Shop module

Next topic

Author	Message
Lars Eirik R	Wednesday 17 March 2010 6:06:13 am Hi we are working with a client and have set upt the webshop functionality locally. I have some important questions which i would like you to answer. One of the main problems we are facing is the fact that i may easily view other users orders.. If i am not logged in(anonymous) , i may still view all orders placed in the system by going to the url /shop/orderview/<number> This has to be incorrect ? Are there any smart solutions i should apply or is this related to accesscontrol? Any help is greatly appreciated.
Jean-Luc Nguyen	Wednesday 17 March 2010 7:27:53 am Hello, Does you anonymous user have specific role ? http://www.acidre.com
Lars Eirik R	Wednesday 17 March 2010 9:50:52 am hm.. i guess assigning shop -> all functions is not the best for the shop module.. Will take a look at this later. Thanks for getting back to me.
Lars Eirik R	Wednesday 17 March 2010 10:20:17 am Hm. Only assigning the function buy does not help. I have to add i have only tested this with accessing different orderview/<number> from the same computer. But it seems strange that i can access another users orders. Also.. i am not caching the website, all cache for templates and content is off. Any ideas?
Lars Eirik R	Thursday 18 March 2010 12:08:30 pm ignore this, as it seems the user was logged in..