Hi,
It's both actually.
We did strengthen the default rules to be able to use actions. That's because with actions like MySQL and PHP a user with access to the backend could do virtually anything, including elevate his accesses.
So, the fact that your customer gets an error when trying to run an action is good. It means our security measure works.
However, combined with this we should also remove the actions button altogether so that users don't see something they can't use. We'll be fixing this.
Now, I did say "it's both", and that's because this error comes from the check of the Joomla ACLs on HikaShop. By default, only super administrators have access to custom fields, the HikaShop configuration, the edition of views and massactions.
If you wish to grant access to these to other groups, you want to check the ACL settings of HikaShop in the Joomla configuration page: administrator/index.php?option=com_config&view=component&component=com_hikashop
Then, if necessary, under the access level tab of the HikaShop configuration, you can fine tune access to the different parts of HikaShop in the backend.
HIKASHOP ESSENTIAL 60€The basic version. With the main features for a little shop.
HIKAMARKETAdd-on Create a multivendor platform. Enable many vendors on your website.
HIKASERIALAdd-on Sale e-tickets, vouchers, gift certificates, serial numbers and more!
MARKETPLACEPlugins, modules and other kinds of integrations for HikaShop
