[Chris]

I am not asking that anyone on the team create this. I would just like to know if this is something that is possible since the solution would have to retrieve info from your software and you are possible more aware of what databases are capable of doing.

Maybe, this could even be a separate add-on. One that creates a database from event codes (or whatever information the QR Code references) and make it so that [edit_post] permissions are no longer needed to validate an event. The ticket seller would still have the manual option by accessing their own account, but the QR code scanning option would not compromise security since the add-on closes that gap by working internally.

• This reply was modified 8 years, 11 months ago by Chris. Reason: I thought of a great add-on suggestion

[Chris]

I have been thinking of other solutions to temporarily bypass this issue. Is there a way to automatically export the customer codes, or the pages that have to be validated, to a database that a qr scanner can reference without the need for someone to be logged in? Only those who have the account with the database will be able to validate. This makes it so that information is not compromised even with all event codes in the database being seen by everyone.

[Chris]

Hello Dirk. Unfortunately, the issue has not been resolved yet although Nico is helping me out a lot. I hope that this is something that will soon be added to the function of the plugin as it seems more like a loophole in the software and not something that must be fixed through customization. It may have just been overlooked in development or limited by user roles and permissions. The support is limited so now I’m trying to ask yes or no questions so that I can get some help. If you have any experience with codes or think of possible ways to counter the problem, please ask so that maybe we can all find a solution together.

[Chris]

This reply is private.

[Chris]

This reply is private.

[Chris]

Hi Paul. It sounds like you are having a problem that I also ran into. Your users must be in the Editor role and above or have [edit_post] permissions. You must also be signed in to your account in the browser on your phone or the browser in the scanner app so that the validity can be edited in the ticket seller’s account. However, this will leave a vulnerability since the users will be able to access your dashboard and see the event info for other users. I am waiting for support to provide a solution and will check back with you when they do.

Hope this help!

[Chris]

This reply is private.

[Chris]

I have attempted to use plugins which disable the dashboard for non-admin users, however, the validation does not work for editors even when the [edit_post] permission is active.

[Chris]

Yes. The ability to access the back-end (where they can view other users’ events) due to Editor role permissions having to be enabled is the issue. If we could disable their ability to view the back-end but still be able to validate tickets for their own events, my problem will be solved.

[Chris]

Can someone please reply to this ticket or let me know if you are looking further for a solution?

[Author]

Posts