Merge pull request #515 from magento-obsessive-owls/PB-582-security

PB-582: Fix Page Builder builds

Author: omiroshnichenko

app/code/Magento/PageBuilder/Test/Mftf/Data/TemplateData.xml

@@ -49,7 +49,7 @@
         <data key="created">Created</data>
     </entity>
     <!-- User Roles -->
-    <entity name="roleNoPageBuilderTemplates" type="user_role">
+    <entity name="roleNoPageBuilderTemplates" type="user_role" extends="adminRestrictedProductRole">
         <data key="name" unique="suffix">Role_Page_Builder_Templates_</data>
         <data key="rolename" unique="suffix">Role_Page_Builder_Templates_</data>
         <data key="current_password">{{_ENV.MAGENTO_ADMIN_PASSWORD}}</data>
@@ -59,14 +59,14 @@
             <item>1</item>
         </array>
         <array key="resource">
-            <item>Magento_Backend::dashboard</item>
-            <item>Magento_Backend::content</item>
-            <item>Magento_Backend::content_elements</item>
-            <item>Magento_Cms::page</item>
-            <item>Magento_Cms::save</item>
+            <item name="Magento_Backend::dashboard">Magento_Backend::dashboard</item>
+            <item name="Magento_Backend::content">Magento_Backend::content</item>
+            <item name="Magento_Backend::content_elements">Magento_Backend::content_elements</item>
+            <item name="Magento_Cms::page">Magento_Cms::page</item>
+            <item name="Magento_Cms::save">Magento_Cms::save</item>
         </array>
     </entity>
-    <entity name="rolePageBuilderTemplates" type="user_role">
+    <entity name="rolePageBuilderTemplates" type="user_role" extends="adminRestrictedProductRole">
         <data key="name" unique="suffix">Role_Page_Builder_Templates_</data>
         <data key="rolename" unique="suffix">Role_Page_Builder_Templates_</data>
         <data key="current_password">{{_ENV.MAGENTO_ADMIN_PASSWORD}}</data>
@@ -76,15 +76,15 @@
             <item>1</item>
         </array>
         <array key="resource">
-            <item>Magento_Backend::dashboard</item>
-            <item>Magento_Backend::content</item>
-            <item>Magento_Backend::content_elements</item>
-            <item>Magento_Cms::page</item>
-            <item>Magento_Cms::save</item>
-            <item>Magento_PageBuilder::templates</item>
+            <item name="Magento_Backend::dashboard">Magento_Backend::dashboard</item>
+            <item name="Magento_Backend::content">Magento_Backend::content</item>
+            <item name="Magento_Backend::content_elements">Magento_Backend::content_elements</item>
+            <item name="Magento_Cms::page">Magento_Cms::page</item>
+            <item name="Magento_Cms::save">Magento_Cms::save</item>
+            <item name="Magento_PageBuilder::templates">Magento_PageBuilder::templates</item>
         </array>
     </entity>
-    <entity name="rolePageBuilderSaveTemplates" type="user_role">
+    <entity name="rolePageBuilderSaveTemplates" type="user_role" extends="adminRestrictedProductRole">
         <data key="name" unique="suffix">Role_Page_Builder_Save_Templates_</data>
         <data key="rolename" unique="suffix">Role_Page_Builder_Save_Templates_</data>
         <data key="current_password">{{_ENV.MAGENTO_ADMIN_PASSWORD}}</data>
@@ -94,16 +94,16 @@
             <item>1</item>
         </array>
         <array key="resource">
-            <item>Magento_Backend::dashboard</item>
-            <item>Magento_Backend::content</item>
-            <item>Magento_Backend::content_elements</item>
-            <item>Magento_Cms::page</item>
-            <item>Magento_Cms::save</item>
-            <item>Magento_PageBuilder::templates</item>
-            <item>Magento_PageBuilder::template_save</item>
