News:

You may pay someone to create your store, or you visit our seminar and become a professional yourself with the silver certification

Main Menu

Frontend Edit Product Button Disable

Started by jimv, February 09, 2017, 16:13:09 PM

Previous topic - Next topic

jimv

I want to disable showing the frontend button that edits products and in general front end virtuemart panel that it gets you too. the link of the button is
index.php?option=com_virtuemart&tmpl=component&manage=1&view=product&task=edit&virtuemart_product_id=71

I have tried searching in google and forum for quite a while but nothing similar found. Any help is much appreciated.
Joomla v3.6.5
Virtuemart 3.0.18
Thanks in advance

jenkinhill

You should only see that if logged in as an administrator. It should not be seen by a normal shopper.  If visible to anyone then you have a problem with ACL.
Kelvyn
Lowestoft, Suffolk, UK

Retired from forum life November 2023

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

csik

#2
Hi ,

i have the same problem - the edit button is visible to everyone - even if not registerred. And if one is in the backend everything can be edited. Order states be changed and so on.

I see - the creator of the site may have changed settings.

But what are the defaults for the predefined groups of Joomla users - and as i can see VM has own settings for user groups. What settings rule ?
Are there best practice rules?

Currently there are only registered users and superusers.

VM is 3.0.14
joomla is 3.5.0
php is 5.4.45












jenkinhill

Quote from: csik on February 13, 2017, 01:52:38 AM
joomla is 3.5.0

Did you miss the vital security releases?
https://www.joomla.org/announcements/release-news/5678-joomla-3-6-4-released.html
https://www.joomla.org/announcements/release-news/5693-joomla-3-6-5-released.html
http://forum.virtuemart.net/index.php?topic=118683.0

Unfortunately some pre J3.6.5 sites have been hacked so that including other things such as adding back doors, the Joomla ACL has been changed to allow front end access by anyone - and any record of the hacker in the userlist has then been removed. So it is vital that you check this possibility.

For ACL settings, lok in [your website]/administrator/index.php?option=com_config&view=component&component=com_virtuemart
For Public and Guest all permissions should show red. 

To give front end access to admins see https://docs.virtuemart.net/manual/general-concepts/185-administrative-frontend-access-with-acl.html

You VM version is old, too.
Kelvyn
Lowestoft, Suffolk, UK

Retired from forum life November 2023

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

csik

Thanks for your response,

this site is "orphanded" and was not updated for a long time - you are right. The owner asked me to change some content - so i stumbled over the button.

I dropped a pdf with 2 views for VM permissions on my gdrive.
The only strange thing - admins have permissions which can not be revoked (i tried "denied" - save gives a success message but nothing is changed)
On all Tabs anything is red except for superusers

So i dont see a reason for the edit button displayed for even unregisterred users.

I thought about changing the template but this does not make much sense because everybody can ask Google for a link into the backend.

oops - here is the pdf - https://drive.google.com/drive/folders/0B_m_gqP_Em0mOGREdFJzYXpHejQ?usp=sharing







 

Milbo

You must update and configure it then

Your system
VM is 3.0.14
joomla is 3.5.0
php is 5.4.45

!!!
Should I fix your bug, please support the VirtueMart project and become a member
______________________________________
Extensions approved by the core team: http://extensions.virtuemart.net/