Comments (3)
Hi @vandijkstef. Thank you for your report.
To speed up processing of this issue, make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, Add a comment to the issue:
@magento give me 2.4-develop instance
- upcoming 2.4.x release- For more details, review the Magento Contributor Assistant documentation.
- Add a comment to assign the issue:
@magento I am working on this
- To learn more about issue processing workflow, refer to the Code Contributions.
Join Magento Community Engineering Slack and ask your questions in #github channel.
📞 The triage of issues happens in the queue order. If you want to speed up the delivery of your contribution, join the Community Contributions Triage session to discuss the appropriate ticket.
from magento2.
Hi @vandijkstef ,
Thank you for reporting and collaboration,
Verified the issue in 2.4-develop instance and the issue is not reproducible, Kindly refer below the screenshots:
We followed the steps you mentioned.:
- Created a new module
- Assigned ACL rule to the module
- Created API route to that module
- Created 2 users, admin and admin2
- Admin has access to everything.
- Admin2 do not have access to the new module.
- We called the API endpoints in postman using access token.
- As we can see admin can access the API
- Here admin2 cannot access the resource as he do not have permission.
Hence we can see that ACL rules are working fine.
Let us know if we are missing anything!
Thanks
from magento2.
The only thing that is different is that you created and configured users AFTER installing the module/new ACL's, so Magento was already aware of these permission rules and set them up correctly for these users.
I was referring to already EXISTING users with a limited permission set and specifically NOT saving the user after installing the new module, as the user save action is repairing/restoring the ACL permissions for that user.
Essentially, because there is no 'deny' entry in the database for that ACL/User combo, access is granted. So you could likely reproduce by removing that entry in DB as well.
from magento2.
Related Issues (20)
- No ability to switch Store View. Store cookie not deleted for default store views with multistore setup. HOT 6
- [Issue] Correct path to 'enable_charts' default HOT 2
- "bin/magento setup:upgrade" error when upgrading database schema HOT 8
- REST api: Product updated_at doesn't change when product's stock is updated via api HOT 11
- Product Media Gallery GQL response is not sorted by image position HOT 9
- PayPal Lib issue with default magento version M2.4.6 HOT 8
- Unluckily I cannot receive Magento`s reset password email HOT 10
- [Issue] Update catalog_product_view.xml
- EAV attribute backend model 'ArrayBackend' filters non numeric values HOT 6
- Placing order in Graphql using PayPal Express is slow HOT 5
- "Unique constraint violation found" when adding anything to cart on front end HOT 7
- Shipping Setting issues HOT 10
- Page title suffix is included in "title" tag but not in "meta title" tag in product pages HOT 37
- Backlog reindexing of catalog_product_price HOT 5
- [Issue] Fix missing jQuery widget dependency HOT 2
- MSI Bundle issue: parent needs Default source Qty to auto change to "In stock" when Default source not used HOT 17
- Gtag module assume GDPR compliance limiting analytics functionality HOT 1
- module-sales/Model/Order/Creditmemo/Total/Tax.php division by 0 on line 139 and 140 HOT 6
- The "componentType" configuration parameter is required for the "" component. HOT 5
- Url Rewrite Cardinality issue HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from magento2.