PrevPrev Go to previous topic
NextNext Go to next topic
Last Post 7/24/2017 4:22 PM by  Will Strohl
Category roles
 6 Replies
 1 Subscribed to this topic
 1 Subscribed to this forum
Sort:
You are not authorized to post a reply.
Page 1 of 212 > >>
Author Messages





New Member






--
7/13/2017 1:51 PM
    Hello, category roles do not seem to be working to restrict product page access on our site.

    We are using Hotcakes version 1.10.4 Pro.

    When we set roles at the product level, it works as expected, preventing access to the associated product page for users without one of those roles. However, that is not happening when we set the same roles at the category level and a product is a member of the category.

    For example, our product [url=https://www.practicewise.com/ProductViewer/Free-Supervision-and-Training-Course-Bundle-5-Year]Free Supervision and Training Course Bundle 5 Year[/url] is a member of the category "Membership Products," and as shown in the screenshot below, its Product Roles page correctly shows that it should inherit the role Ecommerce Manager because (a) no roles have been added at the product level, and (b) that role was added to the category Membership Products. However, the associated product page does not seem to be getting restricted for any users (it is public, as testable using the above link).
    [img=https://photos.app.goo.gl/7Sof81IMgwssqI6i2]Roles for Free Supervision and Training Course Bundle 5-Year[/img]

    Same thing for all other products. For example, the product
    [url=https://www.practicewise.com/ProductViewer/FullAccessForStudents]Full Access For Students[/url]
    is behaving as public, even though it is restricted to a (large) set of roles applied via a "Student Products" category, as shown in this screenshot:
    [img=https://photos.app.goo.gl/ING12Be7AYDZaxqJ3]Roles for Full Access for Students[/img]

    This will be a big problem for us if we aren't able to get category roles to work, because we are often adding roles, and adding them to each associated product would be a big burden.

    Thanks in advance,
    Adam





    Veteran Member






    --
    7/17/2017 2:46 PM
    Hello Adam:

    It's somewhat difficult to follow a post about an actual implementation, so I went ahead and created a local proof of concept to see if I could get us on a more simplistic "same page."

    I created 3 products, Product A, B, and C. I also created a security role, "VIP Customers," and a category, "VIP Only."

    [list]
    [*]Product A - Added to VIP Customers role; Not added to any category
    [*]Product B - Not added to any roles; added to the VIP Only category
    [*]Product C - Added to both the VIP customers role and the VIP Only category
    [/list]

    [b]Results as Anonymous Visitor[/b]
    When I browse the store as an anonymous visitor, Products A-C are not listed and neither is the VIP Only category.

    If I browse directly to the URL's of each of the products (requires knowing the URLs), Product B is accessible, but the result of the URLs display an access warning, letting the visitor know they aren't allowed to see the product/category.

    [b]Results as VIP Customer[/b]
    If I browse to the store as a VIP Customer, all of the products and categories are listed. If I browse to each, I'm able to see the product and category as expected.

    [b]Results as Other Role[/b]
    If I browse the site as a visitor in another different role (not in VIP Customers), the same results are seen as if the visitor were anonymous.

    Hopefully, I have recreated what you're trying to ask... Please let me know if I need to make any changes. Now...

    It sounds like Product B in the example above is the undesired behavior that you're concerned with. Is that right? Product B is still accessible even though it's not restricted by role, except by category.

    Please let me know if I understand this correctly.
    Will Strohl, Upendo Ventures Hotcakes Cloud | Get Support | Code Support Official Cloud & Support provider for Hotcakes





    New Member






    --
    7/17/2017 3:43 PM
    Hi Will, thanks for your reply. Yes, I think you have recreated it successfully. Just as you described, the problem is that for an anonymous user browsing directly to the URLs of each of the products, Product B is accessible, whereas the other URLs (Products A and C) display an access warning.

    It seems that Product B should also display an access warning, because it is in the VIP Only category, and we are accessing as an anonymous visitor. Is there a way to address this situation?

    Thanks very much.





    New Member






    --
    7/17/2017 3:47 PM
    One other thing to specify: in my most recent post in this thread, I am assuming that the "VIP Customers" role has been applied to "VIP Only" category.





    Veteran Member






    --
    7/24/2017 12:54 PM
    [quote=Adam Bernstein;181]One other thing to specify: in my most recent post in this thread, I am assuming that the "VIP Customers" role has been applied to "VIP Only" category.[/quote]

    I failed to mention that this is indeed how I setup the VIP Role. Also, I just created an Issue for this.

    https://github.com/Hotcak...merce/core/issues/31

    In the meantime, you could add some code to your category view to address this issue as a workaround. This would allow you to check for the role as well.
    Will Strohl, Upendo Ventures Hotcakes Cloud | Get Support | Code Support Official Cloud & Support provider for Hotcakes
    You are not authorized to post a reply.
    Page 1 of 212 > >>


    Loading
    • Sign-up for the Hotcakes Community Newsletter: