Problem with Jr. Admin security permissions in upgraded AbleCommerce 7 sites

by Joe Payne 28. January 2014 11:33

As of Gold R6…

After upgrading an AbleCommerce 7.x website to AbleCommerce Gold, you’ll find the Junior Admin permissions do not work as expected.

In the Old Able 7.x, the role name was “Jr. Admin”.   However in Able Gold, the role name was changed to “Junior Admin”.  This value is hard-coded in various web.config files as well as the /app_data/adminmenu.xml file.

If you upgrade Able 7.x to AbleCommerce Gold, the value does not get updated.  As a result, the new Able Gold install cannot accurately identify a user as an admin user if they are a member of only the Junior Admins group assigned to the Junior Admin role.

The fix is simple.   Open the ac_Roles table in the database and replace the “Jr. Admin” value with “Junior Admin”.   Do the same for the lower case value as well.

Tags: , ,

AbleCommerce Gold | AC7 Articles | Tech Support

Add Order Number search to all Admin pages

by Joe Payne 22. July 2008 00:44

This is a quick and dirty one, but oh will it make your day. I don't know about you, but I find myself jumping from order to order and it's always by order number. Well, there really isn't a way to get straight from one order to another by order number. You have to always go back to the main Dashboard and enter the order number there.

So I modified the Admin header navigation control to include an order number field. That way every single page on the Admin side has a box where you can type in any order number and jump straight to the order details page.

Code Changes

Normally I just post the changes to a file. In this case, the file is small so I'm going to post the entire file. That, and I have a dental appointment in 45 minutes :)

Edit the ~/Admin/UserControls/HeaderNavigation.ascx file and replace the entire contents with this code:

<%@ Control Language="C#" ClassName="HeaderNavigation" EnableViewState="false" %>
<script runat="server">
    protected void Page_Load(object sender, System.EventArgs e)
        if (Token.Instance.User == null || Token.Instance.User.IsAdmin == false)
            AdminNavigationHeaderPanel.Visible = false;
            OrdersLink.Visible = (Token.Instance.User.IsInRole(Role.OrderAdminRoles));
            CatalogLink.Visible = (Token.Instance.User.IsInRole(Role.CatalogAdminRoles));
            OrderId.Visible = (Token.Instance.User.IsInRole(Role.OrderAdminRoles));
            ViewOrderButton.Visible = (Token.Instance.User.IsInRole(Role.OrderAdminRoles));

    protected void ViewOrderButton_Click(object sender, EventArgs e)
        int tempOrderId = AlwaysConvert.ToInt(OrderId.Text);
        Order order = OrderDataSource.Load(tempOrderId);
        if (order != null)
            Response.Redirect("~/Admin/Orders/ViewOrder.aspx?OrderId=" + tempOrderId.ToString());
            CustomValidator invalidOrderId = new CustomValidator();
            invalidOrderId.ControlToValidate = "OrderId";
            invalidOrderId.ErrorMessage = "*";
            invalidOrderId.Text = "Order number is not valid";
            invalidOrderId.IsValid = false;

<asp:Panel ID="AdminNavigationHeaderPanel" runat="server" >
       <asp:HyperLink ID="DashboardLink" runat="server" NavigateUrl="~/Admin/Default.aspx" CssClass="dashboard" Text="Dashboard"></asp:HyperLink>
       <asp:HyperLink ID="OrdersLink" runat="server" NavigateUrl="~/Admin/Orders/Default.aspx" CssClass="orders" text="Orders"></asp:HyperLink>
       <asp:HyperLink ID="CatalogLink" runat="server" NavigateUrl="~/Admin/Catalog/Browse.aspx" CssClass="catalog" Text="Catalog"></asp:HyperLink>
       <asp:HyperLink ID="StoreLink" runat="server" NavigateUrl="~/Default.aspx" CssClass="stores" Text="Store"></asp:HyperLink>
       <asp:HyperLink ID="LogoutLink" runat="server" NavigateUrl="~/Logout.aspx" CssClass="logout" Text="Logout"></asp:HyperLink>
       <td class="header" align="left" valign="bottom"><asp:Localize ID="ViewOrderNumberCaption" runat="server" Text="View Order:"></asp:Localize><br />
       <asp:TextBox ID="OrderId" runat="server" Width="40px" ValidationGroup="OrderSummary"></asp:TextBox>
        <asp:Button ID="ViewOrderButton" runat="server" ValidationGroup="OrderSummary" OnClick="ViewOrderButton_Click" Text="Go" />

Save it.


You might notice the text color isn't right. Well, I hate CSS styles and CSS styles hate me. It's mutual and I'm ok with that. If you know how to make two stupid little words show the proper style color from the style sheet, please post it here. Others will be grateful and the score will become CSS 220, Joe 0 :wink:

Tags: , , ,

AC7 Articles

Add your own Admin menu options

by Joe Payne 27. January 2008 00:00

This one is pretty simple if you already know .Net programming, but not everyone does.

I have a few URL's I like to keep close-at-hand, like my distributors. But I'm not always on my home computer so using My Favorites only works to a point. You can add your own menu options the Admin menu with just a few simple steps. And you don't even have to be a .Net programmer.

In this example, we're going to add a few search engine URLs to the Admin Help menu in AC7.

Always make a backup
First, make a backup copy of the ~/Admin/Menu.Sitemap file just in case something bad happens. Bad things never happen right? Uh huh. Just keep telling yourself that.

Using the right editor
Open the menu.sitemap file located in the ~/Admin/ folder of your site using Notepad. I suggest Notepad specifically because there's no risk of it saving the file in a different format than a text file. That's important - .Net will complain (loudly) if the file format isn't what it expects.

The file will look quite "busy", but it has a very clear pattern once you study it for a short while.

Sitemap file layout
Scroll the menu.sitemap file all the way to the bottom. That's where the Admin Help menu options are located. By now, you may have noticed that the menu entries seem to be stored top-to-bottom in the file exactly how they are listed left-to-right on the Admin screen. The order of the items listed in this file is how .Net determines their display position within the menu.

Adding our menu options
Find this menu option line near the end of the file:

<siteMapNode title="Online Support" url="" roles="*" />

And copy/paste the entire line below the original line so you have two lines that look like this:

      <siteMapNode title="Online Support" url="" roles="*" />
      <siteMapNode title="Online Support" url="" roles="*" />

Why the Roles
In .Net-speak, this is known as an "External" link, and is considered un-secured in the Microsoft world. You must have the "roles='*'" on the end or .Net will automatically protect your site by ignoring any menu option pointing to an external link. Those wacky Redmond folks at it again, saving our world from insecure web installations.

Setting the Title and URL
By now, your keen powers of observation have led you to conclude that the copied line will be your new menu option. You beat me too it. Simply change the URL to whatever you want. In our case, we're going to set it to "". While you're at it, go ahead and change the title value to "Google" so the option isn't confused with the real Help option.

Save the file and refresh your Admin page. Your new menu option awaits your gracious first click!

Adding new menu options to the Admin screen is really quite easy. Once you get the hang of how the file has to be laid out, alot of new choices present themselves. Remember that any future AC7 updates might overwrite this file, so be sure to back up revised AC7 files into a separate folder. That way you always have a copy to reference for changes after an update is installed.

Tags: , ,

AC7 Articles

Month List