florent33 Posted February 26, 2013 Share Posted February 26, 2013 Hi all, When you activate the multi shops on prestashop, every shop has its own data. For example, customers of a shop x are not visible in a shop y. The same applies to orders, invoices ... Although these data are not directly visible in the store y, I realized a bug that allowed to access and modify. To achieve this, we just have to change the url ... For example to see the command number 1 belonging to the shop x from the BO of the store y just change the url like that: index.php?controller=AdminOrders&id_order=1&vieworder&token= Similarly to access a client with id 1 belonging to the shop x from the BO of the shop y: index.php?controller=AdminCustomers&id_customer=1&viewcustomer&token= Ditto for customer addresses: index.php?controller=AdminAddresses&id_address=1&updateaddress&token= I thought to put this piece of code in the renderForm function of each controllers: (eg for the controller addresses) $idShopAddress = Db::getInstance()->getValue(' SELECT id_shop FROM `'._DB_PREFIX_.'address` a JOIN `'._DB_PREFIX_.'customer` c on c.id_customer = a.id_customer WHERE id_address='.(int)Tools::getValue('id_address') ); if ((int)$idShopAddress != (int)Shop::getContextShopID()) die(); The problem is that it only limits the display ... We can still interact with the data by changing the url again. For example, to delete the customer address with id 1 belonging to the store x from the BO of the shop y just type: index.php?controller=AdminAddresses&id_address=1&deleteaddress&token= I do not think this is a solution to put my piece of code in all functions. I created a bug on prestashop bug tracker hoping it will be taken into consideration: PSCFV-8002 In the meantime, if anyone has a solution, I'm interested Thank you in advance for your help. Link to comment Share on other sites More sharing options...
Trip Posted February 27, 2013 Share Posted February 27, 2013 Question is, can you reproduce it if you only have credentials to view for example store, orders or customer for store y)? If you have superadmin credentials the behaviour is imo not necessaraly a bug. Link to comment Share on other sites More sharing options...
florent33 Posted February 27, 2013 Author Share Posted February 27, 2013 If we only have credentials to view for example addresses, i don't think we can use : index.php?controller=AdminAddresses&id_address=1&deleteaddress&token= The user profile that I created gives all rights to the addresses but they should be limited to the store employee (because it is not a superadmin profile) Link to comment Share on other sites More sharing options...
florent33 Posted February 27, 2013 Author Share Posted February 27, 2013 Always about sharing data, but without changing the url ... All product returns, delivery notes and assets are visible in all shops. It would be interesting that shops have access to their own data as is done for example for invoices. In the SAV, only emails sent to addresses in the "Customers> Contacts" should appear in the store. An employee should not be able to create rules for other shops but only for his own. And finally, when we create a shop, you have the possibility to copy the carriers ... By doing this, carriers are copied but the associations between products and carriers are not kept. Link to comment Share on other sites More sharing options...
florent33 Posted March 27, 2013 Author Share Posted March 27, 2013 If you are interested in the subject, thank you for voting for the issue : http://forge.prestashop.com/browse/PSCFV-8022 Link to comment Share on other sites More sharing options...
benjamin utterback Posted March 27, 2013 Share Posted March 27, 2013 Hi Florent, thank you for reporting it on the forge and putting the link in the related thread. That is the way it should be and ensures the highest chance of a speedy fix. Link to comment Share on other sites More sharing options...
florent33 Posted April 9, 2013 Author Share Posted April 9, 2013 up Link to comment Share on other sites More sharing options...
florent33 Posted May 21, 2013 Author Share Posted May 21, 2013 It will make 3 months since I reported the bug in the bug tracker and no news from the prestashop team ... Link to comment Share on other sites More sharing options...
florent33 Posted June 5, 2013 Author Share Posted June 5, 2013 up Link to comment Share on other sites More sharing options...
florent33 Posted April 8, 2015 Author Share Posted April 8, 2015 There is some news about the issue : http://forge.prestashop.com/browse/PSCSX-2077 Link to comment Share on other sites More sharing options...
marco78 Posted April 9, 2015 Share Posted April 9, 2015 searching about multi store or multi shop have found really poor infos, first of all: when someone need to activate multishop should there be 1 main folder (for the first shop) and i subfolder (for the second shop) both in the same domain/hosting, OR 2 different domain (ex. first-shop.com and second-shop.fr) first question is: right to have a prestashop installation for the first main shop, but is it mandatory to have a whole (blank) second prestashop installation for the second store? a second question will be: both shops/stores had to share the same mysql db? tryed to assign my first (main) mysql db to the second shop editing the config>setting.inc.php file, unfortunately my second shop dont't work (...should there be a way to share products and categories between the shops) repeated the multistore procedure, now without a blank installation for the second shop domain, i'm getting a blank page are there other procedures? like setting up the .htaccess or smthing else? Link to comment Share on other sites More sharing options...
marco78 Posted April 10, 2015 Share Posted April 10, 2015 are there explanations about hierarchical relationship between mysql db's shops? any ideas about how the first shop can control the second? Link to comment Share on other sites More sharing options...
marco78 Posted April 10, 2015 Share Posted April 10, 2015 searching about multi store or multi shop have found really poor infos, first of all: when someone need to activate multishop should there be 1 main folder (for the first shop) and i subfolder (for the second shop) both in the same domain/hosting, OR 2 different domain (ex. first-shop.com and second-shop.fr) first question is: right to have a prestashop installation for the first main shop, but is it mandatory to have a whole (blank) second prestashop installation for the second store? a second question will be: both shops/stores had to share the same mysql db? tryed to assign my first (main) mysql db to the second shop editing the config>setting.inc.php file, unfortunately my second shop dont't work (...should there be a way to share products and categories between the shops) repeated the multistore procedure, now without a blank installation for the second shop domain, i'm getting a blank page are there other procedures? like setting up the .htaccess or smthing else? multishop domains do needs to be in the same hoster or should be in different host companies? i'm trying to merge 2 shops in one by assign the main store db connection parameters to the child, obtaining errors: SQLSTATE[42000] [1044] Access denied for user any ideas? thanx in advance. Link to comment Share on other sites More sharing options...
Recommended Posts