Author Topic: Permissions problems in Virtuemart 3.0.9 + Joomla 3.4.1  (Read 3175 times)

mgworld

  • Beginner
  • *
  • Posts: 23
  • A beginner
Permissions problems in Virtuemart 3.0.9 + Joomla 3.4.1
« on: June 03, 2015, 11:47:07 am »
Hi, I think I found various bugs in the permissions management of Virtuemart.

This is the scenery: new fresh installation of joomla 3.4.1 and virtuemart 3.0.9. Sample data installed.

I want to allow a specific joomla user (named "shop") to manage "ONLY" virtuemart from the joomla backend, and to manage only the "NOT DANGEROUS" options, so I created a new User Group "Shop Managers" (with Public as group parent) and associated the new user "shop" to it.
I noticed that this user could not access to the backend, so I associated the new group "Shop Manager" I created to the "Special" Viewing Access Level and, in the "Admin Login" option inside the the Global Configuration Permissions section of joomla, I set "allowed" to my "shop" user. After that, the user "shop" could login to the backend, but I could not see virtuemart options, so I went again in the joomla "Global Configuration" section and changed the following permissions in the VirtueMart section (always for the user "shop"):

"Permissions" Tab:
------------------
Configure ACL & Options INHERITED
Access Admin. Interface ALLOWED
VM Manager              ALLOWED
Allow raw Input         ALLOWED
Allow HTML Input        ALLOWED

"Product Categories" Tab:
-------------------------
ALL ALLOWED

"Products" Tab:
---------------
All ALLOWED except "Custom Fields", "Edit Custom Fields", "Review & Ratings"

"Manufacturers" Tab:
--------------------
All ALLOWED except "Manufacturer categories".

"Orders & Shoppers" Tab:
------------------------
All ALLOWED.

"Shop" Tab:
-----------
All INHERITED except "Media files" (ALLOWED).

"Configuration" Tab:
--------------------
All INHERITED.



Now, when I login to the joomla backend with the new user "shop", I have the following problems:

1) In the "Taxes & Calculation Rules" section, in the top bar I see only the buttons EDIT and HELP, but there aren't anymore the buttons "Publish", "Unpublish", "New" and "Delete" that I see if I login to the backend as superuser.

2) Similarly as above, in the "Orders" section, I cannot see the Delete menu.

3) Similarly as above, in the "Shopper Group" section, I see only the "EDIT" and "HELP" button.

4) Similarly as above, in the "Coupons" section, I see only the HELP button.

5) I can click on the "Shop" option under the "SHOP" section, but I should not see that option, being that it's "not allowed" in the Calculated Setting of Global Configuration.

6) In the "Media Files" option under "SHOP" section, I see only the HELP button.


I tried on a remote Linux hosting and on a localhost linux machine and the result is exactly the same. Are these some bugs or there is something wrong in what I do?

mgworld

  • Beginner
  • *
  • Posts: 23
  • A beginner
Re: Permissions problems in Virtuemart 3.0.9 + Joomla 3.4.1
« Reply #1 on: June 04, 2015, 12:43:49 pm »
Hi, being that I'm not proficient with the Virtuemart source code, could someone address me to the relevant source files that are related to the display of the buttons in the top bar of the backend (with the buttons to edit, delete, create, etc.)? I could try to find the solution myself and post here the results.

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 9853
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: Permissions problems in Virtuemart 3.0.9 + Joomla 3.4.1
« Reply #2 on: June 04, 2015, 14:23:03 pm »
You need mainly the VM manger, then they can manage  from FE
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

mgworld

  • Beginner
  • *
  • Posts: 23
  • A beginner
Re: Permissions problems in Virtuemart 3.0.9 + Joomla 3.4.1
« Reply #3 on: June 04, 2015, 16:21:43 pm »
Hi Mibo, thank you for the answer, but how can I manage virtuemart from FE? Is there a special link?

EDIT: I think I managed to access to the FE, but then the graphics is all messed-up, like there were no more a template, and... Remain exactly the same problems as described in the first post: in many sections of the virtuemart FE there aren't anymore the buttons "Publish", "Unpublish", "New" and "Delete" that I see if I login as superuser.

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 9853
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: Permissions problems in Virtuemart 3.0.9 + Joomla 3.4.1
« Reply #4 on: June 05, 2015, 14:17:01 pm »
ehrm,  almost any view has a tab with settings for that.
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

mgworld

  • Beginner
  • *
  • Posts: 23
  • A beginner
Re: Permissions problems in Virtuemart 3.0.9 + Joomla 3.4.1
« Reply #5 on: June 08, 2015, 11:15:58 am »
Sorry Milbo, I don't know if I have understood what you mean, but, maybe I'm not able to explain well my problem... Let me do an example:

In the "Global Configuration" section of the joomla backend (VirtueMart section) I see only the following permission rules related to the Taxes:

- Taxes & Calculation Rules
- Edit Taxes and Calculation Rules

If I "allow" both the above rules for my "shop" user (which is not a superuser, as I described in the first post), then he will be able to see the "Taxes & Calculation Rules" option under the PRODUCTS section in the backend... That's nice, but the problem now is that in the top bar he can see only the buttons EDIT and HELP. The buttons "Publish", "Unpublish", "New" and "Delete" have disappeared (check the attached image)... Is there a rule to reenable these buttons for "not superuser" users too?

