Would it be possible to allow Administrators to view the sponsor purchase page? This is the link called "Order Link" on the Sponsors tab, and is the link you provide to sponsors so they can pay for their sponsorship. I wanted to see what it would look like for a sponsor before I blindly gave them the link, and kept getting access denied errors. Looking through the code (since a review of the permissions didn't show anything amiss), I found the following:

/*
 * Check to make sure whomever is adding a node to the cart is the owner of the node.
 */
function cod_sponsors_commerce_product_access($product, $node) {
  global $user;
  if (!entity_access('view', 'commerce_product', $product)) {
    return FALSE;
  }
  if ($node->uid == $user->uid) {
    return TRUE;
  }
  // TODO: This is pseudo code.
  if (!empty($node->field_sponsor_related_attendees) && in_array($node->field_sponsor_related_attendees[LANGUAGE_NONE], $user->uid)) {
    return TRUE;
  }
  return FALSE;
}

Would it be ok to modify this code and also allow those with an Administrator role? If so, I am happy to supply a patch.

If there is a reason to limit access, would it be ok to add a notification somewhere about who has access to this page?

Thanks,
Julia

Comments

japerry’s picture

japerry
Location KVUO
CreditAttribution: japerry at Drupal Association commented
Project: Conference Organizing Distribution » Conference Organizing Distribution Support Modules
Status: Active » Postponed (maintainer needs more info)

Hi Julia!

So the order link is giving a user the ability to buy a subscription, which take them to their cart. The reason why admins don't have access to that link is because it would assign the cart to the admin, which would not then be accessible by the user.

Essentially the 'order link' is an add to cart link, and creates an order. For testing, I'd have a non-admin user test purchasing a sponsorship, and then giving that test non-user account the link so you can see how the checkout process works.