Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
1) The admin views for stores and products need to use the "access $entity_type overview", not "administer $entity_type". This was already fixed for orders and carts.
2) Config entity types should not get an "overview permission".
3) Adding a product as an authenticated user with a "create own" permission doesn't allow variation creation. Same with order items. We need to create access control handlers for variations and order items that always return TRUE, thus relying on the parent access control (since these entities can't exist without the parent).
Comments
Comment #2
bojanz CreditAttribution: bojanz at Centarro commentedExpanding scope
Comment #3
bojanz CreditAttribution: bojanz at Centarro commentedComment #4
bojanz CreditAttribution: bojanz at Centarro commentedThe commit is becoming big, spinning off the product unpublished permission.
Comment #6
bojanz CreditAttribution: bojanz at Centarro commentedCommitted.