This bug may be related to the changes to the code caused by #1395488: Create a 7.x-2.x branch based on commerce_license.

Roles with the permission "Create Commerce File Licenses" cannot upload files as part of a commerce product. The role must be assigned the "Administer Commerce File" or the "Administer Commerce File field type" permissions to be able to upload files. This limits the creation of download products to administrators only.

This problem seems to reside in the function commerce_file_field_access(). Initial investigation suggests that the module expects $entity_type (which is always "product_type" when updating/creating a product) to be "commerce_file_license". This whole access function probably needs to be rewritten.

Let me know if I am correct in my thinking. Thanks.

CommentFileSizeAuthor
#6 Access_Limits-1406874-6.patch2.43 KBtommy kaneko

Comments

recrit’s picture

Status: Active » Closed (works as designed)

the field on the product is the commerce_file field type so they need - "Administer Commerce File field type" permission. The other permissions are for the license entity that gets created after purchase.

tommy kaneko’s picture

Category: bug » feature

Ah yes, apologies.

I guess what I am looking for is a way to restrict the "Access Limits" options to certain roles only. I don't think there is a way to do this yet. If there isn't, then I can try to make a patch to make this happen. Let me know.

recrit’s picture

there is not... the limit settings are part of the field. You might be able to disable the settings inputs by implementing hook_field_widget_form_alter()

tommy kaneko’s picture

Title: Add a permission for Administer Access Limits » Roles not granted the assigned permissions

I have done exactly that. Here is the code I used to hack a sensible solution:

Create a new module with the following code:

<?php
function mymodule_field_widget_form_alter(&$element, &$form_state, $context) {
  if ($context['field']['type'] == 'commerce_file' && $context['instance']['widget']['type'] == 'commerce_file_generic') {
    foreach ($element as $index => $ele) {
      if ($ele['#entity_type'] == 'commerce_product') {
        // Make fields hidden.
        $element[$index]['data']['#type'] = 'hidden';
        $element[$index]['data']['duration']['#type'] = 'hidden';
        $element[$index]['data']['duration']['#value'] = $element[$index]['data']['duration']['#default_value'];
        $element[$index]['data']['download_limit']['#type'] = 'hidden';
        $element[$index]['data']['download_limit']['#value'] = $element[$index]['data']['download_limit']['#default_value'];
        $element[$index]['data']['address_limit']['#type'] = 'hidden';
        $element[$index]['data']['address_limit']['#value'] = $element[$index]['data']['address_limit']['#default_value'];
      }
    }
  }

}
?>

I still think there should be a feature that allows this part of the field to be hidden and only use default values. I suggest the permission "Administer Commerce File field type" should be split into "Upload Commerce File field" and "Administer Commerce File Access Limits". What do you think? I may be able to make a patch for this if you think it worthwhile.

recrit’s picture

Title: Roles not granted the assigned permissions » Add a permission for Administer Access Limits
Status: Closed (works as designed) » Needs work

updated the title to reflect the feature request.
Yes, submit a patch and I can review it.

tommy kaneko’s picture

Title: Roles not granted the assigned permissions » Add a permission for Administer Access Limits
Status: Needs work » Needs review
StatusFileSize
new2.43 KB

Patch attached adds new permission: "Administer Commerce File Access Limits" which allows users to change the Access Limits for a Commerce File Field only if they have the permission.

batigol’s picture

edited

recrit’s picture

Status: Needs review » Closed (works as designed)

The field access and download access has bee revamped per #1467796: Administrator should have access to aall files. Please review that issue for the changes and test the latest dev.

Commerce File will not natively handle the 'access limits' permission as s requested. There are numerous admin permissions already:
"administer commerce file", "administer commerce_file_license", "access any commerce_file_license", "administer commerce_file field type"

This should be handled by implementing a hook_field_widget_form_alter (http://api.drupal.org/api/drupal/modules%21field%21field.api.php/functio...)

Example:

/**
 * Implements hook_field_widget_form_alter()
 */
function hook_field_widget_form_alter(&$element, &$form_state, $context) {
  if ($context['field']['type'] == 'commerce_file') {
    $delta =  $context['delta'];
    if (isset($element[$delta]['data'])) {
      $element[$delta]['data']['#access'] = user_access('your custom commerce_file access limits permission');
    }
  }
}