You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Anyone can access that URL even if they are not logged on. I copied that URL as an admin (in Chrome). Then open a different browser window (in Safari) without logging in to frontend/backend.
I tried to configured this extension in the backend with the following permissions but nothing seem to work.
I'm trying to use this extension to restrict access to the Print Invoice feature from this extension http://vinsol.com/spreecommerce-html-invoices
Right now, there is no restriction access on the Print Invoice which if of the format:
http://localhost:3000/admin/invoice/R120687455/invoice
The controller/action for the above is:
https://github.com/vinsol-spree-contrib/spree-html-invoice/blob/master/app/controllers/spree/admin/invoice_controller.rb
Anyone can access that URL even if they are not logged on. I copied that URL as an admin (in Chrome). Then open a different browser window (in Safari) without logging in to frontend/backend.
I tried to configured this extension in the backend with the following permissions but nothing seem to work.
can-admin-spree/invoice
can-admin-spree/admin/invoice
can-manage-spree/invoice
can-manage-spree/admin/invoice
can-show-spree/invoice
can-show-spree/admin/invoice
The text was updated successfully, but these errors were encountered: