First off... I would like to say awesome work guys! - Again!
I have run into a little issue with the ACL feature for product categories (restricting certain access to categories by customer role). Here is an example...
Category: XYZ
ACL Restrictions: CR1, CR2 (GlobalAdmin & CR3 not selected)
The issue:
CR1 cannot see the category, however - whenever CR1 is logged off, or more importantly, a guest visits the site - the category is listed.... I am now looking at Categories.Extentions.CS to try and make a little amendment so that the logic does not restrict the access, but rather allow access to a category based on the approved customer role. i.e.
allow anonymous user = false is the default a customer must be assigned to CR3/Global Admin to view the category/categories products, but am having a little trouble with the logic... anyone able to help?
....Another practical explanation:
Category XYZ= Product Brochure Displays (for wholesalers/resellers only)
CR1= Retail Customers
CR2= Favorite Customers
CR3= Wholesale Customers
Thanks in advance!
Access Control for Categories
- 4
- 20
- 11/16/2010
- United States
Seems like it would be nice to have an anonymous users group, as well as your own defined groups. Then change from category restriction to category allow.
I have the following situation:
Item: 123
is in Category A and Category B.
My domestic customers have access to all products in category A.
My International customers have access to all products in category B.
Item 123 is in both Category A and Category B.
If we had a true "deny access" system here, we would probably deny either of these groups from seeing item 123. (I understand that's not currently how Nop works, as you can always search for this part and find it.)
It seems to make more sense to give groups "allow access." This way you can have single products in multiple, mutually exclusive categories.
If a user finds a product through search, we can do a test to see if they have access to ANY of the categories in which this product resides.
I'm working on building a 1.9 update to implement this type of system. Please let me know if anyone else has already done the same.
Spencer
I have the following situation:
Item: 123
is in Category A and Category B.
My domestic customers have access to all products in category A.
My International customers have access to all products in category B.
Item 123 is in both Category A and Category B.
If we had a true "deny access" system here, we would probably deny either of these groups from seeing item 123. (I understand that's not currently how Nop works, as you can always search for this part and find it.)
It seems to make more sense to give groups "allow access." This way you can have single products in multiple, mutually exclusive categories.
If a user finds a product through search, we can do a test to see if they have access to ANY of the categories in which this product resides.
I'm working on building a 1.9 update to implement this type of system. Please let me know if anyone else has already done the same.
Spencer
- 7
- 45
- 2/12/2010
- United States
... a really crappy one.... - created new sub-domain 'dealer.mysite.com' allowing only navigation to registered customers. I know it's ugly but it does allow me to have some of the same products, as well as the "dealer only" products. Creates other unnecessary issues i.e. multiple instances of the DB (so as to get the custom limitations... but there are now 2 db's for essentially the same site - the story of my life :~) ).Also, I found that by doing this, it has allowed me the option to address another issue I was having: Multiple Shipping Methods (Retail customers who generally do not buy product in bulk, use USPS - Wholesale/dealer customers are assigned the FedEx shipping calculator. So, yes it does seem to be working... but I know enough about programming to say - it's ugly...
Mattr
http://www.theswimmingsolution.com
http://www.h2oralirrigator.com (coming soon!!!)
Mattr
http://www.theswimmingsolution.com
http://www.h2oralirrigator.com (coming soon!!!)
- 45
- 361
- 9/25/2010
- Czech Republic
Sorry guys, no solution from my side just some "second that": like said Seems like it would be nice to have an anonymous users group, as well as your own defined groups. Then change from category restriction to category allow
Needs to be programmed. Wonder what will happen if NC-users collectively define a spec and hire a developer to have it made, would it be possible for a.m. to accept that and incorporate that changed code in the standard?
Well that's another topic I guess.
Needs to be programmed. Wonder what will happen if NC-users collectively define a spec and hire a developer to have it made, would it be possible for a.m. to accept that and incorporate that changed code in the standard?
Well that's another topic I guess.
- 5
- 25
- 9/21/2010
- United States
Looks like I need to go down this route as well. How did you install 2 versions of NOP on your hosting account. When I install the software in a different folder, I get this error: allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
- 45
- 361
- 9/25/2010
- Czech Republic
Hi all,
I (or actually an ASP.NET developer that I know) halve solved this with limited changes. We wanted to make certain (wholesale) categories only visible for our B2B-customers and not for people who visit the site without logging in.
Therefore:
- We have created a customer role called "Consumers" (via admin area, standard functionality)
- We have created a customer role called "Anonymous " (via admin area, standard functionality).
