Hi Guys. Does anyone know if there is an idiot-proof way to block certain roles from viewing invoices. I need some users to view the order page to get some information from it, but I don't want them to see the full order or invoice. I have restricted the panels which are displayed on the view order page (which is great), but can't get rid of the "Invoice" tab.

Is this a function that could be easily added to the user permissions page? Maybe it would allow you to choose who can see invoices alongside the other permission to allow users to view orders.

I've tried Tab Tamer, but that doesn't offer the functionality to do this... I just wondered if you guys might have a better idea. Thanks in advance!

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

cockers’s picture

Actually, it turns out that I was wrong. If anyone else wants to do this all you need to do is install tab tamer, turn on the admin tabs, and then refresh the cache. After that you get access to all of the Ubercart tabs as well as the others.

Although this is fine for now. Would it be possible to add the permissions I asked about before? That would be a little less messy...

longwave’s picture

There is a checkbox for this at /admin/store/settings/orders but it should be changed into a permission.

TR’s picture

Version: 6.x-2.9 » 7.x-3.x-dev

Let's change this in 7.x-3.x first.

longwave’s picture

Status: Active » Needs review
FileSize
2.84 KB

This patch converts the checkbox to a permission, and adds the permission to authenticated user if the checkbox was previously set.

longwave’s picture

Status: Needs review » Needs work

/user/%user/orders/%uc_order/invoice and /user/%user/orders/%uc_order/print paths should be changed to use the new permission.

longwave’s picture

Status: Needs work » Needs review
FileSize
4.56 KB

Improved uc_order_can_view_order() to handle 'view own invoices', and added some explanatory comments.

longwave’s picture

Status: Needs review » Fixed

Committed #6.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.