News:

Support the VirtueMart project and become a member

Main Menu

Change shopper permission (group) to manage the shop

Started by MaxMi, June 05, 2013, 18:32:54 PM

Previous topic - Next topic

pixelita

:( any news about this issueHi,
I have the same problem.
Has anyone a workaround to allow access to the Orders area without giving all admin permissions?
Thanks in advance

wogand

I saw joomla user administrators in 2.024b can enter clients and orders when settings the ACL correct. Only when clicking orders, no orders are shown...

Cony

For listing orders and its details VM is currently checking the permission "admin". Unfortunately "admin" is only user with superadmin rights.
Seems, that the permission for displaying orders (which is possible to set in permissions of VM) is not calculated at all (why it is possible to set it then?)

Dirty hack for this is to change file /administrator/components/com_virtuemart/models/orders.php and replace all occurance of

Permissions::getInstance()->check("admin")

to

Permissions::getInstance()->check("storeadmin")

It should be there twic, once at line 152 and second at line 244 (for VM 2.0.26d).

lindapowers

Pls developers check, admin cant view orders even when permissions have been assigned for it.

VM 2.026D

cperrot

Hello everyone

I am facing the exact same issue. I want other people to manage the orders only within the shop but not the other areas.
I managed to set up everything and only orders tab is being enabled. However no orders are listed.
As soon as I change the user to super user all the orders are listed.

Is there a setting to allow the listing of orders as well as the updating of status.

Regards

Cedric

jenkinhill

ACL works correctly in the next version, which is close to release. Test with 2.5.2
Kelvyn
Lowestoft, Suffolk, UK

Retired from forum life November 2023

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

Kintaro Oe

Quote from: Milbo on September 09, 2013, 11:32:17 AM
This is correct. But I think they dont want new vendors, they want more than one login able to administrate the store or only parts of it, without access to the rest of joomla BE. To achieve this, the easiest way is to
1. Create a new joomla permission group.
2. Go in Virtuemart.
3. Open some list. Go to the new configuration setting in the upper right corner "Permissions"
4. Configure it in joomla style, done.

Done! (vm 2.6)!
The secondary admin user can login in the backend and see virtuemart.
He can modify according to vm permission but he can view only his orders... maybe because he is in the vmshopper groups instead of vm admin group?
From where I can add this "secondary admin" to the vm admin group (not joomla's admin)?

Regards

jenkinhill

Check your ACL configuration as that was fixed and works oK in VM2.6.6 (I just checked).
Kelvyn
Lowestoft, Suffolk, UK

Retired from forum life November 2023

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

Kintaro Oe

Quote from: jenkinhill on July 04, 2014, 18:05:35 PM
Check your ACL configuration as that was fixed and works oK in VM2.6.6 (I just checked).

are you viewing orders from other users with a user in the shopper group?

you can view my settings attached.

Am I forgetting something?

[attachment cleanup by admin]

Kintaro Oe

#24
I'm using VM 2.6.0

Hi solved in this way:

I put the Manage VM under Administrator group and not under Public group.
I revoked Joomla's permissions on the Global Permission page so this users can't mess with joomla config.
I set permissions on VM.

This left me some problem:

I think that on VM are missing some permissions.
For example I can't give read permission to Orders but only write permission.

Robert_ITMan

#25
VM TEAM - please revisit your backend admin and test to make sure it is possible for someone other than a Super User to manage VM.
- I think it has something to do with backend admin access code related to restricting vmusers -> perms.

With all the joomla permissions working exactly as I want it for a Manager including being able to fully administer joomla users ... and then setting VM permissions so a Manager has access to everything ... the Manager user still does not see the orders and can only edit their own Shopper Info.

I have wasted too much time on this already and no matter what I try I found that only Super Users can manage VM. I have been struggling with this for over a year now and I have tried everything. I want to give the vendor 'Manager' access and permissions to VM without giving them access to Global Config, Extension Manager, select Components, etc. Simple right? BUT even as an Administrator the user is never able to manage orders without getting 'hacking attempt' message and can't edit a Shopper without getting 2 'hacking attempt' errors and then sent to their own Shopper Information page..!

I don't get it - but if I ever do find a solution I will post it here.

Thank You!
WEBSITES @ OURFINGERTIPS
manage > develop > market > repeat

Save a lot of time and money when focused on building a website that works with marketing efforts to get more leads and sales from visitors.

www.ourfingertips.com

lindapowers

Quote from: Robert_ITMan on August 30, 2014, 15:12:26 PM
VM TEAM - please revisit your backend admin and test to make sure it is possible for someone other than a Super User to manage VM.
- I think it has something to do with backend admin access code related to restricting vmusers -> perms.

With all the joomla permissions working exactly as I want it for a Manager including being able to fully administer joomla users ... and then setting VM permissions so a Manager has access to everything ... the Manager user still does not see the orders and can only edit their own Shopper Info.

I have wasted too much time on this already and no matter what I try I found that only Super Users can manage VM. I have been struggling with this for over a year now and I have tried everything. I want to give the vendor 'Manager' access and permissions to VM without giving them access to Global Config, Extension Manager, select Components, etc. Simple right? BUT even as an Administrator the user is never able to manage orders without getting 'hacking attempt' message and can't edit a Shopper without getting 2 'hacking attempt' errors and then sent to their own Shopper Information page..!

I don't get it - but if I ever do find a solution I will post it here.

Thank You!


Completely agree with this man, I have tried everything since others told me it works but no matter what we do, the only capable of managing orders is the super admin and the admin only views his own orders as commented here.

Regards

harrstar

Hi,

it seems this is working in 2.6.10.
BUT, it still strips HTML out of the short description. If someone is handling the products they also should be able to enter HTML code into the short description.

Uwe
Joomla 2.5.25 and vm 2.6.10

alfred

Hello!
I'm agree whith the fact that storeadmin must be able to manage shopper adresse, orders and so on whitout be joomla super-user (checked by acl of course)

My 2cents solution :

patch the file /administrator/components/com_virtuemart/models/user.php

change all Permissions::getInstance()->check('admin') by Permissions::getInstance()->check('admin','storeadmin')

and it do prety well the jobs.

Best regards and thank you to the all forum team.
René

harrstar

Hi,

I had to switch that check completely off. If a user is made a virtuemart admin by assigning permissions to the joomla manager user group he shows up as "shopper" in virtuemart. He can do all functions his group is assigned but can not enter HTML code into the short description. I think the VM team should change VM to checking permissions against joomla permissions instead of VM internal permissions (storeadmin and admin). It seems they have done so beside this little problem.

Just my opinion

Uwe
Joomla 2.5.25 and vm 2.6.10