Permission error - Customplugins gone after product edit

Started by welrachid, June 21, 2018, 15:51:12 PM

Previous topic - Next topic

welrachid

Hi guys
J!3.8.8
VM 3.2.14

Today we experienced that a products plugins disappear when saving from a sub-manager account.
We have a company doing the texts on products and they are set up with these access:

Access Administration Interface
VM Manager
Allow HTML Input ( so that they can do html in long description)
Product access
Product edit

We do however not want them to be able to change customplugins or media files or anything else.

its a custom usergroup we call seoguys placed under "manager"
public
- guest
- manager
| - admin
| - pricegroup (custom group that only gives access to products but no edits - so that they can get in a see pricing formular)
| - seoguys
- registered
| - author
| | - Editor
| | | - Publisher
- Super Users


Can any of you tell me if this is an error or not?
I can see that there ARE permissions called something with customfields, but i dont want them to be able to edit them.

Its ALL of the plugins that are removed from the product (we have 2 text, 1 custom price calculator and 1 fileuploader)

Thanks
- Wel
Best regards,
Wel

Milbo

Neither the function store in the product model, nor the function "storeProductCustomfields" is checking the any customfield related acl. I doubt that this is an ACL problem.

If it is an ACL problem, it should be possible to solve it, by giving the "right" permission. Then I can take a look and check why this perm makes trouble. But it should work as you configured it.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

welrachid

Hi Milbo.
I can confirm that there is an issue then. Look at this video:
https://www.youtube.com/watch?v=6_2D8leXMB4&feature=youtu.be&hd=1

Permissions can be seen here:
https://pasteboard.co/Hrw9c8p.png

Everything not on the permission image is not allowed (red)
Best regards,
Wel

welrachid

Best regards,
Wel

Milbo

I just can say that we use on extensions.virtuemart.net also this system and our vendors can store products with customfields. But I allow them also access to "customfields" view. Please give them as test the right to access the customfield list.
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

welrachid

Hi sorry for the late response. i just tested with customfield access
This still gives error
It creates new customfield-entries in db with new id's to the customfields and completely removes the old.

It says it has issues with media when saving. see attachemnt

Best regards,
Wel

welrachid

okay
i tried something wild now..
i gave access to ALL VM permissions
Then i was able to save without any problems
Then after i removed ALLE permissions again (inherit)
only allowing the following:
Access Administration Interface
VM Manager
Allow raw input
Allow HTML Input
Product access
Product edit


Note i did not give access to customfields. but now it saves correctly?! WTF?
Best regards,
Wel

Studio 42

welrachid : 3rd party plugin developer ?
Can you not do a debug to check ? more you send info, more you get answer and possible fix.

welrachid

I would actually like to, and i try to when i have an idea - but i have no idea how permissions-stuff work in joomla/VM - never touched it with any of my plugins
I would think i need to look somewhere around a product controller.....
Best regards,
Wel