Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix admin ACL mismatch for OAuth (#3272) #3274

Merged
merged 11 commits into from
May 21, 2023
Merged

Fix admin ACL mismatch for OAuth (#3272) #3274

merged 11 commits into from
May 21, 2023

Conversation

Tomasz-Silpion
Copy link
Contributor

Description (*)

This PR fixes ACL issue in Mage_Oauth adminhtml.xml that causes silent Zend_Acl_Exception throw on every admin page and no access to REST consumers/tokens for users with custom role resource access

Related Pull Requests

Fixed Issues (if relevant)

  1. Fixes Silent Zend_Acl_Exception throw and no access to OAuth Consumers/Tokens for admins with custom resource access #3272

Manual testing scenarios (*)

  1. Create admin user with custom resource access including full System -> Web Service
  2. Login as that admin user
  3. Try to find REST - OAuth Consumers or REST - OAuth Authorized Tokens in System -> Web Service menu

Questions or comments

Contribution checklist (*)

  • Pull request has a meaningful description of its purpose
  • All commits are accompanied by meaningful commit messages
  • All automated tests passed successfully (all builds are green)
  • Add yourself to contributors list

@github-actions github-actions bot added the Component: Oauth Relates to Mage_Oauth label May 19, 2023
@Tomasz-Silpion Tomasz-Silpion mentioned this pull request May 19, 2023
Closed
4 tasks
kiatng
kiatng previously approved these changes May 19, 2023
View reviewed changes
Copy link
Contributor

@kiatng kiatng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested the upgrade script.

@kiatng
Copy link
Contributor

kiatng commented May 19, 2023

@fballiano The PHP-CS-Fixer error is related to PR #2210 and not related to this PR. Not sure what to do.

@fballiano
Copy link
Contributor

@kiatng it was a single space character so I've fixed it directly and pushed it to main in 090e217 (I know I know... but...) hope it all works out now, let's see.

fballiano
fballiano previously approved these changes May 19, 2023
View reviewed changes
Copy link
Contributor

@fballiano fballiano left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tested the custom role before/after the upgrade and it give access to the backend mask (which previously was unavailable)

kiatng
kiatng previously approved these changes May 19, 2023
View reviewed changes
@fballiano fballiano dismissed stale reviews from kiatng and themself via 850958b May 21, 2023 11:02
@fballiano fballiano merged commit 68cb9ec into OpenMage:main May 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fballiano fballiano fballiano left review comments

@kiatng kiatng kiatng left review comments

Assignees
No one assigned
Labels
Component: Oauth Relates to Mage_Oauth
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Silent Zend_Acl_Exception throw and no access to OAuth Consumers/Tokens for admins with custom resource access
3 participants
@Tomasz-Silpion @kiatng @fballiano