Shop module

«

Previous topic

|

|

Next topic

»

Author	Message
Lars Eirik R	Wednesday 17 March 2010 6:06:13 am Hi we are working with a client and have set upt the webshop functionality locally. I have some important questions which i would like you to answer. One of the main problems we are facing is the fact that i may easily view other users orders.. If i am not logged in(anonymous) , i may still view all orders placed in the system by going to the url /shop/orderview/<number> This has to be incorrect ? Are there any smart solutions i should apply or is this related to accesscontrol? Any help is greatly appreciated.
Jean-Luc Nguyen	Wednesday 17 March 2010 7:27:53 am Hello, Does you anonymous user have specific role ? http://www.acidre.com
Lars Eirik R	Wednesday 17 March 2010 9:50:52 am hm.. i guess assigning shop -> all functions is not the best for the shop module.. Will take a look at this later. Thanks for getting back to me.
Lars Eirik R	Wednesday 17 March 2010 10:20:17 am Hm. Only assigning the function buy does not help. I have to add i have only tested this with accessing different orderview/<number> from the same computer. But it seems strange that i can access another users orders. Also.. i am not caching the website, all cache for templates and content is off. Any ideas?
Lars Eirik R	Thursday 18 March 2010 12:08:30 pm ignore this, as it seems the user was logged in..

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.

eZ debug

Timing:	Jan 29 2025 23:45:31
Script start
Timing:	Jan 29 2025 23:45:31
Module start 'layout'
Timing:	Jan 29 2025 23:45:31
Module start 'content'
Timing:	Jan 29 2025 23:45:31
Module end 'content'
Timing:	Jan 29 2025 23:45:31
Script end

Main resources:

Total runtime	0.0139 sec
Peak memory usage	2,048.0000 KB
Database Queries	3

Timing points:

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0043	588.0078	151.1953
Module start 'layout'	0.0043	0.0025	739.2031	36.6094
Module start 'content'	0.0068	0.0056	775.8125	94.0078
Module end 'content'	0.0123	0.0016	869.8203	33.9922
Script end	0.0139		903.8125

Time accumulators:

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0023	16.4627	14	0.0002
Check MTime	0.0010	7.0391	14	0.0001
Mysql Total
Database connection	0.0006	4.5178	1	0.0006
Mysqli_queries	0.0020	14.1311	3	0.0007
Looping result	0.0000	0.0718	1	0.0000
Template Total	0.0013	9.1	1	0.0013
Template load	0.0009	6.4305	1	0.0009
Template processing	0.0004	2.5879	1	0.0004
Override
Cache load	0.0006	4.4870	1	0.0006
General
dbfile	0.0010	6.8134	8	0.0001
String conversion	0.0000	0.0496	4	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

Usage	Requested template	Template	Template loaded	Edit	Override
1	print_pagelayout.tpl	<No override>	extension/community/design/community/templates/print_pagelayout.tpl
Number of times templates used: 1 Number of unique templates used: 1

Time used to render debug report: 0.0001 secs