fbpx
  Friday, 15 May 2020
  6 Replies
  3.9K Visits
  Subscribe
Hello. Please think on the following situation:
1. A seller creates a different account to buy a product.
2. With this different account he/she purchases a product of his own store.
3. The payment of the order is set in: Payment pending approval.
4. The same seller (who was the same that made the order) approves the payment.
5. The system increases the balance of the seller.

In this way, the same seller can purchase a product of himself and approve the payment and increase his own balance. That is clearly a vulnerability. How can I configure the sellers NOT to be able to update the payment status but be able to update the shipping,...?

I am using the version 2.0beta. Thank you!!!
Thank you. I will be waiting for it Emoticon Smile
4 years ago
·
#4450
Hello Adesh,

This issue is already added to the pipeline, but it will take time. We are trying to fix this as soon as we can. I will update this post when fix is done. I hope you understand.

Thank you
Hello Vijaya. Maybe any news or any way I could do to modify code and fix the issue. Thank you very much Emoticon Smile
4 years ago
·
#4436
Hello Adesh,

Thank you for reporting. We are working on this issue.

Thanks
Hello. I tested it. Do you mean the configuration of the attached image? If so, the Allowed User Group is erased after saving it. Please check it out.
4 years ago
·
#4422
Hello Adesh,

There's an option in the order statuses to select the allowed user groups/categories. SuperUser has access to update all status by default. You can select the staff in the dropdown for the payment order statuses.

I hope this helps.

Thank You
  • Page :
  • 1
There are no replies made for this post yet.
Be one of the first to reply to this post!
  • +1 (408) 821-8283
  • Email hello@sellacious.com