Closed gopeter closed 3 months ago
Hi @gopeter
Thank you for bringing this to our attention. We have just pushed up a fix for this issue which will be included in the next released of the Commerce 5 beta.
Thanks!
Commerce 5.0.0-beta.3 is out with that fix. Thanks again @gopeter!
What happened?
Description
Users with restricted site access rights can see all orders for all sites.
Steps to reproduce
Expected behavior
The user should see just the orders that where placed on the site he has rights for.
Actual behavior
The user can view all orders, regardless of his access rights.
Craft CMS version
5.0.1
Craft Commerce version
5.0.0-beta.2
PHP version
8.2.13
Operating system and version
No response
Database type and version
No response
Image driver and version
No response
Installed plugins and versions
5.0.0-beta.2
4.0.0-beta.2
4.2.0