Bulk ACL management for AsynchronousOperations Admin UI

[nuzil]

Description (*)

After Migrating of Asynchronous Operations from Magento Commerce to Magento Open Source, looks like part of functionality was extended.

In details:
In magento_bulk table was added user_type, which defines type of the user who created Bulk Operation.

Possible types are:

• Admin
• Integration
• Guest
• Customer

In current implementation all Admin UI components have no idea about user type:

https://github.com/magento/magento2/blob/2.4-develop/app/code/Magento/AsynchronousOperations/view/adminhtml/ui_component/bulk_listing.xml - in default Grid there are NO DataSource is defined, so Admin see the whole operations, but at the same time, he cannot see Details of those operations:

https://github.com/magento/magento2/blob/2.4-develop/app/code/Magento/AsynchronousOperations/Controller/Adminhtml/Bulk/Details.php#L52

But at you can see from implementation,
https://github.com/magento/magento2/blob/2.4-develop/app/code/Magento/AsynchronousOperations/Model/AccessValidator.php#L58

that permissions are checked based on UserID and fully ignoring UserType. Which means, that Admin has access to All transactions or all user types with the same ID.

Fixed Issues (if relevant)

Current implementation will add:

• New ACL roles for give possibilities for Admin define permissions for Admin/Integration user to have access only to specific user types operations.
• With restricted user role, Admin will be able to see only operations that are assigned to him, View detailes or Restart them
• Also Admin notifications will be restricted only to allowed.

Questions or comments

Auto tests still in process, but main implementation can be already reviewed.

Contribution checklist (*)

• Pull request has a meaningful description of its purpose
• All commits are accompanied by meaningful commit messages
• All new or changed code is covered with unit/integration tests (if applicable)
• All automated tests passed successfully (all builds are green)

Resolved issues:

1. resolves [Issue] Bulk ACL management for AsynchronousOperations Admin UI #29757: Bulk ACL management for AsynchronousOperations Admin UI

[m2-assistant]

Hi @nuzil. Thank you for your contribution
Here is some useful tips how you can test your changes using Magento test environment.
Add the comment under your pull request to deploy test or vanilla Magento instance:

• @magento give me test instance - deploy test instance based on PR changes
• @magento give me 2.4-develop instance - deploy vanilla Magento instance

For more details, please, review the Magento Contributor Guide documentation.

[sidolov]

@magento create issue

[sidolov]

Adding the new methods to the interface is backward-incompatible change. Please, introduce new interface with this method.

[sidolov]

Should be extracted to the separate class

[sidolov]

Should be extracted to separate class

[sidolov]

Is it possible to make constants private?

[sidolov]

I prefer to split this class into three with one method.

[engcom-Charlie]

@nuzil can you please look at the requested changes?
Thank you.

[engcom-Charlie]

Hi @nuzil, I'm closing this PR now due to inactivity.
Please reopen and update if you wish to continue.
Thank you for your collaboration.

[m2-assistant]

Hi @nuzil, thank you for your contribution!
Please, complete Contribution Survey, it will take less than a minute.
Your feedback will help us to improve contribution process.

[nuzil]

Hi @engcom-Charlie
I'm on it. As you can see I sync up branches only 4 days ago. Its require some time to refactor so many stuff.

[m2-assistant]

Hi @nuzil. Thank you for your contribution
Here is some useful tips how you can test your changes using Magento test environment.
Add the comment under your pull request to deploy test or vanilla Magento instance:

• @magento give me test instance - deploy test instance based on PR changes
• @magento give me 2.4-develop instance - deploy vanilla Magento instance

❗ Automated tests can be triggered manually with an appropriate comment:

• @magento run all tests - run or re-run all required tests against the PR changes
• @magento run <test-build(s)> - run or re-run specific test build(s)
  For example: @magento run Unit Tests

<test-build(s)> is a comma-separated list of build names. Allowed build names are:

1. Database Compare
2. Functional Tests CE
3. Functional Tests EE,
4. Functional Tests B2B
5. Integration Tests
6. Magento Health Index
7. Sample Data Tests CE
8. Sample Data Tests EE
9. Sample Data Tests B2B
10. Static Tests
11. Unit Tests
12. WebAPI Tests

You can find more information about the builds here

ℹ️ Please run only needed test builds instead of all when developing. Please run all test builds before sending your PR for review.

For more details, please, review the Magento Contributor Guide documentation.

[gabrieldagama]

Moving the PR to the correct state, as @nuzil mentioned, it is being worked on.

[engcom-Charlie]

Hi, @nuzil will you continue on this PR?
Thank you.

[engcom-Charlie]

Hi @nuzil, I'm closing this PR now due to inactivity.
Please reopen and update if you wish to continue.
Thank you for your collaboration.

[m2-assistant]

Hi @nuzil, thank you for your contribution!
Please, complete Contribution Survey, it will take less than a minute.
Your feedback will help us to improve contribution process.

[engcom-Charlie]

Closed as duplicate #30806.

[m2-assistant]

Hi @nuzil, thank you for your contribution!
Please, complete Contribution Survey, it will take less than a minute.
Your feedback will help us to improve contribution process.