refactor: expanded product admin permissions #5428
Conversation
Signed-off-by: Erik Kieckhafer <[email protected]>
…ct, where needed Signed-off-by: Erik Kieckhafer <[email protected]>
Signed-off-by: Erik Kieckhafer <[email protected]>
Signed-off-by: Erik Kieckhafer <[email protected]>
Signed-off-by: Erik Kieckhafer <[email protected]>
Signed-off-by: Erik Kieckhafer <[email protected]>
|
Didn't test, but code 👍 |
|
@kieckhafer On it |
|
I'm trying to test this PR locally cos Mia was having trouble. I got up to the part where I made a new Store Manager w/ the updated Product Admin permissions... and then I tried to log out, by clicking the corner menu button and Log Out. But it immediately logged me back in. I tried opening the site in Safari, Firefox, Chrome, even Vivaldi, but same deal. I then manually deleted all my Session cookies. Now I'm stuck in this Zombie mode, where I cannot access the login / log out buttons at all. Sooo @kieckhafer What's the trick to logging into several different Admin w/ different Users? Use different browsers? Use different browsers, in Incognito mode? Manually delete session cookies? |
|
As @machikoyasuda mention, I was never able to fully test this because any time I try to turn anything on/off, I get the error below. Independent of selecting "Shop Manager" or no. No errors appear on logs, so I have no idea how to debug this. |
|
I tested the UI on this and it works for me 👍 |
Impact: major
Type: feature
Issue
We currently use the
createProductas a catch-all for any product related admin action. All users should not have permission to do all things with a product.Solution
Granulate permissions so that different users can perform different tasks, and not have all permissions on product admin.
createProductpermission as is, so any existing user groups withcreateRefundpermission are not affected.product/adminpermission in all places wherecreateProductis used. This will provide forward capability to use this permission as a catch-all / super-admin with a better descriptive name.product/adminin places where deemed appropriate:product/archive,product/clone,product/create,product/publish, andproduct/update.Thoughts for discussion
product/cloneandproduct/createprobably could be merged, if that's seen as a better fit, however I can imagine instances where a user should only be allowed to clone a variant, not create a whole new product.createProductand swap it forproduct/admin, instead of just addingproduct/adminin addition, but this would be a breaking change, and should probably be better addressed in an entire permissions overhaul, rather than this.Breaking changes
None. We keep our existing
createProductpermission as is. All new permissions are In addition tocreateProduct.Testing
createProductpermission (calledAdd productin our UI), which is the main products permission for the entire appProduct Adminpermission in the new sectionProduct AdminArchive Product. See that thearchivebutton is missing from the actions dropdownClone Product, and see that Duplicate is missing from the dropdownCreate productand see that+is missing from the variant / option listNote: You must have either
product/admin,product/update, orcreateProductpermission in order to even see a product page. If none of those are active, you'll see a blank page / error. This is consistent with the current app.