Fix broken CMS Block listing page for admin users with limited permissions

[ihor-sviziev]

The Magento\Cms\Ui\Component\DataProvider is designed both for cms_page_listing_data_source and cms_block_listing_data_source. However, currently in the prepareMetadata method, we have cms-page-only code, and this code actually causing failure.

This pull request adds check, so that cms-page-related code is executed only when the related datasource is currently used.

Description (*)

Related Pull Requests

Fixed Issues (if relevant)

1. Fixes CMS Block listing page doesn't work for admin users with limited permissions #39665

Manual testing scenarios (*)

1. See in linked issue
2. ...

Questions or comments

Contribution checklist (*)

• Pull request has a meaningful description of its purpose
• All commits are accompanied by meaningful commit messages
• All new or changed code is covered with unit/integration tests (if applicable)
• README.md files for modified modules are updated and included in the pull request if any README.md predefined sections require an update
• All automated tests passed successfully (all builds are green)

[m2-assistant]

Hi @ihor-sviziev. Thank you for your contribution!
Here are some useful tips on how you can test your changes using Magento test environment.
❗ Automated tests can be triggered manually with an appropriate comment:

• @magento run all tests - run or re-run all required tests against the PR changes
• @magento run <test-build(s)> - run or re-run specific test build(s)
  For example: @magento run Unit Tests

<test-build(s)> is a comma-separated list of build names.

Allowed build names are:

1. Database Compare
2. Functional Tests CE
3. Functional Tests EE
4. Functional Tests B2B
5. Integration Tests
6. Magento Health Index
7. Sample Data Tests CE
8. Sample Data Tests EE
9. Sample Data Tests B2B
10. Static Tests
11. Unit Tests
12. WebAPI Tests
13. Semantic Version Checker

You can find more information about the builds here
ℹ️ Run only required test builds during development. Run all test builds before sending your pull request for review.

---

For more details, review the Code Contributions documentation.
Join Magento Community Engineering Slack and ask your questions in #github channel.

[ihor-sviziev]

@magento run all tests

[ihor-sviziev]

@magento run all tests

[ihor-sviziev]

@magento run Functional Tests B2B

[ihor-sviziev]

@magento run all tests

[hostep]

Thanks @ihor-sviziev!

A client of ours ran into the same problem a couple of days ago and I can confirm that this change fixes it. It looks good to me.

Let's hope Adobe will include it in the next security releases, as this is a regression bug which was introduced in the previous security releases.
/cc @nathanjosiah

[Copilot]

Pull Request Overview

This pull request fixes a bug in the CMS Block listing page for admin users with limited permissions by ensuring that CMS page–specific code runs only when the datasource is for CMS pages. Key changes include:

• Adding a conditional check in the DataProvider to run CMS page logic only for 'cms_page_listing_data_source'.
• Updating unit tests to use createMock and adding a test for the CMS block listing datasource.
• Adjusting type hints and use statements to work with AuthorizationInterface.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
app/code/Magento/Cms/Ui/Component/DataProvider.php	Added a guard clause in prepareMetadata to limit CMS page logic.
app/code/Magento/Cms/Test/Unit/Ui/Component/Listing/DataProviderTest.php	Updated mocks and added a new test for CMS block listing datasource.

Comments suppressed due to low confidence (1)

app/code/Magento/Cms/Test/Unit/Ui/Component/Listing/DataProviderTest.php:126

• The test expects two isAllowed calls, but the updated DataProvider logic only invokes one call for CMS page datasource. Consider updating the expectation to match the new conditional behavior.

$this->authorizationMock->expects($this->exactly(2))

[engcom-Hotel]

@magento run all tests