HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Somewhat of a serious security issue when setting up a store

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#103379 (In Topic #20236)
Avatar

Fan in training

Can't give users access to galleries with out giving access to store products

After having spent several hours trying to make this work, I've come to seek some advice. 

What I did was I setup ocPortal as a simple store and listed my products for sale.

What I want/need to do is allow members of the site to post their Youtube videos of them using my products (Multirotors).

But for the life me, I can't figure out how to let members post videos, without giving them access to the Content Management control panel and with that, access to my products that are for sale (REALLY BAD) and so on. I must be doing something wrong, because it seems really strange for a user posting a Youtube video to go directly into the Content Management Admin Panel. Users could change prices, buy something and change prices back.

When I deny access to Content Management, the users can no longer post videos, despite me giving them access in the permissions tree. Somethings not right, and I can only think that the post video link isn't going to the correct page or something. 

Any ideas on how to fix this?

Back to the top
 
Posted
Rating:
#103382
Avatar

Community saint

I think you just need to adjust the permissions for the Product catalogue to ensure regular members have Read-only permissions for the catalogue and then it should not show up in the Content Management zone for those members. You can find those permissions by going to Admin Zone->Content->Catalogues, click on the 'Edit catalogue' option, select the Products catalogue (if that's the catalogue you're using for the store items), click Proceed, scroll down to the Permissions section and click it to expand it down, and set the permissions to Read-only for the members that shouldn't have any kind of edit access permissions.

The permission settings in ocPortal are very flexible, but that also makes things a bit more complex. Definitely check the Admin Zone->Security menu to go through and double check the Global Privileges and Permissions Tree Editor and the permissions for all of the catalogues.  
Back to the top
 
Posted
Rating:
#103383
Avatar

Fan in training

Catalogs eh? Thanks I'm off to dig into that.
Back to the top
 
Posted
Rating:
#103384
Avatar

Fan in training

Yea, I think that did it. Thanks!

I still have to go through all the other items on the menu, disabling them all one by one, if I can find them that is.

I still think it's kinda bizarre that to upload a video, users basically end up in the Admin section, with it's different theme and everything. It really takes them "out" of the site. waaa

 
Back to the top
 
There are too many online users to list.
Control functions:

Quick reply   Contract

Your name:
Your message: