I created a patch to let Anonymous users first review (view) their own registration before paying for them. https://www.drupal.org/node/2443091 Which created the issue of payment page access. I've updated that access to use the same method as my patch for securing anonymous user access to view registrations. https://www.drupal.org/node/2224159 It checks to see if the anonymous user created the specific registration using the sessions. This is similar to the way Commerce grants access to an anonymous user to view their own order confirmation.

CommentFileSizeAuthor
anonymous_pay_for_own-1.diff976 bytesjlockhart
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

jlockhart’s picture

Status: Active » Needs review

setting to needs review

gcb’s picture

Status: Needs review » Postponed (maintainer needs more info)

I'm not clear on how that session variable is getting set? Is there a missing piece to this patch?