Text only | Text with Images

VirtueMart Forum

VirtueMart 2 + 3 + 4 => Administration & Configuration => Topic started by: jimv on February 09, 2017, 16:13:09 PM

Title: Frontend Edit Product Button Disable
Post by: jimv on February 09, 2017, 16:13:09 PM
I want to disable showing the frontend button that edits products and in general front end virtuemart panel that it gets you too. the link of the button is
Code Select
index.php?option=com_virtuemart&tmpl=component&manage=1&view=product&task=edit&virtuemart_product_id=71

I have tried searching in google and forum for quite a while but nothing similar found. Any help is much appreciated.
Joomla v3.6.5
Virtuemart 3.0.18
Thanks in advance
Title: Re: Frontend Edit Product Button Disable
Post by: jenkinhill on February 09, 2017, 16:40:48 PM
You should only see that if logged in as an administrator. It should not be seen by a normal shopper.  If visible to anyone then you have a problem with ACL.
Title: Re: Frontend Edit Product Button Disable
Post by: csik on February 13, 2017, 01:52:38 AM
Hi ,

i have the same problem - the edit button is visible to everyone - even if not registerred. And if one is in the backend everything can be edited. Order states be changed and so on.

I see - the creator of the site may have changed settings.

But what are the defaults for the predefined groups of Joomla users - and as i can see VM has own settings for user groups. What settings rule ?
Are there best practice rules?

Currently there are only registered users and superusers.

VM is 3.0.14
joomla is 3.5.0
php is 5.4.45











Title: Re: Frontend Edit Product Button Disable
Post by: jenkinhill on February 13, 2017, 12:04:07 PM
Quote from: csik on February 13, 2017, 01:52:38 AM
joomla is 3.5.0

Did you miss the vital security releases?
https://www.joomla.org/announcements/release-news/5678-joomla-3-6-4-released.html
https://www.joomla.org/announcements/release-news/5693-joomla-3-6-5-released.html
http://forum.virtuemart.net/index.php?topic=118683.0

Unfortunately some pre J3.6.5 sites have been hacked so that including other things such as adding back doors, the Joomla ACL has been changed to allow front end access by anyone - and any record of the hacker in the userlist has then been removed. So it is vital that you check this possibility.

For ACL settings, lok in [your website]/administrator/index.php?option=com_config&view=component&component=com_virtuemart
For Public and Guest all permissions should show red. 

To give front end access to admins see https://docs.virtuemart.net/manual/general-concepts/185-administrative-frontend-access-with-acl.html

You VM version is old, too.
Title: Re: Frontend Edit Product Button Disable
Post by: csik on February 13, 2017, 14:16:11 PM
Thanks for your response,

this site is "orphanded" and was not updated for a long time - you are right. The owner asked me to change some content - so i stumbled over the button.

I dropped a pdf with 2 views for VM permissions on my gdrive.
The only strange thing - admins have permissions which can not be revoked (i tried "denied" - save gives a success message but nothing is changed)
On all Tabs anything is red except for superusers

So i dont see a reason for the edit button displayed for even unregisterred users.

I thought about changing the template but this does not make much sense because everybody can ask Google for a link into the backend.

oops - here is the pdf - https://drive.google.com/drive/folders/0B_m_gqP_Em0mOGREdFJzYXpHejQ?usp=sharing







 
Title: Re: Frontend Edit Product Button Disable
Post by: Milbo on February 13, 2017, 14:54:03 PM
You must update and configure it then

Your system
VM is 3.0.14
joomla is 3.5.0
php is 5.4.45

!!!
Text only | Text with Images