Text only | Text with Images

VirtueMart Forum

VirtueMart 2 + 3 + 4 => Virtuemart Development and bug reports => Topic started by: gps-camera.eu on March 07, 2013, 11:22:13 AM

Title: Security issue?: VM Processing Orders only by Super User
Post by: gps-camera.eu on March 07, 2013, 11:22:13 AM
Hi,

Maybe some people think it is a feature. I think it is a serious security issue:

Only super users can manage orders. So, the accounting lady who is clanging the order payed by bank transfer from "Confirmed by Shopper" to "Confirmed" needs to have a super user account.
The people processing the shipments and orders will change the "confimed" to "shipped" need to be super user, too.

So mostly all people working with virtuemart orders need full rights on the whole joomla system?! I'm really not comfortable with that! To me this is a serious security issue.

I think the orders processing should be open to Administrators or Managers. Or a new group "VM Manager"?

Cheers
Seb

Title: Re: Security issue?: VM Processing Orders only by Super User
Post by: alaminour on May 16, 2013, 17:51:27 PM

Using ACL manager for Joomla security. You can try it.
Title: Re: Security issue?: VM Processing Orders only by Super User
Post by: Milbo on May 27, 2013, 16:57:40 PM
Please check roadmap, this is part of the ACL system which we want implement for vm2.1
Text only | Text with Images