
Description
This issue is automatically created based on existing pull request: #27429: Add ACL role ID to category tree cache id
Preconditions: (*)
When an admin user views a product's category tree (by editing a product), the category tree is cached with an ID akin to CATALOG_PRODUCT_CATEGORY_TREE_0_
(the $filter
option is not used in the Magento codebase).
This is not compatible with admin users that have limited Role Scopes. If the first admin user to view a product category tree has access to all websites (e.g. Administrator
), this then caches the full category tree for all websites. Then the limited admin user will also see this full category tree even if they should be limited to a single website's category tree. Similarly, if the limited admin user views the category tree after the block cache is cleaned, the Administrator
user will only see a limited category tree.
This pull request adds the admin's user's ACL role ID to the cache ID. This is probably about as performant as we can get.
Steps to reproduce: (*)
- Create a product, category ->
Default Category/default
and assign it to Main Website Store; - Create a new root category with child (
Second Category/second_category
for ex.);
- Create a new Website, Store, Store view (
Second Website
,Second Website Store
,Second Website Store view
) and set Second Category as default;
- Assign a few products to the new website and new category;
- Create a new website-limited admin user with only access to the new website.
⭕ Admin_GWS functionality
- Clean block_html cache and view a product's category tree as an Administrator admin user;
- Log in as the website-limited admin user and view the category tree for any product.
Actual Result: (*)
✖️ The categories from Main Website is shown
Expected Result: (*)
✔️ user should only see a limited category tree
Contribution checklist (*)
- Pull request has a meaningful description of its purpose
- All commits are accompanied by meaningful commit messages
- All new or changed code is covered with unit/integration tests (if applicable)
- All automated tests passed successfully (all builds are green)