Permission Problem

ooaykac · January 19, 2016, 12:00am

I defined a new usergroup and set permissions. I unchecked tick on "Delete orders" but checked "Create order", "Edit order","View orders" and "Change order status". It is expected that the new administrator which assigned with this new usergroup NOT to be DELETE ORDERS. But, unfortunately, the new admin can delete orders.

I want the new usergroup can view and edit orders but not DELETE.

How to do this? Is it a bug?

CS-Cart_team · January 20, 2016, 12:00am

I defined a new usergroup and set permissions. I unchecked tick on "Delete orders" but checked "Create order", "Edit order","View orders" and "Change order status". It is expected that the new administrator which assigned with this new usergroup NOT to be DELETE ORDERS. But, unfortunately, the new admin can delete orders.

I want the new usergroup can view and edit orders but not DELETE.

How to do this? Is it a bug?

This is a bug in current CS-Cart version. The "Delete selected" option is present in the gear button menu even if the "Delete orders" privilege is disabled for the usergroup. Our engineers are working on this. The fix should be included in the next CS-Cart version.

ooaykac · January 20, 2016, 12:00am

I have been using Multivendor version 4.3.3. I will be glad if you can fix it at the next update for MV.

nagamahesh22 · March 28, 2016, 12:00am

Hi,

I want to sorting in the agents and manufactures tables through admin panel.I don't Know "How to implement coding". please help them.

Code path: design\backend\templates\views\profiles\agts.tpl

code:-

{assign var="agents_data" value=fn_get_agents_data()}

{if !$smarty.get.name || !$smarty.get.company || !$smarty.get.email}

{assign var="agt_search" value=fn_get_agents_search($smarty.get.name,$smarty.get.company,$smarty.get.email)}

{/if}

{if "MULTIVENDOR"|fn_allowed_for}

{assign var="no_hide_input" value="cm-no-hide-input"}

{/if}

{include file="views/profiles/components/profiles_scripts.tpl"}

{capture name="mainbox"}

{assign var="c_icon" value=""}

{assign var="c_dummy" value=""}

{include file="common/pagination.tpl" save_current_page=true save_current_url=true div_id=$smarty.request.content_id}

{assign var="c_url" value=$config.current_url|fn_query_remove:"sort_by":"sort_order"}

{assign var="rev" value=$smarty.request.content_id|default:"pagination_contents"}

