Make unpublished skus unavailable in admin order screen

I think the admin should be allowed to do anything - even add a product that's not yet (or no longer) available to the general public.

I have a store where unpublished items are used in the admin pages; for some items there is limited stock and they are not always available directly via the website (products are unpublished) but customers may call and have an item added to their order manually. As TR says, a store admin can and should be able to do things that their customers cannot.

I guess this calls for a new permission, "view unpublished products" or similar, that is checked on the create order pages, but this is probably better off in a contrib module than in core, unless someone wants to provide a fairly simple patch for it.

Marked #1520840: customizing the order admin back end as duplicate

New features should go into 7.x-3.x first.

Do we need a new permission here, or is "administer products" enough? Or what about "bypass node access" that node.module provides?

I think bouth should be used with OR...

Even simpler, should we just use node_access(), so any user can only add products that they currently have permission to view? As we already use this for adding items to the cart, it makes sense to use the same rules on the admin side as well.

The attached patch converts the query used here to use the node_access tag, so admins can only add products that they have permission to view.

Commited #12.