diff --git a/commerce_backoffice_product.module b/commerce_backoffice_product.module index 3edbf7d..a00c97d 100644 --- a/commerce_backoffice_product.module +++ b/commerce_backoffice_product.module @@ -18,8 +18,9 @@ function commerce_backoffice_product_menu() { $items['commerce_backoffice/variations/%node'] = array( 'page callback' => 'commerce_backoffice_product_variations_view', 'page arguments' => array(2), + 'access callback' => 'node_access', + 'access arguments' => array('update', 2), 'delivery callback' => 'ajax_deliver', - 'access arguments' => array('administer commerce_product entities'), ); // The overriden node/add type listing. @@ -325,6 +326,9 @@ function commerce_backoffice_product_quick_edit_form($form, &$form_state, $produ $amount = commerce_currency_amount_to_decimal($price_array['amount'], $price_array['currency_code']); $price = number_format(commerce_currency_round(abs($amount), $currency), $currency['decimals'], $currency['decimal_separator'], $currency['thousands_separator']); + $update_permission = commerce_product_access('update', $product); + $disabled = $update_permission ? FALSE : TRUE; + $wrapper = drupal_html_id('commerce-backoffice-product-quick-edit-form'); $form['#prefix'] = '
'; $form['#suffix'] = '
'; @@ -335,6 +339,7 @@ function commerce_backoffice_product_quick_edit_form($form, &$form_state, $produ '#title_display' => 'invisible', '#default_value' => $price, '#size' => 5, + '#disabled' => $disabled, ); $form['status'] = array( '#type' => 'select', @@ -342,6 +347,7 @@ function commerce_backoffice_product_quick_edit_form($form, &$form_state, $produ '#title_display' => 'invisible', '#options' => array(0 => t('Disabled'), 1 => t('Active')), '#default_value' => $product->status, + '#disabled' => $disabled, ); $form['save'] = array( '#type' => 'submit', @@ -350,6 +356,7 @@ function commerce_backoffice_product_quick_edit_form($form, &$form_state, $produ 'callback' => 'commerce_backoffice_product_quick_edit_form_ajax', 'wrapper' => $wrapper, ), + '#disabled' => $disabled, ); if (!empty($form_state['product_saved'])) { $form['save']['#suffix'] = t('Saved'); diff --git a/includes/views/handlers/commerce_backoffice_handler_field_node_operations.inc b/includes/views/handlers/commerce_backoffice_handler_field_node_operations.inc index 83c0f02..e62c7df 100644 --- a/includes/views/handlers/commerce_backoffice_handler_field_node_operations.inc +++ b/includes/views/handlers/commerce_backoffice_handler_field_node_operations.inc @@ -37,9 +37,11 @@ class commerce_backoffice_handler_field_node_operations extends views_handler_fi // Add the quick-edit link which opens the megarow. if ($this->options['add_quick_edit']) { $quick_edit['quick-edit'] = menu_get_item('commerce_backoffice/variations/' . $nid); - $quick_edit['quick-edit']['title'] = t('Quick edit'); - $quick_edit['quick-edit']['attributes']['class'] = 'views-megarow-open'; - $links = array_merge($quick_edit, $links); + if ($quick_edit['quick-edit']['access']) { + $quick_edit['quick-edit']['title'] = t('Quick edit'); + $quick_edit['quick-edit']['attributes']['class'] = 'views-megarow-open'; + $links = array_merge($quick_edit, $links); + } } // Add the destination to the links if specified.