Contrib.social

Allow our entity select widget to filter options / validate input by user access

Open on Drupal.org →
Created on 12 May 2018, about 6 years ago
Updated 9 May 2024, about 2 months ago

Right now, we have permissions for viewing store entities as with other content entity types, but they don't do much given the expectations of the sytem re: those entities. One immediate improvement we could make for marketplace sites that expect users to manage stores and other entities in relation to their stores would be to apply access control to the display and validation of store selections in our various back-end interfaces.

For example, products have a base field that references the stores a product should be considered published to. This field uses our custom entity select widget, but it lets anyone with access to the product edit form see and select any store in the site. It would seem straightforward to apply access control both to the options and the allowed values (in the case of our autocomplete fallback), ensuring that an editor can only associate a product, promotion, etc. with the stores they can see.

I don't see any sort of condition plugin that would need similar accommodation, but update this description if that's the case.

Original request:

Can you add new permissions?

Dupal Commerce offers the possibility of associating payment methods, shipping methods, promotions and products to a specific store. But the whole list of stores is displayed when creating an entity.

The merchant should only access his own stores.

For promotion: payment methods, shipping methods, promotions and products, there should be permission to create in his own stores.

If this feature is not planned and it's a shame, is there another way to do that?

Thank you

I have a marketplace (several stores with multiple owners) and currently any merchant can create in any store. This is a big problem and I do not understand what is the interest of proposing the list of stores if there is no permission to control this.

✨ Feature request
Status

Closed: won't fix

Version

2.0

Component

Store

Created by

🇫🇷France zenimagine

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 2 months ago →
    🇷🇴Romania alexberendei

    There are any news regarding the access control for store owners in the newer versions of commerce ?

  • Comment 2 months ago →
    🇺🇸United States rszrama

    Unfortunately, this feature request wasn't specific enough to be actionable. I'm going to interpret it a bit and retitle the issue. Ultimately, I think what's needed is for us to add the ability to apply access control to the options shown in and input accepted by our commerce_entity_select widget, which lets you select the store a product is published to, a promotion is available for, etc.

    There are certainly other areas of marketplace requirements that have been advanced through other modules, but this seems to be the path forward for this particular issue. Others would require their own specific feature requests.

  • Comment 2 months ago →
    🇮🇱Israel jsacksick

    e. Ultimately, I think what's needed is for us to add the ability to apply access control to the options shown in and input accepted by our commerce_entity_select widget, which lets you select the store a product is published to, a promotion is available for, etc.

    And that isn't needed as access is already checked. Our EntitySelect element performs queries using the entity storage with the access checks turned on... So that isn't missing.

  • Comment about 2 months ago →
    🇺🇸United States rszrama

    Enh, I didn't look at the Element class to confirm apparently. Then perhaps this feature request is just completely unnecessary?

  • Status changed to Closed: won't fix about 2 months ago
  • Comment about 2 months ago →
    🇮🇱Israel jsacksick

    I think we can close this. I second the comment #2.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024