Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Do Wee Need "template Editing" In Admin Area And "on-Site Template Editing" Features. Rate Topic   - - - - -

Poll: Do we really need Template Editing feature in CS-Cart? (12 member(s) have cast votes)

Do you know and use any of these features?

  1. I use "Template Editing" ability to edit storefront templates from admin area (5 votes [41.67%] - View)

    Percentage of vote: 41.67%

  2. I use "On-site template editing" ability to edit templates from storefront. (3 votes [25.00%] - View)

    Percentage of vote: 25.00%

  3. Don't know or use these feature (4 votes [33.33%] - View)

    Percentage of vote: 33.33%

Vote Guests cannot vote
 
  • imac
  • CTO
  • CS-Cart Architects
  • Join Date: 22-Nov 05
  • 2033 posts

Posted 21 December 2016 - 11:36 AM #1

Hi everyone, 

 

Editing template in admin area as well as in storefront (for admins only) could be useful feature for those who have some problems with access to the store by FTP/SSH.

 

At the same time it can affect store security, because those who have access to smarty templates can get any data from your store, in other words it almost the same as access to the php files.

Some admins can forget to set privileges for the restricted admins. Also it is not obvious for most CS-Cart admins how critical access to templates is.

 

I asked a number of developers and turned out that none of them use this feature. That is why I decided to create this poll.

 

For those who is not familiar with features I'm talking about, see this documentation, where "File Editor" is actually "Template Editor".


Ilya Makarov,
CS-Cart Architect Team
Suggest and vote for new features | Report a bug

 
  • Darius
  • Douchebag
  • Members
  • Join Date: 20-Apr 08
  • 3154 posts

Posted 21 December 2016 - 12:09 PM #2

I find it very useful to have ?dispatch=templates.manage feature, would really do not want if you remove it.

 

Here you say

https://www.cs-cart.com/roadmap.html

 

Admin Privileges Refactoring: Get rid of messy root admin, unrestricted admin and restricted admin user types. Only admin with certain privileges should be available [5.x]

 

so all you need to do is have by default disabled template editing but not removing it for all..

I bet there are plenty of small shops like myself where access to backend have just few to one persons..



 
  • imac
  • CTO
  • CS-Cart Architects
  • Join Date: 22-Nov 05
  • 2033 posts

Posted 22 December 2016 - 10:11 AM #3

I find it very useful to have ?dispatch=templates.manage feature, would really do not want if you remove it.

 

Here you say

https://www.cs-cart.com/roadmap.html

 

Admin Privileges Refactoring: Get rid of messy root admin, unrestricted admin and restricted admin user types. Only admin with certain privileges should be available [5.x]

 

so all you need to do is have by default disabled template editing but not removing it for all..

I bet there are plenty of small shops like myself where access to backend have just few to one persons..

From one point of view you are correct. 

But from another, many store owners do not understand that email templates editing allows admin to get access to database.


Ilya Makarov,
CS-Cart Architect Team
Suggest and vote for new features | Report a bug

 
  • Darius
  • Douchebag
  • Members
  • Join Date: 20-Apr 08
  • 3154 posts

Posted 22 December 2016 - 12:09 PM #4

So it should be matter of privilege...

 

But somehow I feel that in between lines question is to remove yet another feature from the package..

In this case you should ask yourself what exactly modern cart should consists of.

 

I am sure if you check cs-cart feedback, you would find something like "I was choosing cart among competitors, picked cs-cart because its felt most feature rich", so advice would be do not cut the branch you are sitting on..



 
  • The Tool
  • Been Here Way Too Long Member
  • Members
  • Join Date: 30-Mar 07
  • 3617 posts

Posted 23 December 2016 - 03:53 AM #5

I don't use either to edit but from time to time I will use the "On-site template editing" just see what files are being used or to see if my added files are in use.



 

Posted 31 December 2016 - 06:12 PM #6

I don't like that we can no longer edit templates through the design templates in the admin panel.  It was a great way to edit my_changes and make changes to other addons.  It makes it more difficult to make changes to templates and especially use my_templates addon anymore.  We new versions of cs cart now none of your addons show up in the templates tab.

 

I never use on-site editing.