Addon [Soft-Solid] - Independent Permissions To Methods Restapi

Partners Add-ons & Themes
1

Hello,

we present you a new extension to CS-Cart and Multi-Vendor allows creating access rules to store RESTAPI. In standard, access to RESTAPI is regulated separately for each user group. Added rules allow to block (or give) access only to selected administrator, only for chosen API object (ex. Products, Orders) only with selected API method (ex. GET, PUT).

We start from installing an extension:

ss_permission_api_1_en.png?1564403955988
ss_permission_api_1_en.png?15644039559881001×242 21.2 KB

Managing RESTAPI rules menu is in tab Customers:

ss_permission_api_2_en.png?1564403955988
ss_permission_api_2_en.png?15644039559881030×406 37 KB

List contains all information about defined rules. New rules can be added with + button in upper right corner:

ss_permission_api_3_en.png?1564403955988
ss_permission_api_3_en.png?15644039559881238×422 27.3 KB

When adding rules, we have to define those parameters:

- Name: makes rule different from others, serves only informational purpose.

ss_permission_api_4_en.png?1564403955988
ss_permission_api_4_en.png?15644039559881239×417 15.2 KB

- Administrator: which administrator is affected by the rule.

ss_permission_api_4a_en.png?156440648008
ss_permission_api_4a_en.png?1564406480081248×416 18.6 KB

- Method: GET means reading data, POST modifying it, PUT adding new data (ex. orders or products), and DELETE deleting data.

ss_permission_api_4b_en.png?156440648008
ss_permission_api_4b_en.png?1564406480081242×417 17.2 KB

- Entity: Object, for which rule applies. Full list of objects and their specification is available here.

ss_permission_api_4c_en.png?156440648008
ss_permission_api_4c_en.png?1564406480081242×783 34.6 KB

- Access status: should the rule block access to part of the RESTAPI, or give it.

ss_permission_api_4d_en.png?156440648008
ss_permission_api_4d_en.png?1564406480081250×443 16.7 KB

Add-on overrides standard RESTAPI rules, which are defined in usergroup settings. Here, administrators by default cannot access products and have full access to orders.

ss_permission_api_5_en.png?1564403955988
ss_permission_api_5_en.png?1564403955988916×862 52.2 KB

Because we created rule that blocks Orders object for administrator test@test.pl, trying to download orders gives him a notification:

ss_permission_api_6x.png?1564406524779
ss_permission_api_6x.png?1564406524779927×271 17.1 KB

Administrator can download information about products, even though they are blocked in user group - because we created record that gives administrator access to Products object.

ss_permission_api_7.png?1564403955988
ss_permission_api_7.png?1564403955988284×687 17.8 KB

Add-on amplifies store security, letting you set precise RESTAPI access range for each administrator.


Features:

  • core file changes (adding the two hooks described in the README file)
  • Compatibility CS-Cart version 4.0.x, 4.1.x, 4.2.x, 4.3.x, 4.4.x, 4.5.x, 4.6.x, 4.7.x, 4.8.x, 4.9.x, 4.10.x
  • Compatibility Multi-Vendor version 4.0.x, 4.1.x, 4.2.x, 4.3.x, 4.4.x, 4.5.x, 4.6.x, 4.7.x, 4.8.x, 4.9.x, 4.10.x


Please, do not hesitate contact us if you have any additional questions.

Link to addon

See our other addons in Marketplace.

2

Hello

We are announce that the addon has been ported to CS-Cart and Multi-Vendor 4.14.2 and upgrades (next newer versions) will be available by Upgrade Center.

Best Regards

Team CS-Cart Poland