Small hiccups with current security settings

Welcome to our new AbleCommerce forums. As a guest, you may view the information here. To post to this forum, you must have a registered account with us, either as a new user evaluating AbleCommerce or an existing user of the application. For all questions related to the older version of Gold and earlier, please go to AbleCommerce Gold forum. Please use your AbleCommerce username and password to Login. New Registrations are disabled.

Notification

Error

Small hiccups with current security settings - Small hiccups with current security settings

Options

Previous Topic Next Topic

ray22901031		#1 Posted : Friday, October 30, 2020 9:00:38 PM(UTC)
Rank: Advanced Member Groups: Authorized User, Developers Joined: 2/17/2019(UTC) Posts: 827 Thanks: 3 times Was thanked: 13 time(s) in 13 post(s)		This started originally under the post "Better admin security features and options", I know that Katie was going to have someone look at this, but I wanted to share with you my findings. Here are some of the hiccups with the current security system, I am basing this analysis on the "order manager" admin user settings, which only should have rights for orders and nothing else. Of course this is based on the original "adminmenu.xml" from Ablecommerce. #1. When you go into an order, and you click the more button on the right and you go to customer profile, you now have a breadcrumb trail on the top, this can take you directly into the user area. #2. If you edit any order, you will see that the item description is hyperlinked, so if you click on that, you now able to edit and manipulate products. The quick solution would be remove the breadcrumb, and to remove the hyperlink from the product description in the order. I hope this helps PS: I still would love to see this security area of ablecommerce revamped, extremely weak. Edited by user Friday, October 30, 2020 9:01:27 PM(UTC) \| Reason: Not specified


User Profile View All Posts by User View Thanks


	Wanna join the discussion?! Login to your AbleCommerce Forums forum account. New Registrations are disabled.

shari		#2 Posted : Monday, November 2, 2020 5:34:54 AM(UTC)
Rank: Advanced Member Groups: Admin, Developers, Registered, HelpDesk, Authorized User Joined: 10/5/2018(UTC) Posts: 703 Thanks: 5 times Was thanked: 113 time(s) in 112 post(s)		Thanks for the details. Your explanations are always beneficial. This is a known issue and we are already discussing this under this topic "Better admin security features and options".


User Profile View All Posts by User View Thanks

Users browsing this topic
Guest

Forum Jump

You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Privacy Policy | Powered by YAF.NET 2.2.4.14 | YAF.NET © 2003-2024, Yet Another Forum.NET
This page was generated in 0.101 seconds.

Important Information: The AbleCommerce Forums uses cookies. By continuing to browse this site, you are agreeing to our use of cookies. More Details Close