Hello,
I have a View of Ubercart products with VBO. The only Bulk Operation I have enabled is "Add to cart". When User 1 checks the check boxes next to one or more products and clicks the execute button, it successfully adds those products to the cart. However, when an anonymous or authenticated user tries to perform the same action, they experience this error message: "Skipped Add Selected Products to Cart on node [Product Name] due to insufficient permissions."
I checked the permissions, and I do have "Execute Add to cart" enabled under "Actions permissions (VBO)". Can someone please point me in the right direction on how I can grant this permission to all site users?
Thanks!
Comments
Comment #2
hockey2112 CreditAttribution: hockey2112 commentedComment #3
hockey2112 CreditAttribution: hockey2112 commentedI downgraded to VBO 7.x-3.2, and the issue is no longer occurring. So something in the upgrade to 7.x-3.3 is causing this issue. I am not knowledgeable enough to figure out what that cause is, though.
Comment #4
mautumn CreditAttribution: mautumn commentedThanks hockey2112! I was trying to achieve a similarly non-node-changing action - printing a list of nodes in my usecase - which shouldn't require any special node permissions - and, having tried many things, I gave the downgrade to VBO 7.x-3.2 a try and it works for me also.
Comment #5
hockey2112 CreditAttribution: hockey2112 commentedGreat! Hopefully we can get a bug fix for this issue in the next release.
Comment #6
drupal-n3rd CreditAttribution: drupal-n3rd commentedSame here, subscribing. Downgrading to 3.2 seems to resolve the issue.
Comment #7
Robert_W CreditAttribution: Robert_W commentedProblem for me as well, especially in combination with Organic Groups. Group administrators cannot modify user roles anymore.
Comment #8
johnennew CreditAttribution: johnennew at Deeson commentedFor organic groups, VBO seems to be checking that the user performing the operation not only has the VBO permission for Modify Membership Status but also has update permission on the og_membership entity. I cannot find a permission which grants this!
Comment #9
johnennew CreditAttribution: johnennew at Deeson commentedActually I have found the permission - its "Administer Organic groups permissions" which grants global permission to all of organic groups. Not sure who's issue this is anymore!
Anyway, this undoes this without having to grant a high level global permission but is probably entirely the wrong way to approach this...
Comment #10
johnennew CreditAttribution: johnennew at Deeson commentedI think this is a ViewsBulkOperationsAction class issue.
getAccessMask() - "behaviour" is a new key which has been added
This makes the assumptions about every action on the system so in the case of nodes, it's assuming adding a role is "editing", in the case of Organic Group membership it is assuming you need to have the ability to edit the membership - but we only have the ability to set the membership status.
By throwing a false behaviour in as described in #9 we circumvent this permission check.
Comment #11
johnennew CreditAttribution: johnennew at Deeson commentedUpdate on #9, I also needed to allow admins to be able to set roles.
Comment #12
joelpittetPlease review this issue as it's the original issue and has some good suggestions for a way forward.
#2254871: Default action behaviors in getAccessMask()