eCommerce Software

Shopping Cart Software and Complete E-Commerce Solutions

Languages English
CALL: 302.724.4517
divider

Multiple Administrator Permission Levels

1. Introduction

The ampleShop™ Administrator Permission Levels establishes hierarchical access to the administrator console. This way, the Top Level Administrator can create Custom Administrator Roles and assign dynamic access privileges to each of them.

While developing this features we used the infrastructure that was already available in the database model and application code, created at the very early stages of ampleShop development in order to reserve the table and column and variable names for this purpose.

Each section of the website has a fixed ID number assigned to it. The Top Level administrator has access to the Manage Permission Levels form. This form allows the creation of the Custom Administrator Roles.  Permissions are created by simply checking or unchecking the site IDs beside each Role.

When a new administrator is created, the Administrator_RecordEdit.cfm form displays a drop down select box.  The new administrator's level is selected from the drop-down and access is dynamically established.

When the user is logged in, the  SESSION.Administrator.PermissionLevel variable is created and populated with a delimited list of section ID's. Each restricted page in the administrator area includes permissions check based on the section ID.   For example, section 11 would include the following:
<cfinvoke method="CheckPermission" ThisSector="11">

If the section ID is not found in the SESSION.Administrator.PermissionLevel, access to the page is denied and a warning message is displayed.

The following a list of the sectors and their corresponding sector ID's

  1. Products
    1. Manage Products
    2. Related Product Groups
    3. Kits
    4. Product Types
    5. Attributes
    6. Media -General
    7. User Comments
    8. Sizes
    9. Colors
    10. Measurement Units
    11. Inventory Management
    12. Batch Operations

 

  1. Financial
    1. Orders
    2. Transactions
    3. Taxes
    4. Discounts
    5. Payment Getaways
    6. Credit Cards
    7. Manage Promotions
    8. Promotion Types
    9. Gift Certificate operations
    10. Gift Certificates
  2. Shipping / Packaging / Distribution
    1. Shipping Regions
    2. Shipping Methods
    3. Packaging Methods
    4. Warehouses
    5. Suppliers
    6. Countries
  3. Users
    1. Manage administrators
    2. Manage customers
    3. Manage Permission Levels
  4. Reports
    1. Sales
    2. Inventory
    3. Articles
    4. Website
    5. Customers
    6. Administrators
  5. Email & Newsletter
    1. Email Accounts
    2. Email Client
    3. Manage Newsletters
    4. Generate Newsletters
  6. StoreFront
    1. Featured Items
    2. Custom Pages
    3. Site Status
    4. File Manager
    5. Database Operations
    6. Full Text Search
    7. Store Settings
    8. Verity Full Text Search
  7. Categories
    1. Manage categories

 

The following files will be affected with this change:

File name Description
Components/private/.cfmSet https://www.sandbox.paypal.com/cgi-bin/webscr as a test URL.

Database changes
Added column StsAdminActivity.Activity text null

Altered column StsAdminActivity.PageName from varchar to text null

Bug Update 5
2/23/2006 PayFlowPro bug
Notes: If the Credit Card expire month is less then two digits long PayFlow rpo throws an error.
FIX: Instead of modifying the code drop down select for month expire added conditional statement that checks for the length of the arguments.CreditExpM. If less then 2 it adds a zero to it.
The affected file is components/private/PayFlowPro.cfm line 97-103

Improvement 3
2/23/2006 Minor database changes  
Notes:

  1. Table ProductMatrix: InStock, OutStock, ReorderLevel were changed to int from smallint.