I have a custom component which creates and updates vm users programatically.
Recently I've added an install-script to my component which creates a usergroup and sets the ACL rights for different components including virtuemart.
Since I'm using ACL I've been getting an error "vm hacking attempt uid check". I've found that every manager-check includes a check for core.admin AND core.manage except for the userinfos.php table.
Of course I can upgrade the group-rights to core.admin for virtuemart, but i'm trying to keep virtuemart dummyproof. Granting admin-rights gives my users options they don't need to touch, and preferably never even see.
It's in the check-function, line 103:
if(!$user->authorise('core.admin','com_virtuemart')){
which in my mind needs to be changed to:
$manager = ($user->authorise('core.admin','com_virtuemart') or $user->authorise('core.manage','com_virtuemart'));
if(!$manager){
This check is done EVERYwhere, except here.
thank you, is replaced against the correct vmAccess manager, so far it looks like i found 120 location and missed the 121th location.