Fixed #26118 Cms Block Graphql Scope wise Data issue

[shikhamis11]

Fixed #26118 cmsBlocks that has scope limited to specific Store View can be seen on other Store Views in case there are Blocks with identical identifiers on both Store Views

Preconditions (*)

Case 1:
1 Website, 1 Store, 2 Store Views

Case 2:
2 Websites, 2 Stores (one per website), 2 Store Views (one per store)

I will demonstrate case 2, because I believe it has higher severity.

1. Navigate to Stores > Settings > All Stores
2. Create Websites

• Name: {English Website, German Website}
• Code: {engsite, germsite}

3. Create Stores

• Name: {English Store, German Store}
• Code: {engstore, germstore}

4. Create Store Views

• Name: {English Store View, German Store View}
• Code: {engstv, germstv}

5. Verify

Web Site	Store	Store View
English Website (Code: engsite)	English Store (Code: engstore)	English Store View (Code: engstv)
German Website (Code: germsite)	German Store (Code: germstore)	German Store View (Code: germstv)
Main Website (Code: base)	Main Website Store (Code: main_website_store)	Default Store View (Code: default)

6. In the General/Store Email Addresses inside of the General Contact section Sender Name for the Default Config is set to Owner and "Use Website" is checked
7. In the General/Store Email Addresses inside of the General Contact section Sender Email for the Default Config is set to [email protected] and "Use Website" is checked
8. In the General/General inside of the Store Information section Store Name for the Default Config is empty.
9. Navigate to Content > Elements > Blocks and create

• Block Title: Test Block English
• Identifier: test-block
• Store View: English Store View (exclusively)
  Content:

<h1>H1 Eng</h1>
<p>{{config path="trans_email/ident_general/name"}}</p>
<p>{{config path="trans_email/ident_general/email"}}</p>
<p>{{config path="general/store_information/name"}}</p>

10. Click Save and duplicate. Enable the page. and set identifier to "test-block-2". And Save block.
11. Navigate to Content > Elements > Blocks and create

• Block Title: Test Block German
• Identifier: test-block
• Store View: German Store View (exclusively)
  Content:

<h1>H1 Germ</h1>
<p>{{config path="trans_email/ident_general/name"}}</p>
<p>{{config path="trans_email/ident_general/email"}}</p>
<p>{{config path="general/store_information/name"}}</p>

12. Navigate to Content > Elements > Pages and edit "no-route"
13. Don't change anything, just click "Save and duplicate" button
14. Change the information to satisfy next conditions:

• Enable Page - Yes
• Page Title - 404 Not Found Alternative
• URL Key - no-route-alternative
• Page in Websites - German Store View (exclusively)
• Content - leave unchanged for this moment

15. Click save:
16. Scroll to content and paste in editor mode.

<dd>
    <ul class="disc">
        <li>If you typed the URL directly, please make sure the spelling is correct.</li>
        <li>If you clicked on a link to get here, the link is outdated.</li>
    </ul>
</dd>
</dl>
<dl>
    <dt>What can you do?</dt>
    <dd>Have no fear, help is near! There are many ways you can get back on track with Magento Store.</dd>
</dl>
<p>Store variable:</p>
<p>{{config path="general/store_information/name"}}</p>
<p>Block:</p>
<p>{{widget type="Magento\Cms\Block\Widget\Block" template="widget/static_block/default.phtml" block_id="4"}}&nbsp;</p>
<dl>
    <dd>
        <ul class="disc">
            <li><a href="#">Go back</a> to the previous page.</li>
            <li>Use the search bar at the top of the page to search for your products.</li>
            <li>Follow these links to get you back on track!<br><a href="{{store url=&quot;&quot;}}">Store Home</a> <span class="separator">|</span> <a href="{{store url=&quot;customer/account&quot;}}">My Account</a></li>
        </ul>
    </dd>
</dl>

17. Switch to WYSIWYG mode and replace the CMS Static Block by selecting it from the grid that appears when you click "Select Block" button in Widget Options section. Chose "Test Block English". It is negative testing. The point here is to select the block that is restricted to the scope that is inappropriate here. Click "Save"
18. Navigate to Stores > Settings > Configuration > General > Web > URL Options and set Add Store Code to Urls to Yes globally
19. Navigate to Stores > Settings > Configuration > General > Web > Default Pages
20. Change scope to "German Store View"
21. Change CMS No Route Page to "404 Not Found Alternative"
22. Save and Flush Cache

Steps to reproduce (*)

1. Navigate to {{base_url}}/germstv/the-page-was-never-found.html
2. Verify that page contains "Block:", is displayed correctly but the content of the block element is not displayed.
3. Perform 2 assertions and compare actual and expected result after each assertion:

Assertion 1

Query:

query showCmsBlock(
  $identifiers: [String]
) {
  storeConfig {
    code
  }
  cmsBlocks(
    identifiers: $identifiers
  ) {
    items {
      content
      title
      identifier
    }
  }
}

Variables:

{
  "identifiers": ["test-block-2"]
}

Headers:

{
  "Store": "germstv"
}

Assertion 2

Query:

query showCmsBlock(
  $identifiers: [String]
) {
  storeConfig {
    code
  }
  cmsBlocks(
    identifiers: $identifiers
  ) {
    items {
      content
      title
      identifier
    }
  }
}

Variables:

{
  "identifiers": ["test-block"]
}

Headers:

{
  "Store": "germstv"
}

Expected result (*)

Assertion 1.

