View Issue Details

IDProjectCategoryView StatusLast Update
0007358OXID ERP InterfaceOXID ERP Interface - subpublic2022-09-19 16:09
Status acknowledgedResolutionopen 
Product Version2.15.0 
Target VersionFixed in Version 
Summary0007358: Soap OXERPSetMainArticleCategory updates on multishop environment
DescriptionWhen calling OXERPSetMainArticleCategory with a category that already exists, the oxobject2categories is being updated, so the entry gets OXTIME 0.

But for this, a (too) simple query is being executed on oxerpsoap.php in _ImportMainArticle2Category:

select OXID from oxobject2category where oxobjectid = '".$aRow['OXOBJECTID']."' and oxcatnid = '".$aRow['OXCATNID']."'

This query can return multiple entries if multiple shops are configured. Then, only the first entry is being read:

$aRow['OXID'] = oxDb::getDb()->getOne($sSql);

Sometimes, the first entry will be from the wrong shop, leading to the exception: "Not sufficient rights to perform operation!" if such entry tries to get updated.

Easiest bugfix would be to include the current shop id in the query:

        if ( $oCompat->isShopEE() ) {
            $sSql.= "and oxshopid = '" . $myConfig->getShopId() . "'";
Steps To Reproduce1. Install an Enterprise Edition 6.5 with the demo data.
2. Create shop id 2. Assign the article 1402 (oiaa81b5e002fc2f73b9398c361c0b97 ) and the category Downloads (oia9ff5c96f1f29d527b61202ece0829).
3. Create an admin user which is only allowed to work in shop id 1.
4. Create an admin user which is only allowed to work in shop id 2.
5. Empty the table oxobject2category
6. Insert the query:
('34b7b7d43b23b16c5b94a90e15002e2f',	2,	'05848170643ab0deb9914566391c0c63',	'oia9ff5c96f1f29d527b61202ece0829',	0,	0,	'2022-09-19 13:23:49'),
('5991823c4fbee054141c2472112c1f42',	1,	'05848170643ab0deb9914566391c0c63',	'oia9ff5c96f1f29d527b61202ece0829',	0,	0,	'2022-09-19 13:51:56');

7. Execute the SOAP request for both just created admin users:

For one of the two the query fails with the error messsage "Not sufficient rights to perform operation!", since the initial query to get the oxid for the data set does not filter for the shop id. Depending which of the two rows are returned as result, the shop id mismatches for the current session.
TagsSolution Provided



2022-09-19 16:08

administrator   ~0014311

Hi rubjurgens

Thank you for your report, I could reproduce it. I will add "Steps to reproduce" to this entry.


- MK