View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001117 | OXID eShop (all versions) | 2.5. Administer users | public | 2009-07-20 13:48 | 2012-12-10 13:15 |
| Reporter | Moehlis | Assigned To | |||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 4.1.3 revision 19918 | ||||
| Fixed in Version | 4.1.4 revision 21266 | ||||
| Summary | 0001117: admin has no delete right but delete button is displayed | ||||
| Description | Affects all backend lists. If a admin has no right to delete items, the delete button is not removed. Source of this tiny error seemy to be oxubase:canDo(): $oRights = $this->getRights(); if ( $this->isAdmin() || !$oRights ) { return true; } When calling the delete function, canDelete() is used to determine the user right, this works fine so user cannot delete anything. So some buttons (to delete item, or insert new one) are still displayed in the interface thought the admin user has no permissions to do that. But when clicking on these buttons - nothing happens (items are not deleted, nor inserted). For fix - is user has no rights to do some action - make sure that buttons for those actions are not even displayed in the interface. | ||||
| Tags | Rights & Roles | ||||
| Theme | |||||
| Browser | All | ||||
| PHP Version | 5.2.6 | ||||
| Database Version | 5.0.33 | ||||
|
|
description how to reproduce the bug: Admin -> Administer users -> Admin roles -> Objects there are possibility to set (I)nsert, (X)Delete for product and category. Mark checkbox I for category and checkbox X for product. this means, admin with this role will be able to create categories (but not to delete them) and to delete products (but not to create them). login to admin with this specific admin and go to product list. both buttons for creating new product and deleting it appears. however, if user tries to create new product, nothing hapens. product is not created and now message is displayed why. then go to categories. both buttons for creating and deleting category are visible again. try to create new category -> its ok. try to delete same category -> after confirming deletion nothing happens. category still exist and no message why it was not deleted is shown. |
|
|
Reminder sent to: Moehlis Description of the bug was changed as admin user still cannot harm the data, only buttons are displayed (what shouldn't be). |
|
|
fixed |
