Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

We can´t add/change teams on products, and some other problems with user-rights #969

Open
exeqtwasnotfree opened this issue Dec 5, 2023 · 11 comments
Open

We can´t add/change teams on products, and some other problems with user-rights #969

exeqtwasnotfree opened this issue Dec 5, 2023 · 11 comments

Comments

@exeqtwasnotfree
Copy link

Hello, we have lost the ability to add/change a team on products, but delete teams works.
This worked last week, but now, not even an admin can add a team to product.
It seems to work when you save, but if you refresh the team is gone again.
Import of teams on products don´t work ether.

I found this out when troubleshoot an 403: error users are getting when adding an product-attribute-value for an attribute not added through classification.
This also worked last week if memory serves.

Update to latest version, rebuild database and clear cache didn´t help.
Have the same problem on PROD- and LAB-servers.

Is this an known issue?
Anything I can try to troubleshoot?
@AnnZast
Copy link

AnnZast commented Dec 5, 2023

Hello,

It's probably a bug. We'll let you know when it's fixed.

@AnnZast
Copy link

AnnZast commented Dec 6, 2023

Regarding the error 403 when editing product attribute value, you need to check the role permissions of this user. The permission to edit the attribute values is now inherited from the attributes and the attribute tabs.

@exeqtwasnotfree
Copy link
Author

Regarding the error 403 when editing product attribute value, you need to check the role permissions of this user. The permission to edit the attribute values is now inherited from the attributes and the attribute tabs.

ohoo...key, so the user have to have the right to make a new attribute to be able to make an produkt-attribute-value ?
How do I set up so user don´t have permission to create a new attribute or attribute-group/tab, but can add attribute on product?

@AnnZast
Copy link

AnnZast commented Dec 7, 2023

To be able to make a produkt-attribute-value you should have permission to edit attribute and attribute tab

@exeqtwasnotfree
Copy link
Author

The right to read and edit is not enough, I have to give them the right to create attribute-tab and create attribute, before they have the right to link an attribute to product and add value.

@exeqtwasnotfree
Copy link
Author

I have made an attribute tab : https://demo-extended.atropim.com/#AttributeTab/view/b657318cbc08229f8
And some attributes from group Processor are in this tab (6 of them).
I made user "user_for_both_editor" (pass 1234) member of the role editor and made some adjustments to its rights.
If I deny this role to create attibute-tabs, the user can no longer add group processor in the tab Test.

@AnnZast
Copy link

AnnZast commented Dec 8, 2023

You're right. Now permissions for attribute value entity are inherited from both Attribute and Attribute Tab. So to be able to add attribute value you should have ability to create Attribute and Attribute tab. Therefore, the case that you described in the message above cannot be implemented at the moment. But this is a temporary solution. This will be changed in the future.

@exeqtwasnotfree
Copy link
Author

@AnnZast Any indication how long until user-rights is fixed?
I am stuck right now as our current version is 1.7.32 and in this version I have given users more rights so they can add articles and attributes as above. But I'm having problems with importing some fields on articles not working, so I need to upgrade.
If I update to v 1.8.7 the users get the error 403 again, but the article is created in the background despite the error code, but you need to go back to the article list to see the article. I can't figure out what is missing in the permissions this time, so I need to know when you guys fix the permissions to work, or if I should give the users admin rights.

@AnnZast
Copy link

AnnZast commented Jan 12, 2024

Could you please tell me what permissions for entities Product, Attribute and Attribute Tab do these users have and what exactly they do to get this error. I'll try to reproduce it to find the issue. I cannot say when something will be changed in permissions, currently we are not working on this task.

@exeqtwasnotfree
Copy link
Author

Product has: Access enabled, Create yes, Read all, Edit all, Delete no
Attribute has: Access enabled, Create yes, Read all, Edit all, Delete no, stream all
Attribute tab has: Access enabled, Create yes, Read all, Edit all, Delete no
All the user have to do, is to create a new product with only a name, (in our case it´s Name and Name_en, the only 2 fields that is required)
This work in v 1.7.32 but not in 1.8.7
One thing i noticed now, you have added 13 new rows with settings in the role-edit-view.
For example Product-Media and ProductClassification and so on, all these new settings have Access: not-set
Do this explain the missing rights?
We do have ACL activated, so my guess is at the minimum the user need these two new settings?

@AnnZast
Copy link

AnnZast commented Jan 12, 2024

I got this error when I denied a user access to some entities related to a Product (Classifications or Assets). I get a 403 error but the product is being created. Maybe this is your case too? I'll create a ticket in our internal system to fix this, while you can temporarily open access to the entities related to the product (at least read). Maybe this will help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@exeqtwasnotfree @AnnZast