Im trying to figure out how to make a views block that gives me the top 5 products sales visible to anonymous users. This views need a filter 'orders status completed' (at least as i see the way it should work) and unless I give anonymous users the 'View any Order order' permission (which has security implications) they dont get the expected results. So if anyone knows a way via Views UI or programatically to get this one working i'll be gratefull for your thoughts.

Comments

liupascal’s picture

Try the following,
There is an option in views to not take into account permissions when running the query (dunno if it is on the query level or display level though)

Edit your view > Right column "Advanced" > Query settings : check "Disable Query Rewritting"
--> Disabling SQL rewriting will disable node_access checks as well as other modules that implement hook_query_alter().

It worked for me.

EndEd’s picture

thanks for the tip liupascal :)

liupascal’s picture

Status: Active » Closed (fixed)

Anytime :-)

Zorin 007’s picture

Category: support » bug
Status: Closed (fixed) » Needs review

Disabling Query Rewriting worked for me too but I don't think we should close the case, maybe moving it to a different category? Reason is everything worked ok with query rewriting enabled before update.

rszrama’s picture

Category: bug » support
Status: Needs review » Closed (fixed)

There are other open issues dealing with this stuff in relation to Views, so I don't think we need to reopen / recategorize this one. Another issue pointed out that something has changed inside Views itself, so it will most likely be a documentation issue for Commerce.

leroyg’s picture

Good point rszrama I'll keep you posted

3rdLOF’s picture

subscribing

quantos’s picture

Hi rszrama. Can I enquire why this one is closed? So far as I know the sql rewrite/related products type issue is ongoing?

But if the issue has been resolved or the discussion still going on is there a link you could place in here for us? This ticket is referenced from lots of other tickets, for example, but I can't see any that have a better fix than disabling sql rewriting (with that security issue - whatever that exactly is too).

It would be great to know where this issue is being followed through and where/when a proper fix might materialise.

Thanks.

Colin

batigol’s picture

Status: Closed (fixed) » Closed (duplicate)
quantos’s picture

Many thanks.

biografica’s picture

I banged my head on the keyboard about this one for a bit. Your instructions worked.

Thanks, liupascal.

GaneshKumar’s picture

Thanks liupascal,
Your idea works for me when i use Drupal Commerce + quicktabs + Views altogether.

aryaalvenkar’s picture

thanks a lot..u made my day... :)

jamuy’s picture

Buenas, en mi caso, despues de varias pruebas. Agregue que el usuario anonimo puede ver cualquier producto de cualquier tipo y así funcionó.

Si solo pongo el tipo de producto involucrado en la consulta, no funciona. Idem para los demás roles que tengo creados.

Saludos.

anodenymous’s picture

thanks liupascal perfecto #1

ttwhyz’s picture

Thanks!!! This worked for me as well. Is anyone worried about the warning message.

WARNING: Disabling SQL rewriting means that node access security is disabled. This may allow users to see data they should not be able to see if your view is misconfigured. Please use this option only if you understand and accept this security risk.

ttwhyz’s picture

Issue summary: View changes

my english is baaad

Avi.Kumar’s picture

Issue summary: View changes

Giving Permissions to Anonymous User to:
View any product of any type
Warning: Give to trusted roles only; this permission has security implications.
Seems to fix this problem problem more cleanly, without explicitly searching through all Views and changing setting there.

The_Bucks’s picture

I'm having the same problem still with the Anonymous User. Even giving the user the Anonymous User administrator rights to everything did nothing to help my problem. The thing that I did before I noticed the problem was to resolve some problems that were being displayed in the status report at /admin/reports/status. The problems where as follows.

  1. File system> Writable (public & private download method) was not accessible.
  2. Store settings> (Email was not set)
  3. Spyc> (Not sure what this was but I think that it was missing the library).
  4. Notifications status> (Still yellow with the Enabled. 0 queued. Last: never) message.

I have tried to run the following on my current Drupal installation.

  1. Option #1 in this post (uc_orders_user (Orders)). Not sure if this was the correct place.
  2. I am under the impression that Page: Query options for all displays means that when I choose "apply displays", that it means "to all displays". Please clarify.
    I also added the process of:

  3. Rebuild permissions at /admin/reports/status/rebuild

Also tried the following things:

  1. Attempted to fix this problem by removing the cart page from the secure pages list.

None of these fixes did not resolve my problem. Any help is greatly appreciated.

Drupal system:

  1. Site: it911now.com
  2. Drupal 7.38
  3. Ubercart with Ubercart SSL v7x
  4. UC Restrict Qty (uc_restrict_qty)Version: 7.x-1.1v7.x-1.1

Let me know if you need a list of modules.
Would it help for the meantime if I required all visitors to login to add to products to their cart?

kenorb’s picture