I've change access permissions for the default view to: Access: Permission | View own invoices

Permission to only view own invoices seems uneffective. When browsing to invoices of other users I find following typical output:

Invoice number: 7 
Date: Wednesday, October 26, 2011 - 14:13 
Order number: 9 
No line items found.

Total de la commande: 
$23.00
CommentFileSizeAuthor
#3 VIEW COMMERCE_INVOICE.rtf_.zip3.17 KBitamair
#3 Sql_DB_error.rtf_.zip826 bytesitamair

Comments

guillaumev’s picture

guillaumev commented
Status: Active » Fixed

Thanks for the bug report. It should now be fixed, but you might need to clear the caches after updating to the new code and review the permissions for the invoices.

Feel free to reopen this issue if you still have issues...

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

itamair’s picture

itamair commented
Status: Closed (fixed) » Active
StatusFileSize
new Sql_DB_error.rtf_.zip826 bytes
new VIEW COMMERCE_INVOICE.rtf_.zip3.17 KB

Actually I checked if this issue was fixed ... and I got some strange behavior. Seems not to work for me.

I use a view that would show the invoice associated to the order, for the present user, in the form of: /commerce/invoice/[#numberofinvoice]
Actually I just personalized the view that is shipped with the invoice module ...

I attach the code of the view. It works well for the administrator ... but not for the authenticated user for which a SQL error is thrown (I attach it here too), and the result view page is simply white ... (no content of the invoice view shown).

I underline that the access to this invoice view is granted to the authenticated user too, that holds also the following permissions (besides others less specific to commerce module):
View own customer profiles of any type
View own Billing information customer profiles
View own invoices
View own orders of any type
View own Order orders

The view seems to work for the authenticated user just when I delete from it any relationship linking invoice and the corresponding order ... but thus resulting in an absolutely useless view ...

What does that debug/error message means? ... and what would be the possible solution?
Is it just my fault, or something still wrong in the module behavior ?
Thanks for any help ...

guillaumev’s picture

guillaumev commented
Status: Active » Postponed (maintainer needs more info)

Hi,

Can you make sure that you have the latest dev version installed and that you made all the necessary database updates using update.php ?

pomliane’s picture

pomliane commented

Hi,
On an up-to-date install, /admin/commerce/orders/*/invoice pages are still visible by any user (even anonymous) with both dev and 1.0-alpha1 versions.
Is there something I'm missing?

pomliane’s picture

pomliane commented
Status: Postponed (maintainer needs more info) » Active
guillaumev’s picture

guillaumev commented
Status: Active » Needs review

Ok so there was in fact some code that I had written which I had forgotten to commit, so I was missing something :-)

Anyway I just committed it, retested it and it should now work... (http://drupalcode.org/project/commerce_invoice.git/commit/c212893). Please let me know if everything works for you...

pomliane’s picture

pomliane commented
Status: Needs review » Reviewed & tested by the community

It does work here now and I bet RTBC is not too optimistic, thank you! :)

guillaumev’s picture

guillaumev commented
Status: Reviewed & tested by the community » Fixed

Thank you, marking this as fixed...

itamair’s picture

itamair commented

Thanks! I checked ... and so far so good. It works ... it seems ;-)

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.