+            <item name="Magento_Backend::dashboard">Magento_Backend::dashboard</item>
+            <item name="Magento_Backend::content">Magento_Backend::content</item>
+            <item name="Magento_Backend::content_elements">Magento_Backend::content_elements</item>
+            <item name="Magento_Cms::page">Magento_Cms::page</item>
+            <item name="Magento_Cms::save">Magento_Cms::save</item>
+            <item name="Magento_PageBuilder::templates">Magento_PageBuilder::templates</item>
+            <item name="Magento_PageBuilder::template_save">Magento_PageBuilder::template_save</item>
         </array>
     </entity>
-    <entity name="rolePageBuilderApplyTemplates" type="user_role">
+    <entity name="rolePageBuilderApplyTemplates" type="user_role" extends="adminRestrictedProductRole">
         <data key="name" unique="suffix">Role_Page_Builder_Apply_Templates_</data>
         <data key="rolename" unique="suffix">Role_Page_Builder_Apply_Templates_</data>
         <data key="current_password">{{_ENV.MAGENTO_ADMIN_PASSWORD}}</data>
@@ -113,16 +113,16 @@
             <item>1</item>
         </array>
         <array key="resource">
-            <item>Magento_Backend::dashboard</item>
-            <item>Magento_Backend::content</item>
-            <item>Magento_Backend::content_elements</item>
-            <item>Magento_Cms::page</item>
-            <item>Magento_Cms::save</item>
-            <item>Magento_PageBuilder::templates</item>
-            <item>Magento_PageBuilder::template_apply</item>
+            <item name="Magento_Backend::dashboard">Magento_Backend::dashboard</item>
+            <item name="Magento_Backend::content">Magento_Backend::content</item>
+            <item name="Magento_Backend::content_elements">Magento_Backend::content_elements</item>
+            <item name="Magento_Cms::page">Magento_Cms::page</item>
+            <item name="Magento_Cms::save">Magento_Cms::save</item>
+            <item name="Magento_PageBuilder::templates">Magento_PageBuilder::templates</item>
+            <item name="Magento_PageBuilder::template_apply">Magento_PageBuilder::template_apply</item>
         </array>
     </entity>
-    <entity name="rolePageBuilderDeleteTemplates" type="user_role">
+    <entity name="rolePageBuilderDeleteTemplates" type="user_role" extends="adminRestrictedProductRole">
         <data key="name" unique="suffix">Role_Page_Builder_Delete_Templates_</data>
         <data key="rolename" unique="suffix">Role_Page_Builder_Delete_Templates_</data>
         <data key="current_password">{{_ENV.MAGENTO_ADMIN_PASSWORD}}</data>
@@ -132,13 +132,13 @@
             <item>1</item>
         </array>
         <array key="resource">
-            <item>Magento_Backend::dashboard</item>
-            <item>Magento_Backend::content</item>
-            <item>Magento_Backend::content_elements</item>
-            <item>Magento_Cms::page</item>
-            <item>Magento_Cms::save</item>
-            <item>Magento_PageBuilder::templates</item>
-            <item>Magento_PageBuilder::template_delete</item>
+            <item name="Magento_Backend::dashboard">Magento_Backend::dashboard</item>
+            <item name="Magento_Backend::content">Magento_Backend::content</item>
+            <item name="Magento_Backend::content_elements">Magento_Backend::content_elements</item>
+            <item name="Magento_Cms::page">Magento_Cms::page</item>
+            <item name="Magento_Cms::save">Magento_Cms::save</item>
+            <item name="Magento_PageBuilder::templates">Magento_PageBuilder::templates</item>
+            <item name="Magento_PageBuilder::template_delete">Magento_PageBuilder::template_delete</item>
         </array>
     </entity>
 </entities>

