View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0005845||OXID eShop (all versions)||2.5. Administer users||public||2014-08-07 09:17||2014-08-20 15:41|
|Status||resolved||Resolution||unable to reproduce|
|Product Version||4.8.7 / 5.1.7|
|Target Version||Fixed in Version|
|Summary||0005845: Admin rights are viewable in all sub shops|
|Description||Created admin rights for the backend are only in that shop active, in which they are defined. But it is possible to view and edit them in the backend for any sub shop.|
So they are viewable globally, but working only for one shop. Because there is no information in which shop they are made, you have no idea for which shop they are effective.
Furthermore you can define rights for an admin user in shop id 1 but the admin user can only login into shop id 2. So he has rights in a shop, which he can't administrate. But he can see the rights, which are defined for him.
The main problem is, that the rights and roles are globaly viewable, but working always only for one shop. So the rights which aren't effective for a shop backend, shouldn't shown in the rights and roles list.
|Steps To Reproduce|
|Tags||No tags attached.|