AC-15054: Product Add to Cart issue in Rest API

wip44850 · wip44850 · commit 4374e7f23d67 · 2025-07-14T17:59:32.000+05:30
diff --git a/app/code/Magento/Quote/Plugin/UpdateCartId.php b/app/code/Magento/Quote/Plugin/UpdateCartId.php
@@ -1,51 +1,99 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2025 Adobe
+ * All Rights Reserved.
  */
 
 declare(strict_types=1);
 
 namespace Magento\Quote\Plugin;
 
+use Magento\Catalog\Api\ProductRepositoryInterface;
+use Magento\Framework\Exception\LocalizedException;
+use Magento\Framework\Exception\NoSuchEntityException;
 use Magento\Framework\Webapi\Rest\Request as RestRequest;
 use Magento\Quote\Api\Data\CartItemInterface;
 use Magento\Quote\Api\GuestCartItemRepositoryInterface;
+use Magento\Quote\Model\QuoteIdMaskFactory;
+use Magento\Store\Model\StoreManagerInterface;
 
 /**
  * Update cart id from request param
  */
 class UpdateCartId
 {
-    /**
-     * @var RestRequest $request
-     */
-    private $request;
-
     /**
      * @param RestRequest $request
+     * @param ProductRepositoryInterface $productRepository
+     * @param StoreManagerInterface $storeManager
+     * @param QuoteIdMaskFactory $quoteIdMaskFactory
      */
-    public function __construct(RestRequest $request)
-    {
-        $this->request = $request;
+    public function __construct(
+        private readonly RestRequest $request,
+        private readonly ProductRepositoryInterface $productRepository,
+        private readonly StoreManagerInterface      $storeManager,
+        private readonly QuoteIdMaskFactory         $quoteIdMaskFactory
+    ) {
     }
 
     /**
      * Update id from request if param cartId exist
      *
      * @param GuestCartItemRepositoryInterface $guestCartItemRepository
      * @param CartItemInterface $cartItem
-     * @return void
+     * @return array
      * @SuppressWarnings(PHPMD.UnusedFormalParameter)
      */
     public function beforeSave(
         GuestCartItemRepositoryInterface $guestCartItemRepository,
         CartItemInterface $cartItem
-    ): void {
+    ): array {
         $cartId = $this->request->getParam('cartId');
 
