Soft Solid Statuses - Independent permissions to methods RESTAPI - ss_permission_api

Nulled Cs-cart Soft Solid Statuses - Independent permissions to methods RESTAPI - ss_permission_api v1.1.1.3

  • Note
    Starting May 2025, free add-ons will only be available to those who have purchased the Alexbranding add-on package, Or purchased more than 5 add-ons (+50$) from other developers, or uploaded at least 2 paid add-ons that are not published on the forum.

    You can Get Full access & download all Cs-cart addons & Themes With Premium Upgrades HERE
Overview History Discussion (0)
Compatible With
  1. Store Builder
  2. Multi Vendor
Min Original Price ($)
175
Soft Solid Statuses - Independent Permissions to Methods RESTAPI - ss_permission_api


This extension for CS-Cart and Multi-Vendor provides enhanced control over RESTAPI access. It allows store administrators to set detailed access rules for RESTAPI, regulating access not just by user group, but also by administrator, specific API object (e.g., Products, Orders), and API method (e.g., GET, PUT). This helps improve store security by giving more granular control over who can access and modify specific parts of the API.


Steps for Use:


  1. Install the Extension:Begin by installing the ss_permission_api add-on in your CS-Cart or Multi-Vendor store.
  2. Managing RESTAPI Rules:After installation, the RESTAPI rule management can be accessed from the Customers tab in the Admin panel.
  3. Adding New Rules:
    • Click the + button in the upper right corner to add new rules.
    • Each rule controls access to specific parts of the RESTAPI, and multiple rules can be added for different administrators or API objects.
  4. Defining Rule Parameters:When adding a rule, define the following parameters:
    • Name: A descriptive name for the rule (informational purpose).
    • Administrator: Select which administrator the rule applies to.
    • Method:Choose the HTTP method to control access to:
      • GET for reading data,
      • POST for modifying data,
      • PUT for adding new data (e.g., new products, orders),
      • DELETE for deleting data.
    • Entity: Select the specific API object to which the rule applies, such as Products or Orders.
    • Access Status: Define whether the rule should block or allow access to the specified API object for the selected method.
  5. Overriding Default RESTAPI Rules:This add-on overrides the standard RESTAPI rules configured in user group settings. By default, administrators may not have access to certain objects, such as Products, but they may have full access to others, like Orders. This extension allows you to specify precise rules for each administrator, even overriding user group defaults.
  6. Example Scenarios:
    • If an administrator (e.g., [email protected]) is assigned a rule blocking access to the Orders object, they will receive an error when trying to download orders, while still being able to access other data, such as Products, if allowed by the rules.
    • The add-on ensures that administrators can only access the specific API methods (GET, PUT, DELETE, etc.) for the objects they have permissions for, adding an additional layer of security to the API.

Benefits:


  • Granular Control: Administrators can set rules for specific API methods, ensuring more security and precise permissions.
  • Overrides Default Settings: The add-on enhances the store's security by allowing overrides to default API access rules set by user groups.
  • Improved Security: You can block or grant API access for specific administrators, objects, and methods, preventing unauthorized access to sensitive data.

This add-on is a powerful tool to tighten your store's API security by allowing fine-tuned control over who can access and modify specific parts of the store's data via the RESTAPI.



Extension to CS-Cart and Multi-Vendor allows creating access rules to store RESTAPI. In standard, access to RESTAPI is regulated separately for each user group. Added rules allow to block (or give) access only to selected administrator, only for chosen API object (ex. Products, Orders) only with selected API method (ex. GET, PUT).

We start from installing an extension:

1718468297983.png


Managing RESTAPI rules menu is in tab Customers:
1718468301887.png


List contains all information about defined rules. New rules can be added with + button in upper right corner:

1718468305976.png


When adding rules, we have to define those parameters:

- Name: makes rule different from others, serves only informational purpose.

1718468310231.png


- Administrator: which administrator is affected by the rule.

1718468314265.png


- Method: GET means reading data, POST modifying it, PUT adding new data (ex. orders or products), and DELETE deleting data.

1718468317591.png


- Entity: Object, for which rule applies. Full list of objects and their specification is available here.

1718468320966.png


- Access status: should the rule block access to part of the RESTAPI, or give it.

1718468324924.png


Add-on overrides standard RESTAPI rules, which are defined in usergroup settings. Here, administrators by default cannot access products and have full access to orders.

1718468328387.png


Because we created rule that blocks Orders object for administrator [email protected], trying to download orders gives him a notification:

1718468332243.png


Administrator can download information about products, even though they are blocked in user group - because we created record that gives administrator access to Products object.

1718468335568.png


Add-on amplifies store security, letting you set precise RESTAPI access range for each administrator.
Author
admin
Type
Digital product
License duration
Unlimited
Price
25.00 USD
Views
20
Extention type
zip
File size
52.6 KB
Hash
d3c6d80e20c36cae808f954e8533d0c3
First release
Last update

Ratings

0.00 star(s) 0 ratings
Join the discussion (0) More information

More resources from admin

Share this resource

Top Bottom