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 9853
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: Permissions problems in Virtuemart 3.0.9 + Joomla 3.4.1
« Reply #6 on: June 08, 2015, 13:07:55 pm »
How does this behave in joomla 2.5?
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

mgworld

  • Beginner
  • *
  • Posts: 23
  • A beginner
Re: Permissions problems in Virtuemart 3.0.9 + Joomla 3.4.1
« Reply #7 on: June 08, 2015, 14:56:32 pm »
How does this behave in joomla 2.5?

I just tried on a clean new joomla 2.5.28 installation and the behaviour is exactly the same as in joomla 3.4.1  :-(

mgworld

  • Beginner
  • *
  • Posts: 23
  • A beginner
Re: Permissions problems in Virtuemart 3.0.9 + Joomla 3.4.1
« Reply #8 on: June 11, 2015, 11:08:14 am »
What are the relevant source files to check for the user groups that are allowed to display the Virtuemart top buttons (Edit, Delete, New, Publish, Unpublish, etc.) in the top bar of the joomla backend? I could try to fix this problem...

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 9853
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: Permissions problems in Virtuemart 3.0.9 + Joomla 3.4.1
« Reply #9 on: June 11, 2015, 19:04:33 pm »
Thank you mgworld. I fixed it. (I hope), small thing actually. if you wanna help us

setup your svn and lets go http://dev.virtuemart.net/projects/virtuemart/wiki/Setting_up_a_Development_Environment
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 9853
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: Permissions problems in Virtuemart 3.0.9 + Joomla 3.4.1
« Reply #10 on: June 11, 2015, 23:25:57 pm »
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

mgworld

  • Beginner
  • *
  • Posts: 23
  • A beginner
Re: Permissions problems in Virtuemart 3.0.9 + Joomla 3.4.1
« Reply #11 on: June 12, 2015, 12:12:13 pm »
Thanks! How do I update my existing virtuemart 3.0.9 installation to the 3.0.9.4 without losing previous data? I can just reinstall the file "com_virtuemart.3.0.9.4.zip" and "com_virtuemart.3.0.9.4_ext_aio.zip" from joomla Extension Manager?

Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 9853
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: Permissions problems in Virtuemart 3.0.9 + Joomla 3.4.1
« Reply #12 on: June 12, 2015, 15:38:09 pm »
Always install over the existing installation (counts for "all" joomla extensions)
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

mgworld

  • Beginner
  • *
  • Posts: 23
  • A beginner
Re: Permissions problems in Virtuemart 3.0.9 + Joomla 3.4.1
« Reply #13 on: June 12, 2015, 16:29:23 pm »
Hi, I updated virtuemart but unfortunately the mod doesn't work yet... :(

As I described in the first post, I created an user named "shop" with limited permissions (he can access to the joomla backend but only to the virtuemart menu).

In the "Taxes & Calculation Rules" section, now my "shop" user (with permissions set as I described in the first post) can see the Publish and Unpublish buttons (before the update he could see only the Edit and Help buttons), but not yet the New and Delete buttons.

In the "Orders" section, the user "shop" doesn't see the Delete button.

In the "Coupons" section the user "shop" sees only the Help button.

The user "shop" sees the "Shop" menu, but it should not see it, being that I set "not allowed" in the Calculated Setting of Global Configuration for its group.

In the "Media Files" option under "SHOP" section, the user "shop" can see only the HELP button.


Milbo

  • Virtuemart Projectleader
  • Administrator
  • Super Hero
  • *
  • Posts: 9853
  • VM3.2 Cached and Optimized
    • VM3 Extensions
  • VirtueMart Version: VirtueMart 3 on joomla 3
Re: Permissions problems in Virtuemart 3.0.9 + Joomla 3.4.1
« Reply #14 on: June 12, 2015, 21:29:29 pm »
Hi, I updated virtuemart but unfortunately the mod doesn't work yet... :(

....

In the "Taxes & Calculation Rules" section, now my "shop" user (with permissions set as I described in the first post) can see the Publish and Unpublish buttons (before the update he could see only the Edit and Help buttons), but not yet the New and Delete buttons.
I would say it you describe it now a lot more detailed. All what I did is to decide, that as long we do not have an ACL for publishing, it makes sense to show the publish/unpublish when you have the right to edit. The ACL system is something which will be enhanced slowly.

In the "Orders" section, the user "shop" doesn't see the Delete button.

This is correct, only superadmins are meant todo that. Actually, you should avoid it anyway, it is not really legal, better is to use the "cancelled" state.

In the "Coupons" section the user "shop" sees only the Help button.
I fear there is no ACL yet

The user "shop" sees the "Shop" menu, but it should not see it, being that I set "not allowed" in the Calculated Setting of Global Configuration for its group.
He can see the shop menu, but should not be able to change the config.

In the "Media Files" option under "SHOP" section, the user "shop" can see only the HELP button.
Check the settings.
I should fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/