Possible to control access by admins to different orders ?

dmb · March 11, 2016, 11:33:07 AM

J3.4.8 VM3.0.12

I've set up a shop that has products associated with different manufacturers. These relate to events that are run by our society, which are either National or Regional (North, South, East West). We have a general admin, and one admin per region.

Up to now any admin could see orders for any events (national or in any region), and could edit/cancel/etc. any of these, but I've been asked to configure the shop such that the general administrator can edit any orders, but the regional admins can only update orders for products for which their region is 'manufacturer'.

It seems like a fairly reasonable request, but I can't see that it's possible in VM - have I missed something ? I've searched but can't find any related questions.

Thanks for any insights

David

Studio 42 · March 11, 2016, 15:49:10 PM

multi vendor should be the solution. Have you check to use this to replace manufacturer ?
The problem, is that you need one product per vendor, but this can be child products.
And you can use a dropdown SELECT warehouse (a warhouse is a vendor in your case)

dmb · March 11, 2016, 18:36:29 PM

Ah ! I hadn't thought of multi vendor. I'll look into that and see if I can figure out how to make that work.

Thanks,

David

jenkinhill · March 11, 2016, 23:33:42 PM

This may help http://docs.virtuemart.net/manual/general-concepts/211-multivendor.html

Milbo · March 12, 2016, 11:37:15 AM

There is a problem at the moment.

What happens when a shopper buys from two different vendors/manufacturers. At the moment it works only with one vendor per order.

That a vendor sees only his own orders/users works already. But this is defined by the vendorId of the cart, which sets the vendorId of the order.

For your case, it may make sense to write a search, which checks the listed products. So when an orderitem belongs a certain vendor, then he can see the order.

I am willing to write and add it to the core, just need some funding. For example a gold one http://extensions.virtuemart.net/support/virtuemart-supporter-membership-detail

dmb · March 13, 2016, 10:53:04 AM

Ah yes, this came up yesterday when I was discussing the issue with the others who run the regional groups. It's almost certain to happen, as many people buy a membership product (National) at the same time as a course or event (Regional product) so they can get a member discount on the latter.

So now we're thinking that while we still need regional admins to edit their own joomla webpages we'll have to restrict the ability to change the status of orders to a single shop administrator - any way to do this ?

Thanks,

David

Studio 42 · March 13, 2016, 13:20:30 PM

Main vendor or Joomla super user can always edit all orders.
But the other vendors can only edit and see own orders and product. But you can restrict more with Joomla ACL.

dmb · March 14, 2016, 09:36:18 AM

Yes, the multi-vendor would stop any of the others from being to change orders they shouldn't but the 'multiple vendor products in the same order' problem means multivendor isn't an option unfortunately.

I'm going to see if there's some way of preventing anyone but the main admin user from accessing the Orders section, then just send an automated report of orders placed to the others. It seems that'll meet their needs while controlling access.

All the best,

David

Milbo · March 14, 2016, 11:53:53 AM

Quote from: dmb on March 14, 2016, 09:36:18 AM
Yes, the multi-vendor would stop any of the others from being to change orders they shouldn't but the 'multiple vendor products in the same order' problem means multivendor isn't an option unfortunately.

As I explained, multivendor is the right way to go.

There are options in the ACL for "only changing order status", see all orders, only the own order and so on. It is definitly the right way to go. The only thing missing is a new method to determine if an order is visible for more than one vendor. You should consider how much it is worth for you.

Quote from: dmb on March 14, 2016, 09:36:18 AM
I'm going to see if there's some way of preventing anyone but the main admin user from accessing the Orders section, then just send an automated report of orders placed to the others. It seems that'll meet their needs while controlling access.

That is imho by default already there. You can even create a group which is allowed to check only orders, but all orders. But you should calculate how much money it will cost to have extra admins checking the orders.

dmb · March 19, 2016, 13:01:43 PM

Yes, I understand your line of reasoning Milbo.

However our situation is that we already have the admins for each region in place, and as a registered charity they are volunteers so don't draw on our costs. My main concern is that they have agreed that only one of them should be able to update (Update status etc.) orders, and they want a way ot prevent the others from doing so.

So I'm looking at how to do that for them, and your suggestion of creating a group sounds like an excellent one. I'll look into that - it sounds like maybe a "group of one" is exactly what I need

Thanks,

David

Studio 42 · March 19, 2016, 13:43:07 PM

You can check fro Joomla super user in the controller.
In YOURSITE\administrator\components\com_virtuemart\controllers\orders.php

Code Select

public function updatestatus() {
$user = JFactory::getUser();
if(!$user->authorise('core.admin')) return;
...

Check if this is needed in other function.
But this is a hack, so you need to reapply it on each VM update.

News:

Possible to control access by admins to different orders ?