Some time ago I had a problem with ubercart where when the user tried to review their order on checkout it showed somebody else's name and information.

At that time I deleted the sessions table thinking it was some sort of corruption. Today it has come back and this time I looked more closely at the sessions table. All of the sessions had the word masquerade in them.

I deleted the sessions and uninstalled masquerade so we'll see what happens next.




Ari Gold’s picture

Does anyone else have problems with ubercart and masquerade?

I'm considering installing masquerade so the store admin can masquerade as a user that phones in to place an order. The "Create Order" workflow built into ubercart seems to be lacking, and I've also done some custom logic to change prices based on the user's role. So I thought Masquerade might be a good solution, but I'm wary if it means I'll run into other problems.

wjaspers’s picture

Nope. I've already accomplished this with Drupal 7.

I wrote a custom CTools context for it (ctools module), and a custom Context condition (context module), so you can do some magic tricks with blocks or panels (your choice). [These might need to be backported]. I also have a sandbox project that exposes the Ubercart add to cart form as two potential blocks (one for buy it now--no attributes), and another for the full (add to cart form).

If you want to see what users have currently available carts, create a View using the users base table, and add some fields from "Cart" (I don't recall if they're available in 6.x, but should be a breeze to port). I put a 1 hour time filter on mine so the "open carts" view doesn't get too big to sift through.

As for your pricing question, masquerade might create a minor roadblock. Once your "office user" is switched to a "normal user" account, ALL site actions/functionality fall under the normal user's account permissions.

If you really want to wait until my aforementioned patches are approved or denied, you can always set the PHP Code setting on blocks, and restrict them with this code:
return isset($_SESSION['masquerading']) && is_numeric($_SESSION['masquerading']);

rickmanelius’s picture

I have masquerade on D6 and D7 installations and have not had this problem... is this still active?

wjaspers’s picture

I think the problem he was referring to is that Ubercart stores the User's ID as a SESSION ID or a physical UID from the database. It just depends on whether or not the user is logged in. Because masquerade flops the logged in user with a session variable, its possible Ubercart picked up the wrong user data. This may have been resolved in future versions.