Possible Multistore Permissions Bug

[davetbo]

Hello,

 

I think I discovered a bug for you.  I enabled multistore and set up 2 stores and 2 users.  The first user is the admin user and has access to both stores.  The second user has access only to the second store. In the creation screen for Employee 2 I checked the "shop association" box for the second store only. If I look in the database at the ps_employee_store I see the following:

 

 

mysql> select * from ps_employee_shop

    -> ;

+-------------+---------+

| id_employee | id_shop |

+-------------+---------+

|           1       |       1 |

|           1       |       3 |

|           2       |       3 |

+-------------+---------+

 

You can see employee ID 2 only should have access to shop 3.  I deleted shop 2 previously while testing this, hence it is no longer in the table.

 

If employee ID 2 tries to log into the shop ID 1, it should be denied, right?  It is not.  It is allowing it.  Please advise.

 

Best,
Dave

 

[davetbo]

In addition to the problem previously mentioned, if I log in to the URL for store 2 with User 2, who has only been assigned a shop association with the second store, the back end shows the store name for store 1 in the title bar above, not store 2.  Therefore, it looks like the multistore login and shop association is forcing user 2 to log into store 1, even if the store URL is the URL for the second store.  Very weird.

 

I uninstalled and reinstalled a clean copy of PrestaShop and reproduced the error and it's still doing the same thing, so it doesn't appear to be something broken about the particular installation instance.  I would really like to use PrestaShop for this SaaS project I'm working on, but this is requirement #1 to get working.  It looks like it should work in theory (if I understand the "shop association" and multistore features), but it doesn't appear to be working in practice.  I look forward to figuring this out.  I appreciate your help.

 

Best,
Dave