View Issue Details

IDProjectCategoryView StatusLast Update
0005845OXID eShop (all versions)2.5. Administer userspublic2014-08-20 15:41
Reportermichael_keiluweit 
PrioritylowSeverityminorReproducibilityalways
Status resolvedResolutionunable to reproduce 
Product Version4.8.7 / 5.1.7 
Target VersionFixed in Version 
Summary0005845: Admin rights are viewable in all sub shops
DescriptionCreated admin rights for the backend are only in that shop active, in which they are defined. But it is possible to view and edit them in the backend for any sub shop.

So they are viewable globally, but working only for one shop. Because there is no information in which shop they are made, you have no idea for which shop they are effective.

Furthermore you can define rights for an admin user in shop id 1 but the admin user can only login into shop id 2. So he has rights in a shop, which he can't administrate. But he can see the rights, which are defined for him.

The main problem is, that the rights and roles are globaly viewable, but working always only for one shop. So the rights which aren't effective for a shop backend, shouldn't shown in the rights and roles list.
Steps To Reproduce

  • Create a second shop in the backend

  • Create a admin user which is admin for all shops

  • Create a new rights and role for admins

  • Adjust some rights, so you can see an effect and add the new made admin user

  • Log in with the new admin user and see that the rights are working for the shop, in which you defined the rights.

  • Now, choose the other shop.

  • See that you can view the defned admin rights and roles, but they aren't working for this sub-shop.

TagsNo tags attached.
ThemeAzure
BrowserAll
PHP Versionany
MySQL Versionany

Activities

There are no notes attached to this issue.