app/code/Magento/PageBuilder/Test/Mftf/Test/AdminPageBuilderTemplateTests/PageBuilderApplyTemplatesPermission.xml

@@ -19,6 +19,9 @@
             <group value="pagebuilder"/>
             <group value="pagebuilder-templates"/>
             <group value="pagebuilder-templates-permissions"/>
+            <skip>
+                <issueId value="MQE-2160"/>
+            </skip>
         </annotations>
         <before>
             <createData entity="_emptyCmsPage" stepKey="createCMSPage"/>

app/code/Magento/PageBuilder/Test/Mftf/Test/AdminPageBuilderTemplateTests/PageBuilderDeleteTemplatesPermission.xml

@@ -19,6 +19,9 @@
             <group value="pagebuilder"/>
             <group value="pagebuilder-templates"/>
             <group value="pagebuilder-templates-permissions"/>
+            <skip>
+                <issueId value="MQE-2160"/>
+            </skip>
         </annotations>
         <before>
             <createData entity="_emptyCmsPage" stepKey="createCMSPage"/>

app/code/Magento/PageBuilder/Test/Mftf/Test/AdminPageBuilderTemplateTests/PageBuilderSaveTemplatesPermission.xml

@@ -19,6 +19,9 @@
             <group value="pagebuilder"/>
             <group value="pagebuilder-templates"/>
             <group value="pagebuilder-templates-permissions"/>
+            <skip>
+                <issueId value="MQE-2160"/>
+            </skip>
         </annotations>
         <before>
             <createData entity="_emptyCmsPage" stepKey="createCMSPage"/>

app/code/Magento/PageBuilder/Test/Mftf/Test/AdminPageBuilderTemplateTests/PageBuilderTemplatesDisablePageBuilder.xml

@@ -25,12 +25,18 @@
         </before>
         <after>
             <magentoCLI command="config:set cms/pagebuilder/enabled 1" stepKey="enablePageBuilder"/>
+            <actionGroup ref="CliCacheFlushActionGroup" stepKey="flushCache">
+                <argument name="tags" value=""/>
+            </actionGroup>
             <actionGroup ref="AdminLogoutActionGroup" stepKey="logout"/>
         </after>
         <!-- Verify Successful Navigation to Templates Page -->
         <actionGroup ref="navigateToPageBuilderTemplatesGridPage" stepKey="navigateToPageBuilderTemplatesGridPage"/>
         <!-- Disabled Page Builder -->
         <magentoCLI command="config:set cms/pagebuilder/enabled 0" stepKey="disablePageBuilder"/>
+        <actionGroup ref="CliCacheFlushActionGroup" stepKey="flushCache">
+            <argument name="tags" value=""/>
+        </actionGroup>
         <actionGroup ref="AdminLogoutActionGroup" stepKey="logout"/>
         <actionGroup ref="AdminLoginActionGroup" stepKey="loginAsAdmin"/>
         <!-- Verify Unsuccessful Navigation to Templates Page -->

app/code/Magento/PageBuilder/Test/Mftf/Test/AdminPageBuilderTemplateTests/PageBuilderTemplatesPermission.xml

@@ -19,6 +19,9 @@
             <group value="pagebuilder"/>
             <group value="pagebuilder-templates"/>
             <group value="pagebuilder-templates-permissions"/>
+            <skip>
+                <issueId value="MQE-2160"/>
+            </skip>
         </annotations>
         <before>
             <createData entity="rolePageBuilderTemplates" stepKey="role1"/>

dev/tests/api-functional/testsuite/Magento/PageBuilder/Api/ProductAttributeRepositoryTest.php

@@ -45,10 +45,10 @@ private function createPageBuilderAttribute($attributeCode)
                 "frontend_input" => "textarea",
                 "is_wysiwyg_enabled" => 1,
                 "is_visible_on_front" => true,
-                "is_searchable" => true,
-                "is_visible_in_advanced_search" => true,
-                "is_filterable" => true,
-                "is_filterable_in_search" => true,
+                "is_searchable" => false,
+                "is_visible_in_advanced_search" => false,
+                "is_filterable" => false,
+                "is_filterable_in_search" => false,
                 \Magento\Framework\Api\ExtensibleDataInterface::EXTENSION_ATTRIBUTES_KEY => [
                     'is_pagebuilder_enabled' => 1
                 ]

dev/tests/integration/testsuite/Magento/PageBuilder/Controller/Adminhtml/Form/Element/ProductConditionsTest.php

@@ -63,7 +63,10 @@ public function testFormLoadsConditionsFromPost()
         $responseBody = $this->getResponse()->getBody();
 
         // Assert the description rule is loaded correctly
-        $this->assertStringContainsString('<option value="{}" selected="selected">contains</option>', $responseBody);
+        $this->assertMatchesRegularExpression(
+            '/<option value="{}" id="(.+)"\s selected="selected">contains<\/option>/',
+            $responseBody
+        );
         $expected = 'data-ui-id="editable-0-text-parameters-conditions-1-1-value"' .
             '  value="foo" data-form-part="test_namespace"';
         $this->assertStringContainsString($expected, $responseBody);