GX-Bug #67531: Admins können über Direkteingabe der URL Seiten im Gambio Admin aufrufen, für die sie keine Berechtigung haben| Admin access permission seems not check the current URL if you paste an URL - GX-Entwicklung - Gambio GmbH Projektmanagement

GX-Bug #67531

Von Ulrich Wenk vor mehr als 3 Jahren aktualisiert

If an admin user doesn't have access to a certain URL but he pastes the URL in the browser, it shows the page. 

 Steps: 
 1. Create a new role 
 2. Set the permissions to this role: **Gambio Admin Web UI** and **Unknown modules** 
 3. Assign the the new role to the new user 
 4. Access the admin with the new admin user 
 5. Try to access this URL with the logged admin: **yourshopdomain/admin/configuration.php?gID=17** 

 **Result:** The user has access to this page while he shouldn't. 
 **Expected:** User has to be redirected to the shop page. 

 __________________________ 
 **EDIT** 

 additional info: 

 * tested also in 4.3.1.0, in this version an error404 is displayed in the backend

Zurück

Projekt

Allgemein

Profil

GX-Entwicklung

GX-Bug #67531