{if $agents_data}

{/if}

{if !$agt_search}

{if $agents_data}

{foreach from=$agents_data item="agts"}

{/foreach}

{else}

{("No Agents registered yet")}

{/if}

{else}

{foreach from=$agt_search item="agtsearch"}

{/foreach}

{/if}

{include file="common/check_items.tpl"}	{__("id")}{if $search.sort_by == "id"}{$c_icon nofilter}{else}{$c_dummy nofilter}{/if}	{__("person_name")}{if $search.sort_by == "agt_name"}{$c_icon nofilter}{else}{$c_dummy nofilter}{/if}	{__("email")}{if $search.sort_by == "agt_email"}{$c_icon nofilter}{else}{$c_dummy nofilter}{/if}	{__("registered")}{if $search.sort_by == "agt_joined"}{$c_icon nofilter}{else}{$c_dummy nofilter}{/if}	{("Contact")}{if $search.sort_by == "agt_phone"}{$c_icon nofilter}{else}{$c_dummy nofilter}{/if}		{__("status")}{if $search.sort_by == "agt_status"}{$c_icon nofilter}{else}{$c_dummy nofilter}{/if}
	{$agts.agent_id}	{$agts.agt_name}	{$agts.agt_email}	{$agts.agt_joined}	{$agts.agt_phone}	{capture name="tools_list"} {$list_extra_links = false} {if $list_extra_links} {/if} {if $smarty.request.user_type} {assign var="user_edit_link" value="{"profiles.agent_details?agt_id=`$agts.agent_id`"\|fn_url}"} {else} {assign var="user_edit_link" value="{"profiles.agts_update?agt_id=`$agts.agent_id`"\|fn_url}"} {/if} {btn type="list" text=__("edit") href=$user_edit_link} {capture name="tools_delete"} {btn type="list" text=__("delete") class="cm-confirm cm-post" href="profiles.agts_delete?agent_id=`$agts.agent_id`&redirect_url=`$return_current_url`"} {/capture} {if $agts.agent_id != $smarty.session.auth.agent_id} {if !$runtime.company_id && !($agts.user_type == "A" && $user.is_root == "Y")} {$smarty.capture.tools_delete nofilter} {elseif $allow_save} {if "MULTIVENDOR"\|fn_allowed_for && $agts.user_type == "V" && $agts.is_root == "N"} {$smarty.capture.tools_delete nofilter} {/if} {if "ULTIMATE"\|fn_allowed_for} {$smarty.capture.tools_delete nofilter} {/if} {/if} {/if} {/capture} {dropdown content=$smarty.capture.tools_list}	{$agts.agt_status}
	{$agtsearch.agent_id}	{$agtsearch.agt_name}	{$agtsearch.agt_email}	{$agtsearch.agt_joined}	{$agtsearch.agt_phone}	{capture name="tools_list"} {$list_extra_links = false} {if $smarty.request.user_type} {assign var="user_edit_link" value="profiles.update?user_id=`$user.user_id`&user_type=`$smarty.request.user_type`"} {else} {assign var="user_edit_link" value="profiles.update?user_id=`$user.user_id`&user_type=`$user.user_type`"} {/if} {btn type="list" text=__("edit") href=$agts_edit_link} {capture} {btn type="list" text=__("delete") class="cm-confirm cm-post" href="profiles.agts_delete?agent_id=`$agts.agent_id`&redirect_url=`$return_current_url`"} {/capture} {if $agts.agent_id != $smarty.session.auth.agent_id} {if !$runtime.agent_id && !($agts.user_type == "A" && $agts.is_root == "Y")} {$smarty.capture.tools_delete nofilter} {elseif $allow_save} {if "MULTIVENDOR"\|fn_allowed_for && $agts.user_type == "V" && $agts.is_root == "N"} {$smarty.capture.tools_delete nofilter} {/if} {if "ULTIMATE"\|fn_allowed_for} {$smarty.capture.tools_delete nofilter} {/if} {/if} {/if} {/capture} {dropdown content=$smarty.capture.tools_list}	{if $agts.is_root == "Y" && ($agts.user_type == "A" \|\| $agts.user_type == "V" && $runtime.company_id && $runtime.company_id == $agts.company_id)} {assign var="u_id" value=""} {else} {assign var="u_id" value=$agts.agent_id} {/if} {assign var="non_editable" value=false} {if $agts.is_root == "Y" && $agts.user_type == $auth.user_type && (!$agts.company_id \|\| $agts.company_id == $auth.company_id) \|\| $agts.agent_id == $auth.user_id \|\| ("MULTIVENDOR"\|fn_allowed_for && $runtime.company_id && ($agts.user_type == 'C' \|\| $agts.company_id && $agts.company_id != $runtime.company_id))} {assign var="non_editable" value=true} {/if} {include file="common/select_popup.tpl" id=$u_id status=$agts.agt_status hidden="" update_controller="profiles" notify=true notify_text=__("notify_user") popup_additional_class="`$popup_additional_class` dropleft" non_editable=$non_editable}

{include file="common/pagination.tpl" div_id=$smarty.request.content_id}

{capture name="buttons"}

{if $agents_data}

{capture name="tools_list"}

{if "ULTIMATE"|fn_allowed_for || !$runtime.company_id}

{hook name="profiles:list_tools"}

{btn type="list" text=__("export_selected") dispatch="dispatch[profiles.export_range]" form="userlist_form"}

{/hook}

{/if}

{btn type="delete_selected" dispatch="dispatch[profiles.m_delete]" form="userlist_form"}

{/capture}

{dropdown content=$smarty.capture.tools_list}

{/if}

{/capture}

{capture name="adv_buttons"}

{if $smarty.request.user_type}

{assign var="_title" value=$smarty.request.user_type|fn_get_user_type_description:true}

{else}

{assign var="_title" value=__("agents_data")}

{/if}

{if $smarty.request.user_type}

{if !($runtime.company_id && "MULTIVENDOR"|fn_allowed_for && ($smarty.request.user_type == 'C' || $auth.is_root != 'Y'))}

{/if}

{else}

{if !empty($user_types)}

{capture name="tools_list"}

{foreach from=$user_types key="_k" item="_p"}

{if !($runtime.company_id && "MULTIVENDOR"|fn_allowed_for && ($smarty.request.user_type == 'C' || $auth.is_root != 'Y'))}

{__($_p)}

{/if}

{/foreach}

{/capture}

{dropdown content=$smarty.capture.tools_list no_caret=true icon="icon-plus" placement="right"}

{/if}

{/capture}

{capture name="sidebar"}

{include file="common/saved_search.tpl" dispatch="profiles.agt_search" view_type="agt_search"}

{include file="views/profiles/components/users_search_form.tpl" dispatch="profiles.agt_search"}

{/capture}

{include file="common/mainbox.tpl" title={("Agents List")} content=$smarty.capture.mainbox sidebar=$smarty.capture.sidebar adv_buttons=$smarty.capture.adv_buttons buttons=$smarty.capture.buttons content_id="manage_users"}

Regards,

naga mahesh bondada,

maheshbondada2@gmail.com,

7893772765.

tracy · March 29, 2016, 12:00am

Hi

Please help!

I have created an administrator account for our IT Team to back up our store so we can go on to make updates without it restoring back to old settings. Privileges are set to allow back up/restore but there is no + symbol to allow us to go ahead and make a back up.

Any advise would be appreciated.

Thanks