View Issue Details

IDProjectCategoryView StatusLast Update
0007358OXID ERP InterfaceOXID ERP Interface - subpublic2022-09-19 16:09
Reporterrubjurgens 
PrioritynormalSeveritymajorReproducibilityalways
Status acknowledgedResolutionopen 
Product Version2.15.0 
Target VersionFixed in Version 
Summary0007358: Soap OXERPSetMainArticleCategory updates on multishop environment
DescriptionWhen calling OXERPSetMainArticleCategory with a category that already exists, the oxobject2categories is being updated, so the entry gets OXTIME 0.

But for this, a (too) simple query is being executed on oxerpsoap.php in _ImportMainArticle2Category:

select OXID from oxobject2category where oxobjectid = '".$aRow['OXOBJECTID']."' and oxcatnid = '".$aRow['OXCATNID']."'

This query can return multiple entries if multiple shops are configured. Then, only the first entry is being read:

$aRow['OXID'] = oxDb::getDb()->getOne($sSql);

Sometimes, the first entry will be from the wrong shop, leading to the exception: "Not sufficient rights to perform operation!" if such entry tries to get updated.

Easiest bugfix would be to include the current shop id in the query:

        if ( $oCompat->isShopEE() ) {
            $sSql.= "and oxshopid = '" . $myConfig->getShopId() . "'";
        }
Steps To Reproduce1. Install an Enterprise Edition 6.5 with the demo data.
2. Create shop id 2. Assign the article 1402 (oiaa81b5e002fc2f73b9398c361c0b97 ) and the category Downloads (oia9ff5c96f1f29d527b61202ece0829).
3. Create an admin user which is only allowed to work in shop id 1.
4. Create an admin user which is only allowed to work in shop id 2.
5. Empty the table oxobject2category
6. Insert the query:
INSERT INTO `oxobject2category` (`OXID`, `OXSHOPID`, `OXOBJECTID`, `OXCATNID`, `OXPOS`, `OXTIME`, `OXTIMESTAMP`) VALUES
('34b7b7d43b23b16c5b94a90e15002e2f',	2,	'05848170643ab0deb9914566391c0c63',	'oia9ff5c96f1f29d527b61202ece0829',	0,	0,	'2022-09-19 13:23:49'),
('5991823c4fbee054141c2472112c1f42',	1,	'05848170643ab0deb9914566391c0c63',	'oia9ff5c96f1f29d527b61202ece0829',	0,	0,	'2022-09-19 13:51:56');

7. Execute the SOAP request for both just created admin users:
      <oxer:OXERPSetMainArticleCategory>
         <oxer:sSessionID>i1rrvtffqq47iotf3ihsnpv4v9</oxer:sSessionID>
         <oxer:sArticleID>05848170643ab0deb9914566391c0c63</oxer:sArticleID>
         <oxer:sCategoryID>oia9ff5c96f1f29d527b61202ece0829</oxer:sCategoryID>
      </oxer:OXERPSetMainArticleCategory>


For one of the two the query fails with the error messsage "Not sufficient rights to perform operation!", since the initial query to get the oxid for the data set does not filter for the shop id. Depending which of the two rows are returned as result, the shop id mismatches for the current session.
TagsSolution Provided

Activities

QA

2022-09-19 16:08

administrator   ~0014311

Hi rubjurgens

Thank you for your report, I could reproduce it. I will add "Steps to reproduce" to this entry.

Greetings
Michael

- MK