We will now check how our user groups and permissions work. We have created a user group named storemanager, given permissions to manage products and orders to this user group, and finally added a user to this user group. Now, to see the effect, we need to log in as that user, and see whether we can add products and manage orders. Before testing, we need to publish the mod_virtuemart module, because a link to administration section is visible in this module when the user has the necessary permissions.
Lets try it first! Go to the shop frontend and log in using that username and password. After logging in, search for the Admin link in the VirtueMart module. Is it there? No, you can't see that now:
For getting the Admin link in the VirtueMart Module, and also to get some
administrative permission, we have to apply a little hack. We need to edit two files. First, open the file ../components/com_virtuemart/virtuemart.php. At line #96,
you get the following code block: if ( vmIsAdminMode()
&& $perm->check("admin,storeadmin") && ((!stristr($my->usertype, "admin") ^
PSHOP_ALLOW_FRONTENDADMIN_FOR_NOBACKENDERS == '' ) || stristr($my->usertype, "admin")
)
&& !stristr($page, "shop.") ) {
As you will notice, in the second line of the code above, two user groups are mentioned. If we want to give other groups access to the administration panel, we must add that group's name here. So, we change the above code block as follows:
if ( vmIsAdminMode()
&& $perm->check("admin,storeadmin,storemanager") && ((!stristr($my->usertype, "admin") ^
PSHOP_ALLOW_FRONTENDADMIN_FOR_NOBACKENDERS == '' ) || stristr($my->usertype, "admin")
|| stristr($my->usertype, "storemanager") )
&& !stristr($page, "shop.") ) {
The changed lines are highlighted in above code block. We have added the
storemanager group in second line, and also added another line after || stristr($my->usertype,"admin"). With these changes, the user will get the
assigned permissions and have access to the administration panel. However, you still will not see the Admin link on the VirtueMart Module. For getting that, open
../modules/mod_virtuemart/mod_virtuemart.php file. In line # 139, you will see
the following code block: <?php
}
$perm = new ps_perm;
// Show the Frontend ADMINISTRATION Link if ($perm->check("admin,storeadmin")
&& ((!stristr($my->usertype, "admin") ^
PSHOP_ALLOW_FRONTENDADMIN_FOR_NOBACKENDERS == '' ) || stristr($my->usertype, "admin")
)
&& $show_adminlink == 'yes' ) { ?>
In plain language, the above code block says that if the users are of type admin
or storeadmin, then show the admin link. Therefore, to show the admin link to
other groups, we need to add that group's name here. Change the above code block as follows:
<?php }
$perm = new ps_perm;
// Show the Frontend ADMINISTRATION Link
&& ((!stristr($my->usertype, "admin") ^
PSHOP_ALLOW_FRONTENDADMIN_FOR_NOBACKENDERS == '' ) || stristr($my->usertype, "admin")
|| stristr($my->usertype, "storemanager") )
&& $show_adminlink == 'yes' ) { ?>
The changed lines are highlighted above. Like the previous code block, we have added the storemanager group to the list.
Warning:
While listing the group names, do not use spaces. Using spaces will
not show the Admin link. For example, admin,storeadmin, storemanager will work fine, but admin, storeadmin, storemanager will not work. Be careful when applying this hack.
Now, log in again with the same username and password and see what happens. Wow! We got our Admin link on the VirtueMart module:
To access the VirtueMart administration panel, and manage products and orders, click on the Admin link. You will get the VirtueMart Administration panel (in Standard Layout):
As you can see, there is a Back button for going back to frontend. You also get the list of modules in the left sidebar. Clicking on one module will bring out the available functions. I hope you remember that we have assigned permissions to the storemanager group to manage products and orders only. They can add new products, but cannot delete any product. Click on the Products module, and then on List Products. This shows the list of products available in the catalog. Try deleting a product by clicking on the trash icon in the Remove column. You get a message like the following:
Also, try managing the orders. Click on the Orders module and then on List Orders. You will see the list of orders placed so far. Try deleting an order from the list by clicking on the trash icon in the Remove column. As we have not given permission to the storemanager group to delete an order, you will get the following message:
Try to do something else for which the group has no permission, and you will get messages like these. From this, we understand that the permissions we have given to users are in effect. This is one wonderful way for giving access to a frontend user to manage the shop's specific tasks.
What other changes were made? Yes, we created a module named
payment and added four functions to that module: paymentMethodAdd,
payMentMethodUpdate, paymentMethodDelete, and paymentMethodList. The storemanager group can use all of the methods except the paymentMethodDelete. Lets try that.
But where is the payment module in left sidebar? All other modules are there, only our newly created payment module is missing. Then how do you try to add, update, and list the payment methods. During creation of the payment module, we indicated that this module should be displayed in the administration panel. However, it is not showing there. To showthe module, and other links to that module, we need to edit a file. We will be looking at this issue later, in Chapter 9, Extending
VirtueMart's Functionalities.
If you click on the Store module, you get two payment method related links: List Payment Methods, and Add Payment Method. As the group storemanager has permission to do both, you may try and see what happens. Surely, you will be able to add a payment method, edit a payment method, and to see the list of payment methods. However, you will not be able to delete a payment method, as you have no permission to do so.