Customer Roles and Administrator Access - v2.20

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
12 年 前
I am trying to setup a new Client Administrator role, which gives a user access to the CMS to amend product, order and customer details.   (ie Manage their data - but not configure their setup)

I've set up a new role and configured the ACL list so they can't manage customer roles, but can manage customers.  

Unfortunately, if they go into their own customer record, on the customer roles tab they can make themselves to an administrator user.

Is there any way to do what I am trying to do?  Surley only administrator users should be able to set other users as administrators?

Thanks
Nick


I am new to nopC, so please excuse me if this has already been discussed.  I have searched the forum and not found this topic.
0
12 年 前
Just add some validation in Edit(CustomerModel model, bool continueEditing) method of CustoemrController. Something like
"if (current customer is not in system admin role ) then don't save new role mapping"
Interested in the dedicated Premium support services provided by core developers? Please visit https://www.nopcommerce.com/nopcommerce-premium-support-services

Regards,
Andrei Mazulnitsyn
nopCommerce team
0
12 年 前
Thanks.   Makes sense.

Just out of interest might it be an idea to seperate our admin users from customers?   I would have thought from security perspective it would be best.  

It might also be nice to change the admin menu, based upon admin user ACL - so that they have a clear usable interface, rather than a lot of options they don't need to worry about.
0
12 年 前
NMorley wrote:
It might also be nice to change the admin menu, based upon admin user ACL - so that they have a clear usable interface, rather than a lot of options they don't need to worry about.

Just set 'SecuritySettings.HideAdminMenuItemsBasedOnPermissions' setting to 'true'
Interested in the dedicated Premium support services provided by core developers? Please visit https://www.nopcommerce.com/nopcommerce-premium-support-services

Regards,
Andrei Mazulnitsyn
nopCommerce team
1
12 年 前
Hi

I have added SecuritySettings.HideAdminMenuItemsBasedOnPermissions in Configuration==>Settings==>All Settings(Advanced), then i have logged in with another role.. but menu will not hiding
Christopher
0
12 年 前
Hi Christopher,

I have got this working in both v2.20 and 2.30 code bases.   Once you have set the setting to true, you need to make sure the access levels you want are set correctly in the ACL list.

I have created myself a client admin user, that only has access to modify products and look at orders.  They only see the menu items based upon what is set for that user in the ACL list.

It definately is working for me.  Just re-tested it.

Nick
0
12 年 前
Hi,

Thanks for your reply, Currently i'm using nopcommerce 2.1. I have modified source code for my need, is there any option to upgrade from 2.1 to 2.2 ?
Christopher
0
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.