Skip to content

Commit 3e63705

Browse files
tranthienbinh1989tranthienbinh1989
committed
AC-9924 AC-11581 AC-12392 improve ACL check
1 parent 15f31fd commit 3e63705

File tree

7 files changed

+21
-7
lines changed

7 files changed

+21
-7
lines changed

app/code/Magento/Backend/Controller/Adminhtml/System/Design.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,10 +14,10 @@ abstract class Design extends Action
1414
*
1515
* @see _isAllowed()
1616
*/
17-
const ADMIN_RESOURCE = 'Magento_Backend::schedule';
17+
public const ADMIN_RESOURCE = 'Magento_Backend::schedule';
1818

1919
/**
20-
* Core registry
20+
* Core registry instance
2121
*
2222
* @var \Magento\Framework\Registry
2323
*/

app/code/Magento/Quote/etc/webapi.xml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,6 @@
1313
<service class="Magento\Quote\Api\CartRepositoryInterface" method="get"/>
1414
<resources>
1515
<resource ref="Magento_Cart::manage" />
16-
<resource ref="Magento_Customer::customer" />
1716
</resources>
1817
</route>
1918
<route url="/V1/carts/search" method="GET">

app/code/Magento/Sales/Controller/Adminhtml/Order/Invoice/Cancel.php

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,10 @@
66
*/
77
namespace Magento\Sales\Controller\Adminhtml\Order\Invoice;
88

9-
class Cancel extends \Magento\Sales\Controller\Adminhtml\Invoice\AbstractInvoice\View
9+
use Magento\Framework\App\Action\HttpPostActionInterface;
10+
use Magento\Sales\Controller\Adminhtml\Invoice\AbstractInvoice\View;
11+
12+
class Cancel extends View implements HttpPostActionInterface
1013
{
1114
/**
1215
* Authorization level of a basic admin session

app/code/Magento/Sales/Controller/Adminhtml/Order/Invoice/Capture.php

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,10 @@
66
*/
77
namespace Magento\Sales\Controller\Adminhtml\Order\Invoice;
88

9-
class Capture extends \Magento\Sales\Controller\Adminhtml\Invoice\AbstractInvoice\View
9+
use Magento\Framework\App\Action\HttpPostActionInterface;
10+
use Magento\Sales\Controller\Adminhtml\Invoice\AbstractInvoice\View;
11+
12+
class Capture extends View implements HttpPostActionInterface
1013
{
1114
/**
1215
* Authorization level of a basic admin session

app/code/Magento/Sales/Controller/Adminhtml/Order/Invoice/UpdateQty.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,8 @@
1818
use Magento\Sales\Controller\Adminhtml\Invoice\AbstractInvoice\View as AbstractView;
1919

2020
/**
21-
* Class UpdateQty
21+
* Class UpdateQty to update invoice items qty
22+
*
2223
* @SuppressWarnings(PHPMD.CouplingBetweenObjects)
2324
*/
2425
class UpdateQty extends AbstractView implements HttpPostActionInterface

app/code/Magento/Sales/Controller/Adminhtml/Order/Invoice/VoidAction.php

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,10 @@
66
*/
77
namespace Magento\Sales\Controller\Adminhtml\Order\Invoice;
88

9-
class VoidAction extends \Magento\Sales\Controller\Adminhtml\Invoice\AbstractInvoice\View
9+
use Magento\Framework\App\Action\HttpPostActionInterface;
10+
use Magento\Sales\Controller\Adminhtml\Invoice\AbstractInvoice\View;
11+
12+
class VoidAction extends View implements HttpPostActionInterface
1013
{
1114
/**
1215
* Authorization level of a basic admin session

dev/tests/integration/testsuite/Magento/Sales/Controller/Adminhtml/Order/Invoice/SaveTest.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,11 @@ class SaveTest extends AbstractInvoiceControllerTest
3333
/** @var Item */
3434
private $orderItemResource;
3535

36+
/**
37+
* @var string
38+
*/
39+
protected $resource = "Magento_Sales::invoice";
40+
3641
/**
3742
* @inheritdoc
3843
*/

0 commit comments

Comments
 (0)