Posted by Lukas von Blarer on September 4, 2012 at 5:48pm
5 followers
| Project: | Drupal Commerce |
| Version: | 7.x-1.x-dev |
| Component: | Checkout |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | needs review |
Issue Summary
I have the Review checkout pane on the Payment checkout step. When checking out the view commerce_cart_summary is empty. If i put it on a different page it works.
Comments
#1
I don't have this problem, but perhaps you've changed the View? It works fine on any Checkout Page I put it in, with the screenshot below showing it appearing as expected on the Payment page. Note that the default Order ID argument for the View is supplied directly by code, so if this has been changed at all, it could not show up since at the Payment step the order is no longer considered a cart in the sense that it would be selected using the default behavior feature of the Order ID argument.
The only other thing I can think of is that something may have been fixed since the 1.3 release. : ?
#2
Of course I forgot the attachment.
#3
I already reset it. What I realized is that it works as user 1. Is this a permission problem?
#4
Sounds like you might just need to give "view own order" permissions to users. Did you install from scratch or use Commerce Kickstart?
#5
I did it from scratch. Actually upgrading from a Ubercart D6 installation. I had this permission set for both anonymous and authenticated users.
#6
Ok, well, that's the tack to keep taking. If you need to be able to compare settings, just install Commerce Kickstart 1.x, move the Review pane to the Payment page, and install the PayPal / PayPal WPS modules. You should be able to test even with a fake PayPal e-mail address for the store and then work it out from there. It really just sounds like a permission issue on loading the order to show it in the View; I don't know of any other reason it wouldn't be showing.
When you figure it out, it'd be great to go ahead and update this issue with the fix. I'll leave it postponed until then.
#7
Yes, I have tried that. I can't see a permission settings problem. I have tried all possibly related permissions. How can I start debugging?
#8
Start by what I said above - use a clean install of Commerce Kickstart and confirm that you can reproduce the problem there. If you can, then post steps to reproduce it. We have no way to help further without being able to reproduce the faulty configuration. If you can't, then there's nothing to do but to keep digging - I can confirm that I do not have this problem, so it's most likely something specific to your site, maybe even some other module or custom code interfering with the normal behavior. Again, leaving postponed until we know something to act on.
#9
I disabled all commerce contrib modules and enabled Paypal WPS to test the issue. The bug persits. Now I also have an infinite JS reload on the Payment page.
#10
I attached a screenshot of my checkout settings. Maybe I got something wrong there...
#11
Your screenshot shows you still haven't done what I suggested, which was to start with a clean install of Commerce Kickstart 1.x. There would be no other contrib modules to disable or Shipping options on the checkout form, just Drupal Commerce core + the PayPal WPS module.
That said, you're really using the "Payment" page incorrectly. It's purely there as a redirect point for off-site payment methods. I didn't mention this before, because putting review on that page may be a valid configuration under certain circumstances, but I'm not convinced it is in yours. For example, putting input elements on that page won't work, because the form is designed to submit directly to PayPal. It would never have a chance to save the customer's shipping option, because the form "action" in the HTML is the PayPal URL. This is probably part of what's causing your redirect problem.
#12
I tested what you suggested in Commerce Kickstart 2.x. It works as expected on the Review step.
I am using commerce_saferpay as payment method whoch provdes a credit card form which is only available in the Payment step. I guess this is party of my issue since it forces me to put the Review pane on the Payment step because I want the to be on one page.
#13
You still didn't do what I recommended a couple of times - use Commerce Kickstart 1.x so we can be assured it's in working order on a clean codebase. However, the fact that it's working on 2.x as well just goes to show it's not an issue with Drupal Commerce itself but something about your configuration or possibly even the SaferPay module.
Until we get steps to reproduce the problem, there's nothing we can do to help. Please leave this marked as "maintainer needs more info" until there's more to act on, or if you discover it's an issue with the payment module, please move this issue to its queue.
#14
With paypal WPS I don't have this issue since the credit card form can be placed in any checkout step. This issue is related to this one: #1736688: Load credit card form inline in the Payment checkout pane Moving this over to Commerce Saferpay...
#15
Ok, sorry I couldn't be of more assistance. Hopefully the module maintainer has encountered this before and knows how to work around it.
#16
I found out that if I give the anonymous user the "View any order of any type" permission, The view gets loaded as expected.
So there has to be some access restriction that kicks in as soon as the order has the status checkout_payment. Can we somehow bypass this if the user is able to access the payment page of that order?
Thank you for your support, Ryan.
#17
As we found out during the user group meeting today, there's a blind spot during the checkout process.
The cart module allows access to the current cart order and completed orders. On the payment page, the order is no longer a cart order, but it's not completed yet. I imagine the same could happen for custom payment pages.
The attached patch fixes this, by allowing access to both current and completed orders. I am not sure if the following special case is still necessary under this condition:
<?php// Always give the current user access to their own cart regardless of order
// view permissions.
if (!empty($current_order_id)) {
$conditions->condition($context['base_table'] . '.order_id', $current_order_id);
}
?>
As Ryan just said today in his presentation, the view own order entities permission *is* required for anonymous users, so I'm not sure why this is necessary.
#18
Thank you Sascha! Works perfectly for me. But I can't review this patch from a security perspective...
#19
I think the current patch isn't really questionable from a security perspective, this only brings it in line with the access checks in commerce_checkout_router().
The only part that might need discussion is if the posted code snippet is still required, but my patch currently does not touch that.
#20
FWIW for people searching for an issue like this:
I had a similar problem, in that "shopping cart contents" was always empty for anonymous users, whatever permissions I granted them for viewing orders. Turns out they needed permission to view the products too, and the fix in #98 of this issue was relevant to me: http://drupal.org/node/1276450.
The fix is to give "View any product of any type" permission to anonymous users (ignoring the erroneous security warning).
#21
Thx Fonant - that did the trick for me after some head banging - just perms. I just need to fix the same issue with shipping not showing for anon and auth users on the same page as part of the sub ttl info.
Ive had a look at perms but doesnt seem to be any obvious ones for shipping...