View Issue Details

IDProjectCategoryView StatusLast Update
0005735OXID eShop (all versions)1.05. Userspublic2018-01-29 14:11
Reportergerldental Assigned To 
PriorityhighSeveritymajorReproducibilityalways
Status resolvedResolutionreopened 
Product Version4.8.4 / 5.1.4 
Fixed in Version6.0.1 
Summary0005735: user role 'admin' dont't have rights to save banner-promotion
Descriptionhere is seems to be user-rights issue in backend. I have an user with admin-rights in main shop. As fulls rights for the promotions in 'admin roles' are on, it's impossible to save promotion (button inactive). I tried this in live-shop and in clean EE installation - with tha same effect.
Steps To ReproduceMake an user of type shop-admin. In 'Administer user -> admin roles' make all rights to 'Full', save and login to the shop with a new user name. Go to the Customer Info -> promotions and try to edit one of them.
TagsAdmin
ThemeAzure
BrowserAll
PHP VersionNot defined
Database VersionNot defined

Activities

jurate.baseviciene

2014-04-16 10:38

reporter   ~0009841

Reminder sent to: gerldental

Hi,

Thanks a lot for submitting this issue, but unfortunately we can not reproduce this issue. If there still is a problem, maybe you could send us more details about it? Could you please let us know if you still experience same problem on our demoshop http://demoshop.oxid-esales.com/EnEd ?
We try reproduce with steps:

1. Make an user of type shop-admin.
We created new user: For user right we set Admin(OXID eShop 5)
Assigned User to "Shop Admin" group and save.

2. In 'Administer user -> admin roles' make all rights to 'Full',
 We go to "Administer user -> admin roles"
 Created new admin role and maked all rights to "Full" to this admin role Assigned new user

3. Then login to the shop with those new user

4. Go to the Customer Info -> promotions and try to edit one of them. And we can edit promotions

Which step we do wrong?


Best regards

gerldental

2018-01-02 15:07

reporter   ~0012330

Last edited: 2018-01-02 15:23

>Which step we do wrong?

Sorry, it's taked some time to answer.

I found the reason of this problem. For the first: it's happens only in multishop config:
Only Mall-Admins can edit actions - not Shop Admins.

The reason is this code in application/views/admin/tpl/actions_main.tpl:

  [{ if !$allowSharedEdit }]
    [{assign var="disableSharedEdit" value="readonly disabled"}]
  [{else}]
    [{assign var="disableSharedEdit" value=""}]
  [{/if}]

there no "disableSharedEdit" template variable in source-code defined.

I found only 'allowSharedEdit' ( in oxadminview.php, Z. 170 )

$this->_aViewData['allowSharedEdit'] = $myConfig->getConfigParam('blAllowSharedEdit');



and config variable "blAllowSharedEdit" defined in class oxutils, Z. 962 as

//#1552T
//So far this blAllowSharedEdit is Equal to blMallAdmin but in future to be solved over rights and roles
$myConfig->setConfigParam('blAllowSharedEdit', true);

also, it's setted to true but for Mall-Admins only!

It has nothing to do with rights & roles, as i supposed at first.

I think the code in application/views/admin/tpl/actions_main.tpl is obsolete und must be deleted...
I just commented that out and all works fine now.

benjamin.joerger

2018-01-03 15:16

reporter   ~0012337

The bug is already fixed and will be shipped with the next maintenance version.