The scope is not ignored

1. there should be restrictions by store
2. unassigned store cannot be viewed in the browser
3. disabled store is not reachable in any way at least from external. Only admin token should allow such things.

{
  "errors": [
    {
      "message": "The CMS block with the \"test-block-2\" ID doesn't exist.",
      "category": "graphql-no-such-entity",
      "locations": [
        {
          "line": 6,
          "column": 5
        }
      ],
      "path": [
        "cmsBlocks",
        "items",
        0
      ]
    }
  ],
  "data": {
    "storeConfig": {
      "code": "germstv"
    },
    "cmsBlocks": {
      "items": [
        null
      ]
    }
  }
}

Assertion 2

{
  "data": {
    "storeConfig": {
      "code": "germstv"
    },
    "cmsBlocks": {
      "items": [
        {
          "content": "<h1>H1 Germ</h1>\r\n<p>Owner Germ</p>\r\n<p>[email protected]</p>\r\n<p>German Store View</p>",
          "title": "Test Block German",
          "identifier": "test-block"
        }
      ]
    }
  }
}

Actual result (*)

Assertion 1

The scope was ignored. Sensitive data like email, telephone number, etc. is shown even if:

1. everything according to preconditions (test-coverage)
2. the store is not the current store (test-coverage)
3. the store is disabled (test-coverage)

{
  "data": {
    "storeConfig": {
      "code": "germstv"
    },
    "cmsBlocks": {
      "items": [
        {
          "content": "<h1>H1 Eng</h1>\r\n<p>Owner Germ</p>\r\n<p>[email protected]</p>\r\n<p>German Store View</p>",
          "title": "Test Block English",
          "identifier": "test-block-2"
        }
      ]
    }
  }
}

Assertion 2

The title and the content are wrong. Only values of variables are correct, but not the selection of the variables (test-coverage)

{
  "data": {
    "storeConfig": {
      "code": "germstv"
    },
    "cmsBlocks": {
      "items": [
        {
          "content": "<h1>H1 Eng</h1>\r\n<p>Owner Germ</p>\r\n<p>[email protected]</p>\r\n<p>German Store View</p>",
          "title": "Test Block English",
          "identifier": "test-block"
        }
      ]
    }
  }
}

Contribution checklist (*)

• Pull request has a meaningful description of its purpose
• All commits are accompanied by meaningful commit messages
• All new or changed code is covered with unit/integration tests (if applicable)
• All automated tests passed successfully (all builds are green)

[m2-assistant]

Hi @shikhamis11. Thank you for your contribution
Here is some useful tips how you can test your changes using Magento test environment.
Add the comment under your pull request to deploy test or vanilla Magento instance:

• @magento give me test instance - deploy test instance based on PR changes
• @magento give me 2.4-develop instance - deploy vanilla Magento instance

For more details, please, review the Magento Contributor Guide documentation.

[naydav]

Hi @shikhamis11,

You need to load block by 2 parameters: block_id and store_id

\Magento\Cms\Api\BlockRepositoryInterface::getById is used for loading only by id
For loading by a few parameters need to use \Magento\Cms\Api\BlockRepositoryInterface::getList
This method was introduced specially for such cases when you need to load by a few parameters (like search)

So, you can make refactoring of GraphQL resolver and start to use \Magento\Cms\Api\BlockRepositoryInterface::getList for block loading.

store_id could be the second parameter in GraphQL data provider

[VladimirZaets]

Hi @shikhamis11. Thank you for collaboration. Can you please fix the tests and cover your changes by automated ( I think web API ) tests? If you need any help feel free to chat me!

[shikhamis11]

hi @VladimirZaets
Thank you for your review . Can you guide me for web API test as I have not experience in writing test

[danielrenaud]

Hi @shikhamis11
You can find some existing GraphQl api test here for reference: https://github.com/magento/magento2/tree/2.4-develop/dev/tests/api-functional/testsuite/Magento/GraphQl

[m2-assistant]

Hi @shikhamis11, thank you for your contribution!
Please, complete Contribution Survey, it will take less than a minute.
Your feedback will help us to improve contribution process.