ACSD-51291: Restricted admin can add images/videos to product assigned to multiple websites
The ACSD-51291 patch fixes the issue where a restricted admin with access to one website can add images/videos to a product assigned to multiple websites. This patch is available when the Quality Patches Tool (QPT) 1.1.32 is installed. The patch ID is ACSD-51291. Please note that the issue is scheduled to be fixed in Adobe Commerce 2.4.7.
Affected products and versions
The patch is created for Adobe Commerce version:
- Adobe Commerce (all deployment methods) 2.4.5-p2
Compatible with Adobe Commerce versions:
- Adobe Commerce (all deployment methods) 2.4.4 - 2.4.4-p3, 2.4.5 - 2.4.5-p2
magento/quality-patches package to the latest version and check the compatibility on the Quality Patches Tool: Search for patches page. Use the patch ID as a search keyword to locate the patch.Issue
A restricted admin with access to one website can add images/videos to a product assigned to multiple websites.
Steps to reproduce
- Log in as an admin.
- Create a second website, store, and store view.
- Create a second admin role with resources only for the second website, store, and store view.
- Create a second admin, and assign it to the new restricted admin role.
- Create a new product, and assign it to both the default and the new websites.
- Log out from the main admin profile.
- Log in as the new restricted admin.
- Edit the created product, which has been assigned to both websites.
- Open the Images and Videos tab.
Expected results:
-
The following message is displayed:
Restricted admin is allowed to perform actions with images or videos, only when the admin has rights to all websites which the product is assigned to.
-
The Add Video button is not active.
Actual results:
The restricted admin can add images and videos even when the product is assigned to a website that it does not have access to.
Apply the patch
To apply individual patches, use the following links depending on your deployment method:
- Adobe Commerce or Magento Open Source on-premises: Quality Patches Tool > Usage in the Quality Patches Tool guide.
- Adobe Commerce on cloud infrastructure: Upgrades and Patches > Apply Patches in the Commerce on Cloud Infrastructure guide.
Related reading
To learn more about Quality Patches Tool, refer to:
- Quality Patches Tool released: a new tool to self-serve quality patches in our support knowledge base.
- Check if patch is available for your Adobe Commerce issue using Quality Patches Tool in our support knowledge base.
For info about other patches available in QPT, refer to Quality Patches Tool: Search for patches in the Quality Patches Tool guide.