Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
Im trying to figure out how to make a views block that gives me the top 5 products sales visible to anonymous users. This views need a filter 'orders status completed' (at least as i see the way it should work) and unless I give anonymous users the 'View any Order order' permission (which has security implications) they dont get the expected results. So if anyone knows a way via Views UI or programatically to get this one working i'll be gratefull for your thoughts.
Comments
Comment #1
liupascal CreditAttribution: liupascal commentedTry the following,
There is an option in views to not take into account permissions when running the query (dunno if it is on the query level or display level though)
Edit your view > Right column "Advanced" > Query settings : check "Disable Query Rewritting"
--> Disabling SQL rewriting will disable node_access checks as well as other modules that implement hook_query_alter().
It worked for me.
Comment #2
EndEd CreditAttribution: EndEd commentedthanks for the tip liupascal :)
Comment #3
liupascal CreditAttribution: liupascal commentedAnytime :-)
Comment #4
Zorin 007 CreditAttribution: Zorin 007 commentedDisabling Query Rewriting worked for me too but I don't think we should close the case, maybe moving it to a different category? Reason is everything worked ok with query rewriting enabled before update.
Comment #5
rszrama CreditAttribution: rszrama commentedThere are other open issues dealing with this stuff in relation to Views, so I don't think we need to reopen / recategorize this one. Another issue pointed out that something has changed inside Views itself, so it will most likely be a documentation issue for Commerce.
Comment #6
leroyg CreditAttribution: leroyg commentedGood point rszrama I'll keep you posted
Comment #7
3rdLOF CreditAttribution: 3rdLOF commentedsubscribing
Comment #8
quantos CreditAttribution: quantos commentedHi rszrama. Can I enquire why this one is closed? So far as I know the sql rewrite/related products type issue is ongoing?
But if the issue has been resolved or the discussion still going on is there a link you could place in here for us? This ticket is referenced from lots of other tickets, for example, but I can't see any that have a better fix than disabling sql rewriting (with that security issue - whatever that exactly is too).
It would be great to know where this issue is being followed through and where/when a proper fix might materialise.
Thanks.
Colin
Comment #9
batigol CreditAttribution: batigol commented@quantos http://drupal.org/node/1276450
Comment #10
quantos CreditAttribution: quantos commentedMany thanks.
Comment #11
biografica CreditAttribution: biografica commentedI banged my head on the keyboard about this one for a bit. Your instructions worked.
Thanks, liupascal.
Comment #12
GaneshKumar CreditAttribution: GaneshKumar commentedThanks liupascal,
Your idea works for me when i use Drupal Commerce + quicktabs + Views altogether.
Comment #13
aryaalvenkar CreditAttribution: aryaalvenkar commentedthanks a lot..u made my day... :)
Comment #14
jamuy CreditAttribution: jamuy commentedBuenas, en mi caso, despues de varias pruebas. Agregue que el usuario anonimo puede ver cualquier producto de cualquier tipo y así funcionó.
Si solo pongo el tipo de producto involucrado en la consulta, no funciona. Idem para los demás roles que tengo creados.
Saludos.
Comment #15
anodenymous CreditAttribution: anodenymous commentedthanks liupascal perfecto #1
Comment #16
ttwhyz CreditAttribution: ttwhyz commentedThanks!!! This worked for me as well. Is anyone worried about the warning message.
WARNING: Disabling SQL rewriting means that node access security is disabled. This may allow users to see data they should not be able to see if your view is misconfigured. Please use this option only if you understand and accept this security risk.
Comment #16.0
ttwhyz CreditAttribution: ttwhyz commentedmy english is baaad
Comment #17
Avi.Kumar CreditAttribution: Avi.Kumar commentedGiving Permissions to Anonymous User to:
View any product of any type
Warning: Give to trusted roles only; this permission has security implications.
Seems to fix this problem problem more cleanly, without explicitly searching through all Views and changing setting there.
Comment #18
The_Bucks CreditAttribution: The_Bucks commentedI'm having the same problem still with the Anonymous User. Even giving the user the Anonymous User administrator rights to everything did nothing to help my problem. The thing that I did before I noticed the problem was to resolve some problems that were being displayed in the status report at /admin/reports/status. The problems where as follows.
I have tried to run the following on my current Drupal installation.
I am under the impression that Page: Query options for all displays means that when I choose "apply displays", that it means "to all displays". Please clarify.
- Rebuild permissions at /admin/reports/status/rebuild
I also added the process of:
Also tried the following things:
None of these fixes did not resolve my problem. Any help is greatly appreciated.
Drupal system:
Let me know if you need a list of modules.
Would it help for the meantime if I required all visitors to login to add to products to their cart?
Comment #19
kenorb CreditAttribution: kenorb commented