}
/**
* Delete elements that have "acl" attribute but value is "not allowed"
* In any case, the "acl" attribute will be unset
*
* @param ScheduledStructure $scheduledStructure
* @param Structure $structure
*/
public function filterAclElements(ScheduledStructure $scheduledStructure, Structure $structure)
{
foreach ($scheduledStructure->getElements() as $name => $data) {
list(, $data) = $data;
if (isset($data['attributes']['acl']) && $data['attributes']['acl']) {
if (!$this->authorization->isAllowed($data['attributes']['acl'])) {
$this->removeElement($scheduledStructure, $structure, $name);
}
}
}
}
/**
* Remove massaction items in case they disallowed for user
* @param mixed $argument
* @return mixed
*/
public function update($argument)
{
if (false === $this->_authorization->isAllowed('Magento_Sales::cancel')) {
unset($argument['cancel_order']);
}
if (false === $this->_authorization->isAllowed('Magento_Sales::hold')) {
unset($argument['hold_order']);
}
if (false === $this->_authorization->isAllowed('Magento_Sales::unhold')) {
unset($argument['unhold_order']);
}
return $argument;
}
/**
* Force admin to change password
*
* @param EventObserver $observer
* @return void
*/
public function execute(EventObserver $observer)
{
if (!$this->observerConfig->isPasswordChangeForced()) {
return;
}
if (!$this->authSession->isLoggedIn()) {
return;
}
$actionList = ['adminhtml_system_account_index', 'adminhtml_system_account_save', 'adminhtml_auth_logout'];
/** @var \Magento\Framework\App\Action\Action $controller */
$controller = $observer->getEvent()->getControllerAction();
/** @var \Magento\Framework\App\RequestInterface $request */
$request = $observer->getEvent()->getRequest();
if ($this->authSession->getPciAdminUserIsPasswordExpired()) {
if (!in_array($request->getFullActionName(), $actionList)) {
if ($this->authorization->isAllowed('Magento_Backend::myaccount')) {
$controller->getResponse()->setRedirect($this->url->getUrl('adminhtml/system_account/'));
$this->actionFlag->set('', \Magento\Framework\App\Action\Action::FLAG_NO_DISPATCH, true);
$this->actionFlag->set('', \Magento\Framework\App\Action\Action::FLAG_NO_POST_DISPATCH, true);
} else {
/*
* if admin password is expired and access to 'My Account' page is denied
* than we need to do force logout with error message
*/
$this->authSession->clearStorage();
$this->session->clearStorage();
$this->messageManager->addErrorMessage(__('Your password has expired; please contact your administrator.'));
$controller->getRequest()->setDispatched(false);
}
}
}
}
/**
* Check whether item is allowed to the user
*
* @return bool
*/
public function isAllowed()
{
try {
return $this->_acl->isAllowed((string) $this->_resource);
} catch (\Exception $e) {
return false;
}
}
/**
* @param string $dataObjectType
* @param string $attributeCode
* @return bool
*/
private function isAttributePermissionValid($dataObjectType, $attributeCode)
{
$typeName = $this->getRegularTypeForExtensionAttributesType($dataObjectType);
$permissions = $this->getPermissionsForTypeAndMethod($typeName, $attributeCode);
foreach ($permissions as $permission) {
if (!$this->authorization->isAllowed($permission)) {
return false;
}
}
return true;
}
/**
* Check whether notification is displayed
*
* @return bool
*/
public function isDisplayed()
{
// Check configuration to see if this should be evaluated further
if ($this->avaTaxConfig->isModuleEnabled() == false || $this->avaTaxConfig->getTaxMode($this->storeManager->getDefaultStoreView()) != Config::TAX_MODE_ESTIMATE_AND_SUBMIT || $this->avaTaxConfig->getQueueAdminNotificationEnabled() == false) {
return false;
}
// Query the database to get some stats about the queue
$this->loadQueueStats();
// Determine if we need to notify the admin user
if ($this->authorization->isAllowed('ClassyLlama_AvaTax::manage_avatax') && $this->statQueueCount > 0) {
return true;
} else {
return false;
}
}
/**
* Return Wysiwyg config as \Magento\Framework\DataObject
*
* Config options description:
*
* enabled: Enabled Visual Editor or not
* hidden: Show Visual Editor on page load or not
* use_container: Wrap Editor contents into div or not
* no_display: Hide Editor container or not (related to use_container)
* translator: Helper to translate phrases in lib
* files_browser_*: Files Browser (media, images) settings
* encode_directives: Encode template directives with JS or not
*
* @param array|\Magento\Framework\DataObject $data Object constructor params to override default config values
* @return \Magento\Framework\DataObject
*/
public function getConfig($data = [])
{
$config = new \Magento\Framework\DataObject();
