felidae Posted February 4, 2003 Posted February 4, 2003 Hai, :D i have installed Administrator-1.2.2. I set some Administrators with partial accesses for the admin-site. These administrators can only get access to Catalog,Configuration,Customers,Reports from the admin-site. But if they want to surf the site invoice.php and packingslip.php they always getting a message that they can't access that site. :cry: Although these sites (invoice.php+packingslip.php) are part of the link Customers'. I followed all of the instructions in the Readmefile. If anyone does have any suggestions, i would be very thankful. :D regards, arko Quote
Guest Posted February 13, 2003 Posted February 13, 2003 Hai, :D i have installed Administrator-1.2.2. I set some Administrators with partial accesses for the admin-site. These administrators can only get access to Catalog,Configuration,Customers,Reports from the admin-site. But if they want to surf the site invoice.php and packingslip.php they always getting a message that they can't access that site. :cry: Although these sites (invoice.php+packingslip.php) are part of the link Customers'. I followed all of the instructions in the Readmefile. If anyone does have any suggestions, i would be very thankful. :D regards, arko If I remember correctly, I commented the following in /catalog/admin/includes/functions/administrators.php /* if ($aCurrentPageBox != '*') { if (!in_array( $aCurrentPageBox, $aAllowedPages)) { echo '<center><p><font size="+2">You are not authorized to view this page, please go back.'; exit(); } } */ Let me know if this does or doesn't work and I'll do some more digging. Quote
Guest Posted February 13, 2003 Posted February 13, 2003 Just keep in mind that if you comment out that section, people WHO KNOW the location of certain files will have access to them. For example, if you give someone access only to the Customers section, and they **manually** enter http://yourdomain/admin/whos_online.php, they will see corresponding information when they aren't supposed to. However, if they are new and don't know the structure of the admin section, then they shouldn't be able to find it since it's not going to be listed. I know that there's another way to fix this problem, but I haven't had time to actually figure it out. This is merely a QUICK fix to this problem. -Ray Quote
Waza04 Posted February 13, 2003 Posted February 13, 2003 Heres what you need to do: AND you do this for any other moduules you've installed!! Go To adminincludesfunctionsadaministrators.php FIND: 'customers.php' => 'customers.php', 'orders.php' => 'customers.php', 'q_order_update.php' => 'customers.php', CHANGE TO: 'customers.php' => 'customers.php', 'orders.php' => 'customers.php', 'q_order_update.php' => 'customers.php', 'invoice.php' => 'customers.php', 'packingslip.php' => 'customers.php', I hope this helps!! Warren Ashcroft Quote
Guest Posted February 14, 2003 Posted February 14, 2003 Warren, Thank you for your excellent explanation. It worked out perfect, except for one thing. "mail.php" is referenced by "tools.php" and "customers.php". Apparently, the Email button will not work in the customers section UNLESS tools.php has been granted access. Another way that I was able to get it to work is by commenting 'mail.php' => 'tools.php' and allowing 'mail.php' => 'customers.php' What do you think? Any ideas on how to fix this? The only thing that I can think of is to perform a check somewhere right before if (!in_array( $aCurrentPageBox, $aAllowedPages)) Thanks again for your help. -Ray Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.