Shopware 6.5.7.1 Admin Extension SDK requires more unrelated permissions to CMS element
I’m encountering an issue while building a CMS element using the Admin SDK in Shopware 6.5.7.1. During testing, console errors surfaced when opening the CMS element configuration modal (screenshot attached). These errors indicate missing permissions for the app. However, resolving them requires granting a number of permissions, even those seemingly unrelated to the app’s CMS element.
This extensive permission list raises concerns for our customers. Could you please advise on:
- Specific permissions sincerely required for the app’s intended functionality?
- Potential causes for the additional permissions being seemingly necessary?
- Options to minimize permissions without affecting functionality?
- Any relevant changes in permission handling between Shopware 6.5.5.2 and 6.5.7.1 that could explain this behavior?
I’m looking for a solution that protect both functionality and customer confidence.
As stated here Unexpected permission behavior with Shopware v6.5.4.0 and Admin SDK, you have to adjust your permissions accordingly. Somewhere in your code you are fetching data that has associations to other entities and thus resulting in the missing permission error. There are two options:
- Either your fetching associations via the repository service and you are not using the
includesparameter in your search criteria in order to narrow down your payload. - Or you are using
data.getin order to receive datasets from the Shopware administration without any selectors and thus receiving additional unpermitted data in your payload.
I am assuming the latter, since Shopware is complaining about the "datasetGet" action in your error.
Shopware added this behavior in some previous version. I think it was v6.5.4. Because you were able to work with data you didn't even have permissions for. With adding includes / selectors you are not affecting your backwards compatibility, since you are just narrowing down the data to the data, that you are actually using.
- Required slot configuration error CMS-element
- Shopware 6 Docker Setup add PHPMyAdmin
- Shopware 6 plugin: How to Resolve 'Undefined Array Key' Warning?
- Shopware 6.6: How to hydrate the StorableFlow store with data?
- Cleanup "recalculation" carts in Shopware 6
- How to show options in Shopware 6 plugin?
- Shopware 6 Store Activation causes generic Error Message in Admin UI
- Adapt Shopware Playwright testsuite to own storefront
- How to access previous orders of a customer in Twig template in Shopware 6?
- Shopware 6 with APP_ENV=dev does not display the debug toolbar
- How to collect Symfony cache metrics in production?
- Download CSV from shopware 6 administration
- How to set PHP memory_limit in DDEV
- How to access user's first_name and last_name from customer's created_by_id in a custom Shopware 6 plugin?
- How to import products with variations in Shopware 6
- Add association from ProductDefinition
- How to change the default pagebuilder margin in Shopware 6?
- getProduct()->getTag() return null, when it should return tags associated to the Product
- Shopware 6.6 plugin installation with composer dependency leads to an error
- Object cache (cache layer for custom Store API route) lives few seconds on Shopware 6.5.8.10
- How to display line item quantity at checkout/finish page in Shopware 6?
- Connection between table seo_url and table product_category in Shopware6
- Shopware 6 plugin override footer
- Retrieve config value from sales channel in plugin settings
- Custom Product Extension Data Not Saving in Administration
- Shopware 6 Plugin: Loading failed for the <script> with the src "https://rast.swag.de/"
- How to integrate additional JavaScript to report a purchase on the checkout/finish page in Shopware 6?
- Access to Shopware API from CLI command without Client Credentials
- Invalidate Shopware 6 page cache on entity update via API
- Shopware 6.5 Update "string:OPENSEARCH_URL" are never used