View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007096 | OXID eShop B2B Edition | B2B edition - sub | public | 2020-02-18 13:35 | 2022-07-28 14:49 |
| Reporter | dominik_ziegler | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | acknowledged | Resolution | open | ||
| Summary | 0007096: Quick order: Search does not include active check snippet | ||||
| Description | In the quick order module the search lists articles, which are not active (due to active flag, rights management, whatever...) because the SQL active snippet is not included into the search query, which is performed when calling the AJAX controller. | ||||
| Steps To Reproduce | Steps to reproduce: 1. Assign permissions to view and/or buy article with article number 1 to group A. 2. Log in with an user account which is not assigned to group A. 3. Enter the article number 1 into the quick order search form. 4. The article gets listed, although the user has no permissions to view or buy this article. | ||||
| Additional Information | This happens in the search form to add articles by article number. The method AjaxController::getArticleSql() only has a check for OXACTIVE = 1, but all other checks for article active state (rights and so on, which can be inserted by Article::getSqlActiveSnippet()) are ignored. The same problem exists for getVariantSql(), too. Therefore the AJAX search shows articles as result, which the user can not display or order, because he has not the sufficient permissions. | ||||
| Tags | B2B Edition, SQL | ||||
|
|
The description is a bit short and it is not quite clear what exactly is meant. Please send us a detailed description and if possible a screenshot and/or steps to reproduce. |
|
|
This happens in the search form to add articles by article number. The method AjaxController::getArticleSql() only has a check for OXACTIVE = 1, but all other checks for article active state (rights and so on, which can be inserted by Article::getSqlActiveSnippet()) are ignored. The same problem exists for getVariantSql(), too. Therefore the AJAX search shows articles as result, which the user can not display or order, because he has not the sufficient permissions. Steps to reproduce: Assign permissions to view and/or buy article with article number 1 to group A. Log in with an user account which is not assigned to group A. Enter the article number 1 into the quick order search form. The article gets listed, although the user has no permissions to view or buy this article. |
|
|
- es - |
