Access denied

[musicmaster]

When in the backoffice menu I access the option "Invoices" (the second option in the orders menu) I get an "access denied" error screen.

After some research I found that the error came from Eolia's GDPR compliancy module (v2.0.6). The funny thing is this module was installed but not enabled. There was an override connected to this module (classes/Module.php) but deleting this made no difference. Only uninstalling this module allowed me to access this functionality.

Why is a not enabled module having such an effect?

 

[Pierrox15]

Hello,

I think disable a module don't clear the  cache/class_index.php file.

can you try to disable the module,  remove the cache/class_index.php and try to access to Invoice?

 

 

[musicmaster]

14 minutes ago, Pierrox15 said:

Hello,

I think disable a module don't clear the  cache/class_index.php file.

can you try to disable the module,  remove the cache/class_index.php and try to access to Invoice?

That makes no difference.

[datakick]

16 minutes ago, musicmaster said:

Why is a not enabled module having such an effect?

That is a good question. I have encountered this behaviour a few times already. 

- there used to be an exception for hookBackOfficeHeader -- this hook was intentionally called for every module, even disabled one. This was fixed in 1.0.8. I never really understood why this was enabled in the first place -- my suspicion is that ps guys implemented this 'feature' for their onboarding/tracking module

- even if the module is disabled, it is sometimes instantiated. This means that module __construct method is called by php runtime (and also the module file is loaded, which provides another opportunity for code execution). If module constructor contains some side-effect code, anything can happen. There are multiple reasons why (even disabled) modules are instantiated. Some of them can be fixed, like this one. 

- overrides -- when you disable module, all its overrides stay put, and continue to be executed. It's up to module developer to check whether the module is enabled/installed or not. This is obviously a bug.