Bulkupload for non sellers - FIXED IN V3.0

Post Reply
bamse
Posts: 220
Joined: Mon Feb 06, 2012 12:05 pm
Contact:

Bulkupload for non sellers - FIXED IN V3.0

Post by bamse » Thu Jun 21, 2012 11:54 pm

Users which are not sellers (i.e. buyers only) can access the bulkUpload page at .../user/bulkUpload/

This could be fixed in the same way as is already done for offer/add or store/create, i.e. by adding

Code: Select all

       
if(!$this->isLoggedUserASeller()){
            $this->alertLoggedUserIsNotASeller();
            return false;
        } 
to the beginning of class/Action/User.php->bulkUpload()

RWAP
Site Admin
Posts: 750
Joined: Fri Jan 08, 2010 2:23 am
Location: Stoke-on-Trent
Contact:

Re: Bulkupload for non sellers

Post by RWAP » Fri Jun 22, 2012 8:59 am

Oops - a nice easy fix - have you notified phpAuction of this?

bamse
Posts: 220
Joined: Mon Feb 06, 2012 12:05 pm
Contact:

Re: Bulkupload for non sellers

Post by bamse » Sat Jun 23, 2012 1:30 pm

yes I informed them and they promised to fix it as suggested. I haven't tried to actually bulkupload as non-seller user, so perhaps it is just a cosmetic change hiding the upload page!?

I am in the process of going through all the pages looking for similar issues. Will report back if I find something.

bamse
Posts: 220
Joined: Mon Feb 06, 2012 12:05 pm
Contact:

Re: Bulkupload for non sellers

Post by bamse » Wed Jul 04, 2012 9:18 pm

As promised, here is the result of undesirable pages for me. I went through all the themes/default files and through all the functions in class/Action/* to see whether there are some pages/url still accessible (by entering the url directly) which I would rather not show.

This is for our particular setting, so not all of the below url might be relevant to you. Specific settings for our site are: no invoices or fees, no feedback, only standard auctions and furthermore I only considered pages that are accessible by buyers only. Sellers and admin is me, so whether a page is accessible or not for those does not matter much. Also I haven't checked any admin url. I believe/hope that those are accessible by admin only. In any case disabling or redirecting these url is more nitpicking than really necessary.

FWIW, this is the list (function and related template):

./Offer.php:function specificFields
./Marketplace.php:function fees ######## /var/www/2.11p/themes/default/storeFees.php
./Store.php:function fees ######## /var/www/2.11p/themes/default/storeFees.php
./UserPayMethod.php:function defaultAction ############# /var/www/2.11p/themes/default/userPayMethodForm.php
./User.php:function leftFeedback ############ /var/www/2.11p/themes/default/userLeftFeedback.php
./User.php:function invoice ########## /var/www/2.11p/themes/default/userInvoices.php
./User.php:function invoiceDetails ########## /var/www/2.11p/themes/default/userInvoiceDetails.php
./User.php:function userFees ############ /var/www/2.11p/themes/default/userDirectFees.php
./User.php:function membershipFee ########### /var/www/2.11p/themes/default/membershipFees.php
./User.php:function defaultAction ########## /var/www/2.11p/themes/default/userList.php
./User.php:function bulkUpload ########### /var/www/2.11p/themes/default/bulkUpload.php
./Offer.php:function draftOffers (redirects to User->dreaftOffers()
./User.php:function soldItems ############ /var/www/2.11p/themes/default/userSoldItems.php
./User.php:function closedOffers ######### /var/www/2.11p/themes/default/userClosedOffers.php
./User.php:function draftOffers ######### /var/www/2.11p/themes/default/userDraftOffers.php
./User.php:function bannedUser ############ /var/www/2.11p/themes/default/userBannedUsers.php
./User.php:function changeWinner ########## /var/www/2.11p/themes/default/userChangeWinner.php
./User.php:function receivedFeedback ########### /var/www/2.11p/themes/default/userReceivedFeedback.php
./Fee.php:function defaultAction ########### /var/www/2.11p/themes/default/feeSummary.php
./BidPack.php:function defaultAction ############# /var/www/2.11p/themes/default/bidPackList.php
./BidPack.php:function buy ############ /var/www/2.11p/themes/default/bidPackBuy.php
./Offer.php:function fees ########## /var/www/2.11p/themes/default/offerFees.ph

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest