Closed (outdated)
Project:
Commerce Core
Version:
7.x-1.x-dev
Component:
Cart
Priority:
Normal
Category:
Feature request
Assigned:
Unassigned
Reporter:
Created:
4 Jul 2011 at 08:16 UTC
Updated:
4 Nov 2018 at 23:50 UTC
Jump to comment: Most recent
Comments
Comment #1
rszrama commentedCan you tell me what the data in that field is? You should only get the error if you specify a non-numeric product ID or if the Product Reference module can't load the product. Perhaps there's some permission check gone awry?
Comment #2
dmadruga commentedHey JGO,
did you try giving the "View any entity of type Commerce Product of any bundle" permission to the anonymous user?
Regards,
Daniel Madruga
http://danielmadruga.wordpress.com
http://www.B2Trip.com - Get help to plan your trip!
Comment #3
dmadruga commentedHummm... After posting my last message I started wondering what's the purpose of this permission. If a product is only viewed through its corresponding display node, what's the real purpose of this permission (beyond causing this sort of confusion)?
Comment #4
Countzero commentedI just stumbled on this problem too, and beside the fact I understand the logic behind this permission, I agree with the previous poster it's a bit confusing.
I'm testing Drupal Commerce with the Kickstart installation and must say I'm very impressed so far.
Perhaps this permission could be enabled by default in the installation profile ?
Comment #5
rszrama commentedYep - I was wondering if it was a permission problem. We probably shouldn't have added the access tag to the query in _commerce_product_match_products_standard() when we centralized our entity access control. I'll figure out a fix for it today, whether it's a revert or a conditional access tag or something.
Comment #6
rszrama commentedI fixed this by adding a parameter to the match product functions in commerce_product.module to explicitly add the access control tag. Default behavior is to not have this for now, but my hunch is we'll need to add a setting to the product reference field on whether to include access control or not. I'm going to repurpose this issue for that.
(I should've made it clear: update to the latest dev and you won't get the error any more, but don't give unfettered access to edit product reference fields if you need access control in them - we'll have that back in shortly.)
Comment #7
JGO commentedThanks for looking into it, are you sure it's in the latest dev ? That one is dated 3rd of July
Comment #8
rszrama commentedYeah, it's in there - the actual dev release only gets repackaged once a day. If you're using Git, you can always pull the latest changes as soon as I commit them.
Comment #9
TimelessDomain commentedthe purpose of this permission should be to hide fields attached to a referenced product entity, while still being able to display the rest of the node.
Right now you cannot hide the price while still showing the product. There should be a permission to view product price, or this permission should hide the product entity data on nodes.
I tried to work-around this using the Fields Permissions module http://drupal.org/project/field_permissions , but I could only get it to hide the add-to-cart button and not the price (or any other fields attached to a product entity & displayed through a product reference field.
The field permissions should apply to all fields displayed through a product reference field on a node. I have opened an issue to do just this #1233628: Commerce - Product Entity & Product Entity Reference Field Permissions . If commerce could provide this without the Field Permissions module, this would be ideal. In the meantime if you know a work-around to hide price from specific roles, please post it. Thanks
_____
UPDATE:
Ended up using rules to put the price into another field which could be hidden
This export contains both a decimal field & text field that get populated by the Commerce Price field (works with updates). Attach these fields to the Product Entity.
Comment #10
rszrama commentedNo longer critical since the initial bug had been fixed.
Comment #11
geek-merlini had a use case where this shot me in the knee:
* created some product view with the price and attached it to the display as a pseudofield with EVA
an ugly workaround for this is to give anonymous the permission "view any product".
see #1303194: Clarify security implications of granting "View any Product product" permission
Comment #12
bojanz commented