View Issue Details

IDProjectCategoryView StatusLast Update
0007096OXID eShop B2B EditionB2B edition - subpublic2022-07-28 14:49
Reporterdominik_ziegler 
PrioritynormalSeverityminorReproducibilityalways
Status acknowledgedResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0007096: Quick order: Search does not include active check snippet
DescriptionIn the quick order module the search lists articles, which are not active (due to active flag, rights management, whatever...) because the SQL active snippet is not included into the search query, which is performed when calling the AJAX controller.

Steps To ReproduceSteps to reproduce:

1. Assign permissions to view and/or buy article with article number 1 to group A.
2. Log in with an user account which is not assigned to group A.
3. Enter the article number 1 into the quick order search form.
4. The article gets listed, although the user has no permissions to view or buy this article.
Additional InformationThis happens in the search form to add articles by article number.
The method AjaxController::getArticleSql() only has a check for OXACTIVE = 1, but all other checks for article active state (rights and so on, which can be inserted by Article::getSqlActiveSnippet()) are ignored.
The same problem exists for getVariantSql(), too.
Therefore the AJAX search shows articles as result, which the user can not display or order, because he has not the sufficient permissions.
TagsB2B Edition, SQL

Relationships

related to 0007340 acknowledgedvilma_liorensaityte Unbuyable parents are listed in dropdown of quickorder 

Activities

QA

2020-02-19 12:50

administrator   ~0013127

The description is a bit short and it is not quite clear what exactly is meant.
Please send us a detailed description and if possible a screenshot and/or steps to reproduce.

dominik_ziegler

2020-02-19 13:08

reporter   ~0013128

This happens in the search form to add articles by article number.
The method AjaxController::getArticleSql() only has a check for OXACTIVE = 1, but all other checks for article active state (rights and so on, which can be inserted by Article::getSqlActiveSnippet()) are ignored.
The same problem exists for getVariantSql(), too.
Therefore the AJAX search shows articles as result, which the user can not display or order, because he has not the sufficient permissions.

Steps to reproduce:
Assign permissions to view and/or buy article with article number 1 to group A.
Log in with an user account which is not assigned to group A.
Enter the article number 1 into the quick order search form.
The article gets listed, although the user has no permissions to view or buy this article.

QA

2020-02-19 13:15

administrator   ~0013129

 - es -