         if ($cartId) {
             $cartItem->setQuoteId($cartId);
         }
+        $this->validateProductWebsiteAssignment($cartItem);
+        return [$cartItem];
+    }
+
+    /**
+     * Validate that product is assigned to the current website
+     *
+     * @param CartItemInterface $cartItem
+     * @throws LocalizedException
+     * @throws NoSuchEntityException
+     */
+    private function validateProductWebsiteAssignment(CartItemInterface $cartItem): void
+    {
+        $sku = $cartItem->getSku();
+        if (!$sku) {
+            return;
+        }
+
+        // Get current website ID from the masked cart ID
+        $maskedQuoteId = $cartItem->getQuoteId();
+        $quoteIdMask = $this->quoteIdMaskFactory->create()->load($maskedQuoteId, 'masked_id');
+
+        if (!$quoteIdMask->getQuoteId()) {
+            return;
+        }
+        $currentWebsiteId = $this->storeManager->getStore()->getWebsiteId();
+        try {
+            $product = $this->productRepository->get($sku, false, null);
+
+            $productWebsiteIds = $product->getWebsiteIds();
+
+            // Validate website assignment
+            if (!is_array($productWebsiteIds) || !in_array($currentWebsiteId, $productWebsiteIds)) {
+                throw new LocalizedException(
+                    __('Product that you are trying to add is not available.')
+                );
+            }
+        } catch (NoSuchEntityException $e) {
+            throw new LocalizedException(
+                __('Product that you are trying to add is not available.')
+            );
+        }
     }
 }
diff --git a/app/code/Magento/Quote/etc/webapi_rest/di.xml b/app/code/Magento/Quote/etc/webapi_rest/di.xml
@@ -23,11 +23,6 @@
     <type name="Magento\Quote\Model\QuoteValidator">
         <plugin name="error_redirect_processor" type="Magento\Quote\Plugin\Webapi\Model\ErrorRedirectProcessor" />
     </type>
-    <type name="Magento\Quote\Api\GuestCartItemRepositoryInterface">
-        <plugin name="validateProductWebsiteAssignmentGuest"
-                type="Magento\Quote\Plugin\Webapi\ValidateProductWebsiteAssignmentForGuest"
-                sortOrder="100" />
-    </type>
     <type name="Magento\Quote\Api\CartItemRepositoryInterface">
         <plugin name="validateProductWebsiteAssignment"
                 type="Magento\Quote\Plugin\Webapi\ValidateProductWebsiteAssignment"
diff --git a/dev/tests/api-functional/testsuite/Magento/Quote/Api/ValidateProductWebsiteAssignmentTest.php b/dev/tests/api-functional/testsuite/Magento/Quote/Api/ValidateProductWebsiteAssignmentTest.php
@@ -0,0 +1,266 @@
+<?php
+/**
+ * Copyright 2025 Adobe
+ * All Rights Reserved.
+ */
+declare(strict_types=1);
+
+namespace Magento\Quote\Test\Api;
+
+use Magento\Catalog\Test\Fixture\Product;
+use Magento\Customer\Test\Fixture\Customer;
+use Magento\Store\Test\Fixture\Website;
+use Magento\Store\Test\Fixture\Store;
+use Magento\Store\Test\Fixture\Group;
+use Magento\TestFramework\Fixture\DataFixture;
+use Magento\TestFramework\Fixture\DataFixtureStorageManager;
+use Magento\TestFramework\TestCase\WebapiAbstract;
+
+/**
+ * Web API REST test for ValidateProductWebsiteAssignment plugins using fixtures
+ *
+ * @magentoAppArea webapi_rest
+ */
+class ValidateProductWebsiteAssignmentTest extends WebapiAbstract
+{
+    /**
+     * @var DataFixtureStorageManager
+     */
+    private $fixtures;
+
+    /**
+     * @var string
+     */
+    private $customerToken;
+
+    /**
+     * @var string
+     */
+    private $guestCartId;
+
+    /**
+     * Setup test environment
+     */
+    protected function setUp(): void
+    {
+        $this->_markTestAsRestOnly();
+        parent::setUp();
+        $this->fixtures = DataFixtureStorageManager::getStorage();
+    }
+
+    /**
+     * Test customer cart REST API validates product website assignment successfully
+     */
+    #[
+        DataFixture(Website::class, ['code' => 'test_website', 'name' => 'Test Website'], 'website2'),
+        DataFixture(Group::class, ['website_id' => '$website2.id$'], 'store_group2'),
+        DataFixture(Store::class, ['store_group_id' => '$store_group2.id$'], 'store2'),
+        DataFixture(
+            Product::class,
+            [
+                'sku' => 'product-base-website',
+                'name' => 'Product Base Website',
+                'price' => 10.00,
+                'website_ids' => [1], // Base website only
+                'stock_data' => ['use_config_manage_stock' => 1, 'qty' => 100, 'is_in_stock' => 1]
+            ],
+            'product_base'
+        ),
+        DataFixture(
+            Customer::class,
+            [
+                'website_id' => 1
+            ],
+            'customer'
+        )
+    ]
+    public function testCustomerCartRestApiValidatesProductWebsiteAssignmentSuccessfully(): void
+    {
+        $customer = $this->fixtures->get('customer');
+        $product = $this->fixtures->get('product_base');
+
+        // Get customer token
+        $this->customerToken = $this->getCustomerToken($customer->getEmail(), 'password');
+
+        // Create customer cart
+        $this->createCustomerCart();
+
+        // Add product to cart via REST API
+        $serviceInfo = [
+            'rest' => [
+                'resourcePath' => '/V1/carts/mine/items',
+                'httpMethod' => \Magento\Framework\Webapi\Rest\Request::HTTP_METHOD_POST,
+                'token' => $this->customerToken,
+            ],
+        ];
+
+        $cartItem = [
+            'cartItem' => [
