Closed (duplicate)
Project:
Commerce Core
Version:
7.x-1.x-dev
Component:
Product
Priority:
Normal
Category:
Feature request
Assigned:
Unassigned
Reporter:
Created:
19 May 2011 at 02:20 UTC
Updated:
9 Jun 2011 at 00:45 UTC
This one permission and DB query filter would enable a multi seller environment (YES via one payment 'gateway').
Introduction
Its rather rudimentary but I have been able to build up views of products created by a each user and sprinkle a few redirect rules inplace on creation of products to their respective pages. How ever there are a few kinks in the way at the moment that other 'store owners' in this context some one that can create a product as their uid is in the product they created its rather simple to get their respective orders and what not to their accounts. Have it all up and working at the moment except this one pain in my butt this missing permission.
So I am starting the work to get this to a sold point.
Right now is a brute force sort of thing.
- there is a new permission 'Access own products'.
- I have added the condition onto the query that does the look up.
The permission is doing nothing right now but it will be tied to the additional query parameter that is working. So rigt now you can throw this patch on dev and if a user has created a product they will now see only the product they created in the reference field. Admins will see all products..
I used
if(!in_array("administrator", $user->roles)) {
Sure that can be cleaner.. But its a start.
With out further babble from my part here is the first stab at this issue.
diff --git a/modules/product/commerce_product.module b/modules/product/commerce_product.module
index e28a713..63ad28e 100644
--- a/modules/product/commerce_product.module
+++ b/modules/product/commerce_product.module
@@ -239,6 +239,11 @@ function commerce_product_permission() {
'title' => t('Access products'),
'description' => t('Allows users to view lists of products in the Store admin and reference lists.'),
),
+ //TODO: NOTE MAY NEED TO MAKE THIS AN ADMIN PERMISSION??? RIGHT NOW I ASSUME I REVOKE THE ABOVE AND ENABLE THIS.
+ 'access own products'=> array(
+ 'title' => t('Access own products'),
+ 'description' => t('Allows users to view lists of products they have created under their store profile and referenc
+ ),
);
// Add product type specific permissions. Note that users with administer
@@ -588,7 +593,12 @@ function commerce_product_access($op, $product = NULL, $account = NULL) {
if ($op == 'view' && user_access('access products', $account)) {
return TRUE;
}
-
+
+ //TODO: ACCESS OWN PRODUCTS
+ if ($op == 'view' && user_access('access own products', $account) && $product->uid == $account->uid) {
+ return TRUE;
+ }
+
if (isset($product) && is_string($product) && $op == 'create' && user_access('create ' . $product . ' products', $accou
return TRUE;
}
@@ -803,6 +813,16 @@ function _commerce_product_match_products_standard($instance, $string = '', $mat
$product_title_alias = $query->addField('cp', 'title');
$product_type_alias = $query->addField('cp', 'type');
+
+ //TODO: FORCING FILTER TO USER ID IF NOT ADMIN
+ $product_uid_alias = $query->addField('cp', 'uid');
Comments
Comment #1
roam2345 commentedwoops here is the missing bit from my diff
Comment #2
roam2345 commentedAfter further thought here is a real working solution.
This is mind melding commerce assumes ATM that any user that can access a create / edit on a display content type they can select a and use a product reference.
THAT MEANS
- If the user can create a product display they see all product types in the reference field. (THERE IS NO PERMISSION TO LIMIT IT UNTILL NOW :) )
- also means we can now limit the list of available products a user can see on the product list views aka admin/commerce/products but per user add an argument
- ill get those views exported in the morrow here for others to play with.
Here is my diff.
Comment #3
roam2345 commentedHere is the view I am using to 'mimic' the product list view that exists under the store admin.
For this to work out the 'box' you need to add a extra field on the user account 'store_name' and add a value.
Then a view to admin their product displays.
Here are the rules I used to redirect people off the default return page to their .
Store redirect product delete
Store redirect product save
Store redirect product update
Their we have it now there a bunch of permissions you should assign off to a separate role sate store owner.... and now users can upload and create their own products.. I have views or displaying their own orders and statistics around the orders but I leave that up to you to discover. PS: the relationships and group by are the keys to those.
Comment #4
roam2345 commentedWould like some eye's over the solution I got here, plz.
Comment #5
rszrama commentedToday's your lucky day! Damien is working out a patch for #927090: Revamp / unify entity access that will add this permission in along with a lot of others thanks to a unified model of defining permissions and performing access checks... it's pretty unbelievable. : )