Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Hi to all,
i've recently upgraded the versione of the commerce module, and i'm getting a strange problem.
I have a couple of users that can manage the store and view/edit the orders.
After the upgrade those users cant view the order page (admin/commerce/orders/[order-number]) because the access is denied also if the permissions are well setted.
The strange thing is also that they can edit the order(admin/commerce/orders/[order-number]/edit).
Any idea why this is appening or how can i backtrace this problem?
Thanks to all
Comments
Comment #1
rszrama CreditAttribution: rszrama commentedJust take a look at the permissions in the View. I think I remember us changing the specific permission used or something, so you can check it out and compare it against the permissions you've granted to your users.
Comment #2
andrea.cavattoni CreditAttribution: andrea.cavattoni commentedSorry but there is no views of the order page, is a rendered entity.
If there is where can i find it?
I changed the "commerce_order_access" function returning true always, but i cant see the order anyway.
Also the path "/admin/commerce/" return a 403, i've tried out the module "access denied backtrace" but it says that "there is no explicit access denied for this user" in the page.
I've also placed a watchdog in the "commerce_order_access" and in the "commerce_entity_access" function but both are not executed with the test user (with the admin user it works).
Any idea?
Comment #3
andrea.cavattoni CreditAttribution: andrea.cavattoni commentedFinally i've solved the problem backtracing the 403 to this function "commerce_order_admin_order_view_access".
It seems that it gets a 403 because i've not setted the permissions for "administration help" (user_access('access administration pages')).
Comment #4
rszrama CreditAttribution: rszrama commentedOk, that's the permission we've always used. There's another open issue to change this to a custom permission somewhere.
Comment #5
Lukas von BlarerBut this is not a permission I want to give to the customers... This gives access to some other URLs. This used to work before. Is there something else I could do except giving this permission?
Comment #6
Lukas von BlarerSorry, didn't mean to change the status...
Comment #7
rszrama CreditAttribution: rszrama commentedCan't you just edit the View to set it to what you want?
Comment #8
Lukas von BlarerYes, you are right. But there is no other path orders can be access, right? Removing
admin/
gives a 404.