View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001045 | OXID eShop (all versions) | 2. ----- eShop backend (admin) ----- | public | 2009-06-26 13:52 | 2012-12-10 15:34 |
| Reporter | rs | Assigned To | |||
| Priority | high | Severity | block | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Summary | 0001045: Problems with admin rights | ||||
| Description | 1. Create user with full rights on "Article" in admin area 2. Login into the admin area with new created user, see "Article" -> no Problem 3. Login as Amdin -> revoke rights for the new created user -> save 4. Set rights again to full for new created user and save 5. Login with new created user, see "Article" -> not posible | ||||
| Tags | No tags attached. | ||||
| Theme | |||||
| Browser | |||||
| PHP Version | |||||
| Database Version | |||||
|
|
Reminder sent to: rs Hello, quick workaround for this problem (till it will be fixed) is: after revoking rights and making them full again (lets say for "Administer Products"), give full rigts also to all submenius of it ("Administer Products -> Products", "Administer Products -> Products -> Main", etc). greetings, Birute M. |
|
|
Hi, several solutions are possible for this: a) if user marked wider access to parent (full from view or deny, view from deny), do it like in opposite way - mark all children with the same right. this is logical, but may sometimes be not really convenient if user has customized lots of children rights, then, accidentally, changed parent rights.. b) assign rights to parent only - dont change children rights (in both directions). full children rights then should be resolved by getting R&R for usage. i.e. even if some node's rights is full access, but it has a parent e.g. with read-only rights, then this node (child) right is reduced to read-only (not saved to db - just reduced real time). the problem arise that user does not SEE real affected (by parent) rights. (could be fixed by adding some info in GUI similarly like article real price - some braketed value) |
|
|
made a spike solution for b. looks unusable and hard to understand. as agreed with Stefan, Tomas and Arvydas, will use variant a :) |
|
|
done by improved variant a :) now setting parent value sets also its children. + there is output in UI (a disabled checkbox) which is automatically marked if parent has any different children (at any depth level) this checkbox could be easily replaced with some icons (grey/green colors, asterisk sign or any other..) |