+                'sku' => $product->getSku(),
+                'qty' => 1,
+            ],
+        ];
+
+        $result = $this->_webApiCall($serviceInfo, $cartItem);
+
+        $this->assertNotNull($result);
+        $this->assertEquals($product->getSku(), $result['sku']);
+        $this->assertEquals(1, $result['qty']);
+    }
+
+    /**
+     * Test customer cart REST API throws exception when product not on website
+     */
+    #[
+        DataFixture(Website::class, ['code' => 'test_website', 'name' => 'Test Website'], 'website2'),
+        DataFixture(Group::class, ['website_id' => '$website2.id$'], 'store_group2'),
+        DataFixture(Store::class, ['store_group_id' => '$store_group2.id$'], 'store2'),
+        DataFixture(
+            Product::class,
+            [
+                'sku' => 'product-second-website',
+                'name' => 'Product Second Website',
+                'price' => 15.00,
+                'website_ids' => ['$website2.id$'], // Second website only
+                'stock_data' => ['use_config_manage_stock' => 1, 'qty' => 100, 'is_in_stock' => 1]
+            ],
+            'product_second'
+        ),
+        DataFixture(
+            Customer::class,
+            [
+                'website_id' => 1 // Base website
+            ],
+            'customer'
+        )
+    ]
+    public function testCustomerCartRestApiThrowsExceptionWhenProductNotOnWebsite(): void
+    {
+        $customer = $this->fixtures->get('customer');
+        $product = $this->fixtures->get('product_second');
+
+        $this->customerToken = $this->getCustomerToken($customer->getEmail(), 'password');
+
+        $this->createCustomerCart();
+
+        // Try to add product from wrong website
+        $serviceInfo = [
+            'rest' => [
+                'resourcePath' => '/V1/carts/mine/items',
+                'httpMethod' => \Magento\Framework\Webapi\Rest\Request::HTTP_METHOD_POST,
+                'token' => $this->customerToken,
+            ],
+        ];
+
+        $cartItem = [
+            'cartItem' => [
+                'sku' => $product->getSku(),
+                'qty' => 1,
+            ],
+        ];
+
+        // This should throw an exception
+        $this->expectException(\Exception::class);
+        $this->expectExceptionMessage('Product that you are trying to add is not available.');
+
+        $this->_webApiCall($serviceInfo, $cartItem);
+    }
+
+    /**
+     * Test guest cart REST API throws exception when product not on website
+     */
+    #[
+        DataFixture(Website::class, ['code' => 'test_website', 'name' => 'Test Website'], 'website2'),
+        DataFixture(Group::class, ['website_id' => '$website2.id$'], 'store_group2'),
+        DataFixture(Store::class, ['store_group_id' => '$store_group2.id$'], 'store2'),
+        DataFixture(
+            Product::class,
+            [
+                'sku' => 'product-second-guest',
+                'name' => 'Product Second Guest',
+                'price' => 18.00,
+                'website_ids' => ['$website2.id$'], // Second website only
+                'stock_data' => ['use_config_manage_stock' => 1, 'qty' => 100, 'is_in_stock' => 1]
+            ],
+            'product_second'
+        )
+    ]
+    public function testGuestCartRestApiThrowsExceptionWhenProductNotOnWebsite(): void
+    {
+        $product = $this->fixtures->get('product_second');
+
+        $this->setupGuestCart();
+
+        // Try to add product from wrong website
+        $serviceInfo = [
+            'rest' => [
+                'resourcePath' => '/V1/guest-carts/' . $this->guestCartId . '/items',
+                'httpMethod' => \Magento\Framework\Webapi\Rest\Request::HTTP_METHOD_POST,
+            ],
+        ];
+
+        $cartItem = [
+            'cartItem' => [
+                'sku' => $product->getSku(),
+                'qty' => 1,
+            ],
+        ];
+
+        // This should throw an exception
+        $this->expectException(\Exception::class);
+        $this->expectExceptionMessage('Product that you are trying to add is not available.');
+
+        $this->_webApiCall($serviceInfo, $cartItem);
+    }
+
+    /**
+     * Get customer authentication token
+     */
+    private function getCustomerToken(string $email, string $password): string
+    {
+        $serviceInfo = [
+            'rest' => [
+                'resourcePath' => '/V1/integration/customer/token',
+                'httpMethod' => \Magento\Framework\Webapi\Rest\Request::HTTP_METHOD_POST,
+            ],
+        ];
+
+        $credentials = [
+            'username' => $email,
+            'password' => $password,
+        ];
+
+        return $this->_webApiCall($serviceInfo, $credentials);
+    }
+
+    /**
+     * Create customer cart
+     */
+    private function createCustomerCart(): void
+    {
+        $serviceInfo = [
+            'rest' => [
+                'resourcePath' => '/V1/carts/mine',
+                'httpMethod' => \Magento\Framework\Webapi\Rest\Request::HTTP_METHOD_POST,
+                'token' => $this->customerToken,
+            ],
+        ];
+
+        $this->_webApiCall($serviceInfo);
+    }
+
+    /**
+     * Setup guest cart
+     */
+    private function setupGuestCart(): void
+    {
+        $serviceInfo = [
+            'rest' => [
+                'resourcePath' => '/V1/guest-carts',
+                'httpMethod' => \Magento\Framework\Webapi\Rest\Request::HTTP_METHOD_POST,
+            ],
+        ];
+
+        $this->guestCartId = $this->_webApiCall($serviceInfo);
+    }
+}