- A visitor that DOES NOT register will have the category-access-rights of the customer role "Anonymous" (these access rights can be set via the standard "access control"-tab under "Manage categories"). If you restrict access to certain Categories for the Customer Role 'Anonymous" (= standard functionality) then the specific Category will not be shown on the pages when a visitor has NOT logged in. Some changes were needed to create this functionality.
- Visitors / Users who DO register will automatically will be assigned to the Customer Role "Consumers" (we have hard-coded this default assigning). This was needed to prevent new registered users from seeing the wholesale categories (and prices).
Note:
- When the administrator creates a new user from admin area (= not standard registration procedure) the user must also be manually assigned to one of the existing Customer Roles except "Anonymous".
- Don't assign registered Users to Anonymous Customer Role (dont know yet what effect this has if you do but my developer told me not to do this).
Technical changes:
- There is trigger "Nop_Customer_DefaultRole" on table "Nop_Customers" which runs after insert record and creates default Customer Role Mapping (= newly registered users get Customer Role "Consumers"). We have a simple sql script available to create this trigger.
- Create Anonymous CustomerRole via admin panel.
- Some changes on:
\Libraries\Nop.BusinessLogic\Categories\Extensions.cs
\Libraries\Nop.BusinessLogic\Properties\Settings.settings
\Libraries\Nop.BusinessLogic\Properties\Settings.Designer.cs (this file will be generated automatically when you change Settings.settings file)
\Libraries\Nop.BusinessLogic\app.config (this file will be also automatically generated if you change Settings.settings file, however see app.config.png)
If you want the details on code changes send me a private mail.
Dont hesitate to make remarks if we have missed a certain point in this approach! Thnx!
Stephan.
I (or actually an ASP.NET developer that I know) halve solved this with limited changes. We wanted to make certain (wholesale) categories only visible for our B2B-customers and not for people who visit the site without logging in.
Therefore:
- We have created a customer role called "Consumers" (via admin area, standard functionality)
- We have created a customer role called "Anonymous " (via admin area, standard functionality).
- A visitor that DOES NOT register will have the category-access-rights of the customer role "Anonymous" (these access rights can be set via the standard "access control"-tab under "Manage categories"). If you restrict access to certain Categories for the Customer Role 'Anonymous" (= standard functionality) then the specific Category will not be shown on the pages when a visitor has NOT logged in. Some changes were needed to create this functionality.
- Visitors / Users who DO register will automatically will be assigned to the Customer Role "Consumers" (we have hard-coded this default assigning). This was needed to prevent new registered users from seeing the wholesale categories (and prices).
Note:
- When the administrator creates a new user from admin area (= not standard registration procedure) the user must also be manually assigned to one of the existing Customer Roles except "Anonymous".
- Don't assign registered Users to Anonymous Customer Role (dont know yet what effect this has if you do but my developer told me not to do this).
Technical changes:
- There is trigger "Nop_Customer_DefaultRole" on table "Nop_Customers" which runs after insert record and creates default Customer Role Mapping (= newly registered users get Customer Role "Consumers"). We have a simple sql script available to create this trigger.
- Create Anonymous CustomerRole via admin panel.
- Some changes on:
\Libraries\Nop.BusinessLogic\Categories\Extensions.cs
\Libraries\Nop.BusinessLogic\Properties\Settings.settings
\Libraries\Nop.BusinessLogic\Properties\Settings.Designer.cs (this file will be generated automatically when you change Settings.settings file)
\Libraries\Nop.BusinessLogic\app.config (this file will be also automatically generated if you change Settings.settings file, however see app.config.png)
If you want the details on code changes send me a private mail.
Dont hesitate to make remarks if we have missed a certain point in this approach! Thnx!
Stephan.
- 156
- 1337
- 3/10/2011
- France
Stephan wrote:
- A visitor that DOES NOT register will have the category-access-rights of the customer role "Anonymous" (these access rights can be set via the standard "access control"-tab under "Manage categories"). If you restrict access to certain Categories for the Customer Role 'Anonymous" (= standard functionality) then the specific Category will not be shown on the pages when a visitor has NOT logged in. Some changes were needed to create this functionality.
Hello,
How did you managed to automatically put anonymous users in the Anonymous role?
Thanks.
- A visitor that DOES NOT register will have the category-access-rights of the customer role "Anonymous" (these access rights can be set via the standard "access control"-tab under "Manage categories"). If you restrict access to certain Categories for the Customer Role 'Anonymous" (= standard functionality) then the specific Category will not be shown on the pages when a visitor has NOT logged in. Some changes were needed to create this functionality.
Hello,
How did you managed to automatically put anonymous users in the Anonymous role?
Thanks.