News:

Support the VirtueMart project and become a member

Main Menu

Delete Super User possible by deleting customers !

Started by meldmeaan, March 30, 2012, 10:32:41 AM

Previous topic - Next topic

meldmeaan

Hi,
I have virtuemart 2.0.2. and Joomla 2.5.3
As i was configuring virtuemart as an super user i noticed that the Super User was a customer in the Virtuemart shop.
I didn't want to be a customer so i created a second user with the user rights Administrator (my customer, since im building this store for an customer) and wanted him to be Store Owner.
I couldn't get that to work so i logged in as an Administrator (customer account) and went to VM and customers.
I deleted my own account (super user) as a customer in VM. What happend is that the complete account in Joomla was deleted.
So i cant log in as an super user AND i cant create an super user account since the only account left is the Administrator account.
How is het possible that if i delete a Customer Account in VM that i delete the whole account in Joomla AND how to restore this ??

Greetings
Boman

NOTE...
I made a new account for my self
User rights Administrator
In the data base i changed myself to Super User...so that works again.
But still....how is it possible when i delete a customer i delete the whole Joomla Account AND this is done by an Administrator who deletes a Super User

Milbo

What you describe is a completly normal behaviour.

First: Differ roles and permissions. A role can imply permission, but need not. So every joomla user is automatically using the role "shopper", except you change it to storeadmin or admin.

Furthermore there exist only joomla accounts, no virtuemart ones, please read here http://forum.virtuemart.net/index.php?topic=96438.0
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/

quigley595

Wow!!!!!!!!!!!
I simply cannot believe this.

Just recently, I too have had this issue, caused by a client. Unfortunately, I didnt find out about it for a while,  so there was a real mess.

I realise that admins shouldnt be deleted, but heck guys!!!!!!!!    irrespective of anything else, there should be a test in there to actually prevent the deletion of a Super User account......  its crazy.
I notice that nothing has been done about this, and indeed, there hasnt even been a squeek on the forum about it.

Why????  I would think that this is fundamental.

Clients (while they should know...) very often actually dont know the technical repercussioins of some of their actions.  We as IT people should protect them from themselves where we can.

What about a test in there for Super Admin????  and either not permit it, or at the very least, ring bells about it?

Any thoughts???

rgds
Mike

lindapowers

This is as dangerous as having a delete button next to a the button "update orders" in the order list view, a simple popup "do you really want to delete selected orders/customers" would help.

AH

lindapowers

I agree about the order delete being way too close to the update status button

Simple solution:-

But needs one of the vm team to add this to the core:-

IN administrator\components\com_virtuemart\views\orders\view.html.php


//JToolBarHelper::customX( 'CreateOrderHead', 'new','new','New',false);
JToolBarHelper::save('updatestatus', JText::_('COM_VIRTUEMART_UPDATE_STATUS'));
JToolBarHelper::deleteListX();


new code



//JToolBarHelper::customX( 'CreateOrderHead', 'new','new','New',false);
JToolBarHelper::save('updatestatus', JText::_('COM_VIRTUEMART_UPDATE_STATUS'));
            JToolBarHelper::spacer('100'); // new spacer quorvia
JToolBarHelper::deleteListX();

Regards
A

Joomla 4.4.5
php 8.1

AH

And because I do not like the delete and modify vendor being before edit and without significant spacing:-

administrator/components/com_virtuemart/views/user/view.html.php


$this->assignRef('orderlist', $orderList);
$this->assignRef('contactDetails', $_contactDetails);
$this->assignRef('editor', $editor);

} else {
            JToolBarHelper::editListX(); //moved quorvia
            JToolBarHelper::spacer('50'); // new spacer quorvia
JToolBarHelper::divider();  //new divider quorvia
JToolBarHelper::custom('toggle.user_is_vendor.1', 'publish','','COM_VIRTUEMART_USER_ISVENDOR');
JToolBarHelper::custom('toggle.user_is_vendor.0', 'unpublish','','COM_VIRTUEMART_USER_ISNOTVENDOR');
JToolBarHelper::divider();
            JToolBarHelper::spacer('50'); // new spacer quorvia
            JToolBarHelper::deleteList();


//This is intentionally, creating new user via BE is buggy and can be done by joomla
//JToolBarHelper::addNewX();
$this->addStandardDefaultViewLists($model,'ju.id');
Regards
A

Joomla 4.4.5
php 8.1

lindapowers

#6
Thanks for the code, I hope they add something since is really dangerous as it is currently.

We had to restore a previous copy of our website cause a new worker clicked "delete" instead of update status with 150 orders selected.. lots of fun!

Pls developers add space or the typical popup "do you really want to delete blabla"

Regards


AH

Space AND popup would be good.

I would not trust the popup on its own, as too many people will click through it.

I will keep retrofitting this code configuration to the views of all new releases to help stop the accidental deletion errors as you describe.

:-)
Regards
A

Joomla 4.4.5
php 8.1