View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0006851||OXID eShop (all versions)||2.5. Administer users||public||2018-07-02 13:03||2018-12-04 15:25|
|Target Version||Fixed in Version||Patch for 6.0|
|Summary||0006851: shop roles readonly has no effect at some admin sections|
|Description||In shop-admin you can define an admin role for a user which grants him only reading rights for specific admin sections. For any reasons in some sections e.g.|
- Master Settings -> Core Settings (but not the other sub-settings like Countries etc.)
- ... (did not test all sections)
it's possible to change the values. There are also other sections e.g.
- Master Settings -> Distributors
- Shop Settings -> Gift Wrapping
that allow to change the values for existing objects, but they won't be saved after clicking the save-button.
Last but not least it looks like it's always possible to create new objects, e.g. new user, new wrapping, new product even if you have only read rights. I'm not sure if this is intended to be the case.
In short: admin roles readonly rights doesn't appear to work properly across the whole shop admin.
|Steps To Reproduce||- Create a new user|
- Make the user a subshop admin
- Create an admin role
- Configurate the admin role with readonly rights for Master Settings
- Login with subshop admin user
- Access Master Settings -> Core Settings and change e.g. the Company Name.
|Tags||Admin, Rights & Roles|
|PHP Version||Not defined|
|MySQL Version||Not defined|