Affects Version/s: 2.1.2, Master
The CommerceOrderIndexer is not filtering by channel groupId.
A user should be able to see only the orders belonging to a channel for which he has permissions.
Steps to reproduce the issue:
- Create a site (minium/speedwell);
- Place an order as admin user;
- Create a "Order Admin" user (not company admin) and assign it to a role that has all permission related to order (Control panel + Resource)
- Login with the "Order Admin" user and go to the admin order page