Security issue?: VM Processing Orders only by Super User

Started by gps-camera.eu, March 07, 2013, 11:22:13 AM

Previous topic - Next topic

gps-camera.eu

Hi,

Maybe some people think it is a feature. I think it is a serious security issue:

Only super users can manage orders. So, the accounting lady who is clanging the order payed by bank transfer from "Confirmed by Shopper" to "Confirmed" needs to have a super user account.
The people processing the shipments and orders will change the "confimed" to "shipped" need to be super user, too.

So mostly all people working with virtuemart orders need full rights on the whole joomla system?! I'm really not comfortable with that! To me this is a serious security issue.

I think the orders processing should be open to Administrators or Managers. Or a new group "VM Manager"?

Cheers
Seb


alaminour


Using ACL manager for Joomla security. You can try it.
apparel sourcing and manufacture from  www.99apparel.com

Milbo

Please check roadmap, this is part of the ACL system which we want implement for vm2.1
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/