Hello. Please think on the following situation:
1. A seller creates a different account to buy a product.
2. With this different account he/she purchases a product of his own store.
3. The payment of the order is set in: Payment pending approval.
4. The same seller (who was the same that made the order) approves the payment.
5. The system increases the balance of the seller.
In this way, the same seller can purchase a product of himself and approve the payment and increase his own balance. That is clearly a vulnerability. How can I configure the sellers NOT to be able to update the payment status but be able to update the shipping,...?
I am using the version 2.0beta. Thank you!!!