[CoreShop1] show 404 in detailAction if product has been disabled

coreshop / CoreShop

CoreShop - Pimcore enhanced eCommerce

http://www.coreshop.org

Other

276 stars 157 forks source link

[CoreShop1] show 404 in detailAction if product has been disabled #173

Closed solverat closed 6 years ago

solverat commented 7 years ago

If a product gets disabled in backend, product::detailAction() must throw an exception.

Yivan commented 7 years ago

Hello! Thanks for this security issue. Just i was thinking about the user orders: in the front end, enduser can see his previous orders and their is a link to the products detail he ordered (if i remember well). Maybe the 404 should display an explicit message like "Product is not more in the catalog", something like that so enduser don't think this 404 is a bug/problem.

dpfaffenbauer commented 6 years ago

If anyone needs this, a PR would be nice. Since nothing much happens anymore with CoreShop 1, I'll close this issue.

Yivan commented 6 years ago

Just to know, on CoreShop 2 how is handled product desactivation in the frontend:

404 for the detail product page ?
in case product was part of a previous command, it is a 404 too on the customer frontend ?

dpfaffenbauer commented 6 years ago

Hey @Yivan

thats a good point, I'll create a separate issue for CoreShop 2. I am not sure how to handle product page for customers who already bought products though. For a short sight, they'll get a 404 as well, but we need to change this in long sight.