We're using this plugin in combination with the API plugin and marketplace plugin, and, naturally, we want to restrict which products vendor users may access via the API.
I've decorated the AdministratorAccessChecker to also check permissions when accessing API endpoints, but now an attempt by a vendor user to access another vendor's product via the API causes a 302 redirect to the dashboard (and subsequently to the login page) instead of properly failing like API requests should.
I think a best fix for this would be to adjust AccessCheckListener to fail differently for non-HTML requests. At least that's the path I think I'm going to pursue for now.
We're using this plugin in combination with the API plugin and marketplace plugin, and, naturally, we want to restrict which products vendor users may access via the API.
I've decorated the
AdministratorAccessCheckerto also check permissions when accessing API endpoints, but now an attempt by a vendor user to access another vendor's product via the API causes a 302 redirect to the dashboard (and subsequently to the login page) instead of properly failing like API requests should.I think a best fix for this would be to adjust
AccessCheckListenerto fail differently for non-HTML requests. At least that's the path I think I'm going to pursue for now.