Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Give Vendor Selective Permission To View A Document Rate Topic   - - - - -

 

Posted 24 August 2021 - 02:23 PM #1

Hello,

 

There are 2 things I want to do. I want to give vendors permission to see payout invoices from the backend (currently they can only see order invoices) and I want to give vendor permission to see a custom document made by me. I learned how to use the schema for vendor privileges and I managed to allow them to see both the payout invoice and my custom document.

 

The problem I'm facing is how can I restrict for example the payout invoice so that only the vendor from the invoice can see it. If I give access to vendors in the backend to the invoices, one vendor can see ALL invoices if they have the link. I saw that the order invoices are restricted to other vendors and I couldn't figure how it was done. Can anyone explain this to me?

 

Hopefully I'm explaining this clearly:

1. Payout Invoice -> Vendor access (I know how to do this part) -> Only one vendor should see this and admin (I don't know how to do this)

2. Custom Document -> Vendor access -> Only one vendor should see this and admin



 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 12091 posts

Posted 02 September 2021 - 07:24 PM #2

Are you stating that when a vendor runs your custom 'mode' to show the document, that they see documents from other vendors?


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.


 

Posted 02 September 2021 - 11:12 PM #3

Yes. For example only the vendor that is in the order can see this document/order https://www.example....ce&order_id=145(vendor company_id = 40 in document so anyone else shouldn't be able to access this document/mode)

I want to do the same for my custom document but also for the payout invoice since vendors can't see those in the backend.



 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 12091 posts

Posted 08 September 2021 - 06:21 PM #4

Your query for the documents should cover this.  I'd do something like the following in your controller that provides the data to your template.:

$company_condition = '';
if( $company_id = Registry::get('runtime.company_id') )
  $company_condition = "AND company_id=$company_id";
 
$sql = "SELECT your select criteria here WHERE 1 $company_condition"

EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.


 

Posted 08 September 2021 - 08:25 PM #5

 

Your query for the documents should cover this.  I'd do something like the following in your controller that provides the data to your template.:

$company_condition = '';
if( $company_id = Registry::get('runtime.company_id') )
  $company_condition = "AND company_id=$company_id";
 
$sql = "SELECT your select criteria here WHERE 1 $company_condition"

 

Yes, thank you! I will do that for my custom document. I have a follow-up question though. What do I do in the case of the payout invoice document? I saw that company_id = 0 in payout orders. In the frontend the document uses "fn_is_order_allowed" which seems to work based on user_id. The backend uses "fn_get_order_info" which is based on company_id which is 0 for some reason. What would be the solution in this case? I tried in the past to give company_id the proper value, but I didn't succeed since the function that creates the payout invoice doesn't have a hook in it.

Edit: Nevermind. I get now why company_id is 0. The question still remains though. How can I show this payout invoice to the vendor? 



 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 12091 posts

Posted 09 September 2021 - 04:43 PM #6

Company_id zero is for the merchant.  I.e. non-vendor actions.  All vendors are assigned a company_id.  So when the runtime.company_id is zero, you are running in the context of the store admin. When it's not, you're running in the context of the vendor.

 

In the frontend, everything is "running" as company_id zero and products have a company_id related to a vendor and that's what determines how orders are split.


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.


 

Posted 12 September 2021 - 10:36 PM #7

@tbirnseth thanks for the help so far :-)

 

Oke. I have managed to do what I wanted. I have one last question though about payouts. Why is the order_id in the vendor_payouts sql table 0? Shouldn't it correspond to an actual order from the orders sql table? I'd like to use that in order to determine if a user has access to the order. The only way I can tell that a payout is linked to a order is by the comment... which is not that good.



 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 12091 posts

Posted 14 September 2021 - 06:33 PM #8

@tbirnseth thanks for the help so far :-)

 

Oke. I have managed to do what I wanted. I have one last question though about payouts. Why is the order_id in the vendor_payouts sql table 0? Shouldn't it correspond to an actual order from the orders sql table? I'd like to use that in order to determine if a user has access to the order. The only way I can tell that a payout is linked to a order is by the comment... which is not that good.

Sorry, I have no idea.  All entries in my development DB with order_id == 0 are for payouts.


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.