Hello,
I am currently testing Doliwoo (a great stuff) and have just lost
many times to finally discover that my problem was that the
webservice user did not have permission to read thirdparties (a good
thing i think).
But... the webservice can create thirdparties or orders without
having permissions !!!
I checked the code server_thirdparty.php and effectively, permission
checking exists on fetching or deleting thirdparty but not on
creating or updating...
Before i make a pull request or create an issue i would like to be
sure if the "normal" behaviour would be to always check user
permissions (i think so) or not, or if there is a reason for this
lack of permission check in some cases ?
Best regards
_______________________________________________