ACL on Categories/Products/Manufacturers and Multi-stores

ACL on Categories/Products coming in v2.7 will be a big step forward for Nop, for it has applications in several situations, including in some types of multi-stores. I have taken quite an amount of time to think how to make it effective (applicable to different kind of tasks), efficient (performance wise) and simple to develop and to administrate. So here are my two cents for this project:

ACL on Categories
This was implemented in v1.9 setting ACL in certain categories to hide them form some customer roles. I guess this approach was to make it compatible with most stores which show all categories to all roles; so it was easy to just hide some categories when needed. But in practice when you need ACL is to hide some categories from all, but some specific roles. With this approach there is also a conflict when a customer has several roles; some that hide a category and other that don't hide it.

Therefore I think it is better to have the opposite approach: have a property which states whether the the category is subject to ACL or not. If it is subject to ACL then it will be hidden (unpublished) to all customer roles except those set for publishing it. I think the approach of the v1.9 for the administration can be kept: an ACL tab in category for selecting/deselecting the customer roles for which the category will be shown.

Another problem with the ACL in v1.9 is that products within a hidden category could still be found with the search tool. It isn't wise then to hide in the search function products of hidden categories because it will affect performance and a conflict can arise when a product is in various categories; some hidden and some others not-hidden; or when there is the setting to publish the all the products within sub-categories of a category. Therefore for this is wiser to use the ACL on products.

ACL on Products
I think for products can be applied the same approach as for categories: define which are subject to ACL and for which roles they will be published as well as an ACL tab in the administration.

ACL on Manufacturers
An ACL on Manufacturers alike ACL on Categories can be also very useful and simple to develope.

Bulk ACL on Products
This feature, alike  Bulk edit product variants, will be required when there is ACL on several categories or products. It needs a search products by product name, category, manufacturer and SKU, as well by ACL Applied (true/false) and to which role. The resulting edit grid contains name and SKU and columns for selection/deselection of ACL Applies and each one of the roles. It will be very convenient to have tools for selection/deselection of each column.

When the store has many categories and products and requires ACL on several of them it will be more practical to use SQL queries or import tables from Excel.


EXAMPLES
The best way to validate all this is to test it with some real life cases that I know, so here it is:

Case 1) Special Categories/Products: B2C store which offers and Outlet for VIP and Premium customers plus exclusive products for the later.
Solution: Create a category Outlet  and set ACL for them and their product with access to VIP and Premium roles and another category Exclusives with ACL access to Premium role.

Case 2) Multi-store B2B/C: Office supplies (around 8000 products) B2C/B store. All categories and products at regular prices visible in B2C and for B2B:
- 3 roles (A, B, and C) with all products/categories visible  at price levels A, B and C
- Special customer (type 1) which have a special agreement to only buy form a subset (50 to 300 products)of the catalog at previously negotiated prices.
- Other special customers (type2) with an agreement for a subset who can also buy from the rest of catalog at price level A
Solution: Define roles A, B and C  and set ACL to all products and categories and make it visible to customer roles Guests, Registered, A, B and C: Define price levels (with Tiered Prices by Customer role) for roles A, B and C. Create special categories S1, S2, S3, ... with ACL access for alike customer (type 1) roles (S1, S2, S3, ...) with the corresponding subsets of products. Likewise create roles and categories SS1, SS2, SS3, ... for customer type 2 and also assign them customer role A.

Case 3- [b]Wholesale for different type of Customers[/b]: A wholesaler of bicycles of different manufacturers/brands and their parts and accessories. They have a public catalog of their products. They have 4 price levels (P1, P2, ...) and two types of customers: some who buy from all brands and the rest who buy form "regular brands" plus some of the  other "special brands" (B1, B2, ...).
Solution:
-Create roles P1, P2, ... and A and B1, B2, ....
-With present ACL configuration hide prices, cart and wishlist for Guests (Registered will not be active in practice since ther will be no registration).
-Set ACL on special brands B1, B2, ... and their products.
-Give access on these brands to the corresponding roles B1, B2, ... and to role A to all special brands.
-With Tiered Prices define price levels for roles P1, P2, ...
-Assign to customers of first type their corresponding role  for their price level (P1, P2, ...) and to the role A (for access to all special brands).
-Assign to customers of second type their corresponding role  for their price level (P1, P2, ...) plus to the role(s) corresponding to the brand(s) (B1, B2, ...) to which they can have access.

Case 4) Multi-store: A pizza chain with more than 100 shops countrywide. There are around 10 types of shops (T1, T2, ...) which, based on their geographic location, offer different products (ingredients) and different price schedules.
Solution: Create 10 customer roles (T1, T2, ...) corresponding to the 10 shop types and set ACL on products/categories and prices (with Tiered Prices) for each one. When a customer wants to enter to store hi is asked the Postal Code where the order is going to be delivered and he is assigned (or updated in case he previously had one) a customer role according to the type of shop nearby which is going to deliver the order. Thus the customer will see the corresponding products and prices

Eduardo, thanks a lot. Very good suggestions! I've just updated appropriate work items

eadameg wrote:
UPDATE

ACL on Product Variants
I found another real life case in which ACL on Product Variants is very helpful. It can be handled in a similar fashion as ACL on Products


Case 5) International training center (Multi-store): The center has IT training facilities in one or two cities of 4 countries in Latin America. It has a catalog of around 400 different courses which are given several times per year in those locations.
Solution: Each course is set as a product with a very long description to present objectives and detailed contents; a link to download PDF with all info; previous courses (using related products) and following courses (cross sells). Each combination of the course with a date and a location is created as a product variant, so each course (product) will have as many variants as its given in each date/location.  Similar to the pizza case create 4 customer roles (C1, C2, ...) corresponding to the 4 countries.   Set ACL on Product Variants and each variant will be assigned the role corresponding to the country where it takes place. As in the pizza case each visitor is assigned a role corresponding to URL the country which he entered.

Hi Eduardo,

Sure. Thanks a lot for suggestion. I've just create a work item. Please vote!

And here we go. ACL on product has just been finished. Please see changeset 76d4ea751701

...and for ACL on categories please see changeset 0d4eee527c78

a.m. wrote:

Great!!!

BTW: I think bulk ACL on Products is very important to make this operative for stores with several products. I have seen that you created a work item for this. If someone is interested can vote here


Bulk ACL on Products
This feature, alike  Bulk edit product variants, will be required when there is ACL on several categories or products. It needs a search products by product name, category, manufacturer and SKU, as well by ACL Applied (true/false) and to which role. The resulting edit grid contains name and SKU and columns for selection/deselection of ACL Applies and each one of the roles. It will be very convenient to have tools for selection/deselection of each column.

Sorry for asking ... but I am nop-rookie and not naitive-english.

* What ACL means?

* Do I understand correctly, that the current v2.65 does not support "ACL on Customers, on Products, on Categories etc", but the next version higher v2.65 will do?
Greets

blackhawk24 wrote:
ACL=Access Control List
It will be available in 2.7 (end of December) or you can use the change sets pointed by Andrei

Hello,

I am currently testing/developing nopCommerce 2.65 for a B2C application and would like to implement ACL on products and categories without upgrading to the newly released 2.70.  Is it possible to use the change sets referenced above to achieve this goal? If the answer is yes, how exactly are the change sets implemented (e.g., download and replace existing files within VS solution or can the edits and additions be made manually within the VS files, rebuild the solution, and then upload new solution to the server)?  What is the proper procedure? What about the database?  When would the sql update script need to be run?  Any specific instruction would be greatly appreciated.  Thank you.