Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The Views Megarow requires granting the administer commerce_product entities
permission. This is too much for most users. It should be able to handle the more fine grained per product type permissions to enable editing of those product types that users do actually have the permission to edit.
Comment | File | Size | Author |
---|---|---|---|
#3 | quick_edit_permissions-1911958-3.patch | 3.41 KB | vasike |
#1 | 1911958-commerce_backoffice-node_access-permission.patch | 624 bytes | mrfelton |
Comments
Comment #1
mrfelton CreditAttribution: mrfelton commentedThis is not really the right approach, as it opens up the ability to edit a product based on wether the user has the permission to edit the display node. But, in our simple use case, users that have access to edit the display do also have permission to edit the linked products. So, I attach this patch for those that might have a similar setup.
Ultimately, this needs to be made more intelligent so that it is the per-product type edit permission that is checked.
Comment #2
logii CreditAttribution: logii commented#1 Worked for me.
Comment #3
vasikehere is a new patch that completes the work started on #1 patch.
it uses this access for "Quick Edit" link from "Operations links" Views handler.
And also adds a permission check for inside quick edit form for the product form elements.
if there's no update access for the product the form elements will be disabled.
to do:
- the "administer commerce_product entities" is the permission set for the Backoffice Products view.
imho opinion this should be changed with a more flexibile custom permission
for example: let an user with only access for updating a product display type and its product type entities
to access this page.
Comment #4
jsacksick CreditAttribution: jsacksick commentedCommitted! Thanks (8aa251a), forgot to append --author :(