MDVA-41350: Exception when admin adds products outside their access
The MDVA-41350 patch fixes the issue where an exception error is thrown instead of a limited access notification when an admin user adds a product in the order by SKU which is outside their access. This patch is available when the Quality Patches Tool (QPT) 1.1.11 is installed. The patch ID is MDVA-41350. Please note that the issue is scheduled to be fixed in Adobe Commerce 2.4.5.
Affected products and versions
The patch is created for Adobe Commerce version:
- Adobe Commerce (all deployment methods) 2.3.5-p1
Compatible with Adobe Commerce versions:
- Adobe Commerce (all deployment methods) 2.3.0 - 2.4.3-p1
The patch might become applicable to other versions with new Quality Patches Tool releases. To check if the patch is compatible with your Adobe Commerce version, update the
magento/quality-patches package to the latest version and check the compatibility on the [!DNL Quality Patches Tool]: Search for patches page. Use the patch ID as a search keyword to locate the patch.
When an admin user with restricted access adds a product by SKU outside their access in the order, an exception occurs instead of a message notifying the user of their limited access.
Steps to reproduce:
- Log into the admin as a user with access to only a specific website.
- Go to Sales > Orders and click Create New Order.
- Select a customer and a store view.
- Click on Add Products by SKU.
- Search for an SKU that is not assigned to any website or not assigned to the website for which you have access.
- Click Add to Order.
An appropriate error message is displayed.
An exception occurs.
Apply the patch
To apply individual patches, use the following links depending on your deployment method:
To learn more about Quality Patches Tool, refer to:
For info about other patches available in QPT, refer to Patches available in QPT in our developer documentation.