Another idea, is to do a catch:
You have an init file catch the get string, then analyze it and refuses access if needed.



Quote Originally Posted by kuroi View Post
I'd never want to discourage people from contributing to the Zen Cart community. Giving back in this way is admirable and I hope that you won't be discouraged. However, I have to disagree with both your statements aboveI don't see this as an improvement. Admin Profiles is very secure. Your extension to it is full of holes. This is most likely why the Zen Cart team have chosen to treat it as a separate mod. I'd recommend starting a separate support thread so that they can be dealt with without confusing support for the main mod.
Unfortunately that only closes one route to access products outside of an admin's allowed categories. They can still access ANY product through other routes (I don't really want to discuss how on a public forum) and get at many products by simply using other Admin facilities.

What you set out to do can be done. Earlier in this thread I listed all the files that needed to be changed to do it securely. But it's a lot of files and and it would mean that the resulting mod would clash with many others. In addition, the number of intrusions into core code would also make this very difficult and expensive to maintain.

I can see from what you did that your technical skills are sufficient to do this. You just need to give more thought to all the ways of accessing and editing products. However, unusually, I wouldn't recommend releasing it for general use, unless you are prepared to dedicate significant amounts of time to supporting other community members trying to use it.