Magento2: Removing acl permissions for role does not influence on massactions
Description
When I create new role and remove permissions from actions with orders, users with this role still have access to these actions through sales orders grid massactions
Preconditions
Magento 2.1.7
Steps to reproduce
- Create new role. remove all role resources accept Sales->Operations->Orders->Actions->View
- Create new user with this new role.
- Login to admin dashboard with credentials to this role
- Go to Sales -> Orders page
- Within orders grid check one or more orders
- Select Cancel action within massactions dropdown
Expected result
Cancel, Hold, Unhold etc. actions should not be visible
Using this action should not affect orders as user does not have permissions for these actions
Actual result
Order status has changed to "On hold". See flash message "You have put 1 order(s) on hold."
Additional information
Tested on Magento 2.1.7
sergeynezbritskiy
All 8 comments
@sergeynezbritskiy, thank you for your report.
We've created internal ticket(s) MAGETWO-80219 to track progress on the issue.
magento-engcom-team
on 28 Sep 2017
I'm working on it #SQUASHTOBERFEST
jonashrem
on 4 Oct 2017
@jonashrem please accept the invite from magento-team on the GitHub
okorshenko
on 4 Oct 2017
@okobchenko
Thanks for the invite. I've accepted it.
jonashrem
on 4 Oct 2017
I can not reproduce this on 2,2-develop.
Will test this with 2.3-dev next.
jonashrem
on 14 Oct 2017
I can't reproduce it 2.3-dev either
jonashrem
on 14 Oct 2017
Hi @jonashrem we will double check the issue. Thank you for research
okorshenko
on 19 Oct 2017
closing the issue, can not reproduce.
maksek
on 19 Oct 2017
Related issues
andreaskoch
路
3Comments
punkstar
路
3Comments
gg24
路
3Comments
MauroNigrele
路
3Comments
kirashet666
路
3Comments