diff --git a/commerce_backoffice_product.module b/commerce_backoffice_product.module
index 3edbf7d..a00c97d 100644
--- a/commerce_backoffice_product.module
+++ b/commerce_backoffice_product.module
@@ -18,8 +18,9 @@ function commerce_backoffice_product_menu() {
$items['commerce_backoffice/variations/%node'] = array(
'page callback' => 'commerce_backoffice_product_variations_view',
'page arguments' => array(2),
+ 'access callback' => 'node_access',
+ 'access arguments' => array('update', 2),
'delivery callback' => 'ajax_deliver',
- 'access arguments' => array('administer commerce_product entities'),
);
// The overriden node/add type listing.
@@ -325,6 +326,9 @@ function commerce_backoffice_product_quick_edit_form($form, &$form_state, $produ
$amount = commerce_currency_amount_to_decimal($price_array['amount'], $price_array['currency_code']);
$price = number_format(commerce_currency_round(abs($amount), $currency), $currency['decimals'], $currency['decimal_separator'], $currency['thousands_separator']);
+ $update_permission = commerce_product_access('update', $product);
+ $disabled = $update_permission ? FALSE : TRUE;
+
$wrapper = drupal_html_id('commerce-backoffice-product-quick-edit-form');
$form['#prefix'] = '
';
$form['#suffix'] = '
';
@@ -335,6 +339,7 @@ function commerce_backoffice_product_quick_edit_form($form, &$form_state, $produ
'#title_display' => 'invisible',
'#default_value' => $price,
'#size' => 5,
+ '#disabled' => $disabled,
);
$form['status'] = array(
'#type' => 'select',
@@ -342,6 +347,7 @@ function commerce_backoffice_product_quick_edit_form($form, &$form_state, $produ
'#title_display' => 'invisible',
'#options' => array(0 => t('Disabled'), 1 => t('Active')),
'#default_value' => $product->status,
+ '#disabled' => $disabled,
);
$form['save'] = array(
'#type' => 'submit',
@@ -350,6 +356,7 @@ function commerce_backoffice_product_quick_edit_form($form, &$form_state, $produ
'callback' => 'commerce_backoffice_product_quick_edit_form_ajax',
'wrapper' => $wrapper,
),
+ '#disabled' => $disabled,
);
if (!empty($form_state['product_saved'])) {
$form['save']['#suffix'] = t('Saved');
diff --git a/includes/views/handlers/commerce_backoffice_handler_field_node_operations.inc b/includes/views/handlers/commerce_backoffice_handler_field_node_operations.inc
index 83c0f02..e62c7df 100644
--- a/includes/views/handlers/commerce_backoffice_handler_field_node_operations.inc
+++ b/includes/views/handlers/commerce_backoffice_handler_field_node_operations.inc
@@ -37,9 +37,11 @@ class commerce_backoffice_handler_field_node_operations extends views_handler_fi
// Add the quick-edit link which opens the megarow.
if ($this->options['add_quick_edit']) {
$quick_edit['quick-edit'] = menu_get_item('commerce_backoffice/variations/' . $nid);
- $quick_edit['quick-edit']['title'] = t('Quick edit');
- $quick_edit['quick-edit']['attributes']['class'] = 'views-megarow-open';
- $links = array_merge($quick_edit, $links);
+ if ($quick_edit['quick-edit']['access']) {
+ $quick_edit['quick-edit']['title'] = t('Quick edit');
+ $quick_edit['quick-edit']['attributes']['class'] = 'views-megarow-open';
+ $links = array_merge($quick_edit, $links);
+ }
}
// Add the destination to the links if specified.