Admin Profiles (for v1.3.x only!) Support Thread

Today I've seen my post to download section:
1. It' s not a standalone version - I've just made some improvements of kuroi's version 1.0.7.
2. About the issue, that logged in Admin can see denied category by entering it's number to the browser's command line: admin\includes\init_includes\overrides\init_admin_auth.php fixes it.

I'd never want to discourage people from contributing to the Zen Cart community. Giving back in this way is admirable and I hope that you won't be discouraged. However, I have to disagree with both your statements above

Quote:

---

Originally Posted by anafor

1. It' s not a standalone version - I've just made some improvements of kuroi's version 1.0.7.

---

I don't see this as an improvement. Admin Profiles is very secure. Your extension to it is full of holes. This is most likely why the Zen Cart team have chosen to treat it as a separate mod. I'd recommend starting a separate support thread so that they can be dealt with without confusing support for the main mod.

Quote:

---

Originally Posted by anafor

2. About the issue, that logged in Admin can see denied category by entering it's number to the browser's command line: admin\includes\init_includes\overrides\init_admin_auth.php fixes it.

---

Unfortunately that only closes one route to access products outside of an admin's allowed categories. They can still access ANY product through other routes (I don't really want to discuss how on a public forum) and get at many products by simply using other Admin facilities.

What you set out to do can be done. Earlier in this thread I listed all the files that needed to be changed to do it securely. But it's a lot of files and and it would mean that the resulting mod would clash with many others. In addition, the number of intrusions into core code would also make this very difficult and expensive to maintain.

I can see from what you did that your technical skills are sufficient to do this. You just need to give more thought to all the ways of accessing and editing products. However, unusually, I wouldn't recommend releasing it for general use, unless you are prepared to dedicate significant amounts of time to supporting other community members trying to use it.

believe i have found a problem. i have 1.3.8 running with admin profiles / privliges. after installing image handler it over rides the admin profiles mod.

With admin profile i am ment to be able to deny other admins access to areas and hide the unused buttons. This was working correct. After installing image handler all the buttons now show but still when clicked get the no access warning.

This makes the admin section very cluttered and not how i want it.

I am trying to install this mod in ZC 1.3.8.a, but I have the message
your securiy clearance....
I read the install.txt and so I have yet installed news box before
I have tried to do the instructions, but It doesn't go.
Also because in the file dhtml of news box, the part
It compares not $options, but
$za contest
and I don't have foreach...... in the dhtml of news box.

Someone know how I have to do?
I have to install now image handler and O solve the problem modifying that file?

:frusty:

I have solved I didn't yet installed the step 3 of install.txt so now it's ok.
Last thing, if I don't create a menu admin box is it the same thing? Or is it necessary?

I see all from admin>tools>admin settings

Thanks
:D

I could to request new function?

1. copy new permissions to new admin user from already user
2. no admin settings permissions, but can change self password

thanks! :smile:

Another idea, is to do a catch:
You have an init file catch the get string, then analyze it and refuses access if needed.

Quote:

---

Originally Posted by kuroi

I'd never want to discourage people from contributing to the Zen Cart community. Giving back in this way is admirable and I hope that you won't be discouraged. However, I have to disagree with both your statements aboveI don't see this as an improvement. Admin Profiles is very secure. Your extension to it is full of holes. This is most likely why the Zen Cart team have chosen to treat it as a separate mod. I'd recommend starting a separate support thread so that they can be dealt with without confusing support for the main mod.
Unfortunately that only closes one route to access products outside of an admin's allowed categories. They can still access ANY product through other routes (I don't really want to discuss how on a public forum) and get at many products by simply using other Admin facilities.

What you set out to do can be done. Earlier in this thread I listed all the files that needed to be changed to do it securely. But it's a lot of files and and it would mean that the resulting mod would clash with many others. In addition, the number of intrusions into core code would also make this very difficult and expensive to maintain.

I can see from what you did that your technical skills are sufficient to do this. You just need to give more thought to all the ways of accessing and editing products. However, unusually, I wouldn't recommend releasing it for general use, unless you are prepared to dedicate significant amounts of time to supporting other community members trying to use it.

---

Quote:

---

Originally Posted by kitcorsa

believe i have found a problem. i have 1.3.8 running with admin profiles / privliges. after installing image handler it over rides the admin profiles mod.

With admin profile i am ment to be able to deny other admins access to areas and hide the unused buttons. This was working correct. After installing image handler all the buttons now show but still when clicked get the no access warning.

This makes the admin section very cluttered and not how i want it.

---

If when installing other mods you over-write the Admin Profiles files then it will stop working, partially or completely. Though I puzzled as to how you would do that when installing Image Handler as that mostly adds rather than replaces existing files. But I would look carefully at your box files, as these are the ones that would have the efect that you describe.

Quote:

---

Originally Posted by giuly

I have solved I didn't yet installed the step 3 of install.txt so now it's ok.
Last thing, if I don't create a menu admin box is it the same thing? Or is it necessary?

I see all from admin>tools>admin settings

---

If you don't adjust the box files as instructed users will still be restricted from visiting pages to which they are not supposed to have access, but they will see them in the menus as you will not have put in place the code to stop that.

Quote:

---

Originally Posted by yellow1912

Another idea, is to do a catch:
You have an init file catch the get string, then analyze it and refuses access if needed.

---

That can cover some of the restrictions needed, but to restrict access by category completely, it's still often necessary to turn off functions within specific pages, as the URLs available to the init file are often to general to enable them to be used as a filter.