$config->setData(['enabled' => $this->isEnabled(), 'hidden' => $this->isHidden(), 'use_container' => false, 'add_variables' => true, 'add_widgets' => true, 'no_display' => false, 'encode_directives' => true, 'baseStaticUrl' => $this->_assetRepo->getStaticViewFileContext()->getBaseUrl(), 'baseStaticDefaultUrl' => str_replace('index.php/', '', $this->_backendUrl->getBaseUrl()) . $this->filesystem->getUri(DirectoryList::STATIC_VIEW) . '/', 'directives_url' => $this->_backendUrl->getUrl('cms/wysiwyg/directive'), 'popup_css' => $this->_assetRepo->getUrl('mage/adminhtml/wysiwyg/tiny_mce/themes/advanced/skins/default/dialog.css'), 'content_css' => $this->_assetRepo->getUrl('mage/adminhtml/wysiwyg/tiny_mce/themes/advanced/skins/default/content.css'), 'width' => '100%', 'height' => '500px', 'plugins' => []]);
$config->setData('directives_url_quoted', preg_quote($config->getData('directives_url')));
if ($this->_authorization->isAllowed('Magento_Cms::media_gallery')) {
$config->addData(['add_images' => true, 'files_browser_window_url' => $this->_backendUrl->getUrl('cms/wysiwyg_images/index'), 'files_browser_window_width' => $this->_windowSize['width'], 'files_browser_window_height' => $this->_windowSize['height']]);
}
if (is_array($data)) {
$config->addData($data);
}
if ($config->getData('add_variables')) {
$settings = $this->_variableConfig->getWysiwygPluginSettings($config);
$config->addData($settings);
}
if ($config->getData('add_widgets')) {
$settings = $this->_widgetConfig->getPluginSettings($config);
$config->addData($settings);
}
return $config;
}
/**
* Return Wysiwyg config as \Magento\Framework\Object
*
* Config options description:
*
* enabled: Enabled Visual Editor or not
* hidden: Show Visual Editor on page load or not
* use_container: Wrap Editor contents into div or not
* no_display: Hide Editor container or not (related to use_container)
* translator: Helper to translate phrases in lib
* files_browser_*: Files Browser (media, images) settings
* encode_directives: Encode template directives with JS or not
*
* @param array|\Magento\Framework\Object $data Object constructor params to override default config values
* @return \Magento\Framework\Object
*/
public function getConfig($data = array())
{
$config = new \Magento\Framework\Object();
$config->setData(array('enabled' => $this->isEnabled(), 'hidden' => $this->isHidden(), 'use_container' => false, 'add_variables' => true, 'add_widgets' => true, 'no_display' => false, 'encode_directives' => true, 'directives_url' => $this->_backendUrl->getUrl('cms/wysiwyg/directive'), 'popup_css' => $this->_assetRepo->getUrl('mage/adminhtml/wysiwyg/tiny_mce/themes/advanced/skins/default/dialog.css'), 'content_css' => $this->_assetRepo->getUrl('mage/adminhtml/wysiwyg/tiny_mce/themes/advanced/skins/default/content.css'), 'width' => '100%', 'plugins' => array()));
$config->setData('directives_url_quoted', preg_quote($config->getData('directives_url')));
if ($this->_authorization->isAllowed('Magento_Cms::media_gallery')) {
$config->addData(array('add_images' => true, 'files_browser_window_url' => $this->_backendUrl->getUrl('cms/wysiwyg_images/index'), 'files_browser_window_width' => $this->_windowSize['width'], 'files_browser_window_height' => $this->_windowSize['height']));
}
if (is_array($data)) {
$config->addData($data);
}
if ($config->getData('add_variables')) {
$settings = $this->_variableConfig->getWysiwygPluginSettings($config);
$config->addData($settings);
}
if ($config->getData('add_widgets')) {
$settings = $this->_widgetConfig->getPluginSettings($config);
$config->addData($settings);
}
return $config;
}
/**
* Check whether
*
* @return bool
*/
public function isDisplayed()
{
return $this->_authorization->isAllowed('Magento_Adminhtml::cache') && count($this->_getCacheTypesForRefresh()) > 0;
}
/**
* {@inheritdoc}
*/
public function isHidden()
{
return !$this->_authorization->isAllowed('Magento_Sales::transactions_fetch');
}
/**
* Check whether section is allowed for current user
*
* @return bool
*/
public function isAllowed()
{
return isset($this->_data['resource']) ? $this->_authorization->isAllowed($this->_data['resource']) : false;
}
/**
* Check Permission for Rollback
*
* @return bool
*/
public function isRollbackAllowed()
{
return $this->_authorization->isAllowed('Magento_Backup::rollback');
}
/**
* Check whether
*
* @return bool
*/
public function isDisplayed()
{
return $this->_authorization->isAllowed('Magento_Index::index') && $this->_getProcessesForReindex();
}
public function testIsAllowedReturnNegativeValue()
{
$this->_policyMock->expects($this->once())->method('isAllowed')->will($this->returnValue(false));
$this->assertFalse($this->_model->isAllowed('Magento_Module::acl_resource'));
}
/**
* Whether permission is granted
*
* @return bool
*/
protected function isAllowed()
{
return $this->authorization->isAllowed('Magento_Catalog::categories');
}
/**
* Get no display
*
* @return bool
* @SuppressWarnings(PHPMD.BooleanGetMethodName)
*/
public function getNoDisplay()
{
$isNotAllowed = !$this->authorization->isAllowed('Magento_Catalog::categories');
return $this->getData('no_display') || $isNotAllowed;
}