I am using 1.7 version of NopCommerce. I have an issue on security. On my website i have multiple administrator Level for controlling the these level i define multiple Customer roles and in Acces Control List give the acces to them. Lets take an example
1. I have customer [email protected] which is my customer and also a administrator of my website.
2. I create the Customer Role (A Zone Customer)
3. I Assign that role to [email protected] customer
4. In ACL i grant to access only see "Manage Orders".
If above customer login and using the adminsitration panel and if he using the administration panel throungh navigation menu then he cannot access the other things except Ordres. Like if he go to the product-->Manage products system not allow him to access but if he know the complete URL of along with the product id like below
http://localhost:1254/administration/ProductDetails.aspx?ProductId=776
then website allow hime to acces that particular page of product and he can change every thing.
Please help me how can i restrict the customer he can not acces these pages. Its Urgent
Thanks
Noman Mansoor