View Issue Details

IDProjectCategoryView StatusLast Update
0006851OXID eShop (all versions)2.5. Administer userspublic2018-12-04 15:25
ReporterQA 
PrioritynormalSeveritycriticalReproducibilityalways
Status resolvedResolutionfixed 
Product Version6.0.2 
Target VersionFixed in VersionPatch for 6.0 
Summary0006851: shop roles readonly has no effect at some admin sections
DescriptionIn shop-admin you can define an admin role for a user which grants him only reading rights for specific admin sections. For any reasons in some sections e.g.

- Master Settings -> Core Settings (but not the other sub-settings like Countries etc.)
- Extensions
- Users
- ... (did not test all sections)

it's possible to change the values. There are also other sections e.g.

- Master Settings -> Distributors
- Shop Settings -> Gift Wrapping

that allow to change the values for existing objects, but they won't be saved after clicking the save-button.

Last but not least it looks like it's always possible to create new objects, e.g. new user, new wrapping, new product even if you have only read rights. I'm not sure if this is intended to be the case.

In short: admin roles readonly rights doesn't appear to work properly across the whole shop admin.

[sp]
Steps To Reproduce- Create a new user
- Make the user a subshop admin
- Create an admin role
- Configurate the admin role with readonly rights for Master Settings
- Login with subshop admin user
- Access Master Settings -> Core Settings and change e.g. the Company Name.
TagsAdmin, Rights & Roles
ThemeNot defined
BrowserNot defined
PHP VersionNot defined
MySQL VersionNot defined

Activities

There are no notes attached to this issue.