search

sharetribe / web-template

Sharetribe Web Template - starting point to create a client app to your marketplace
Other
31 stars 136 forks source link

Add transaction initiate rights handling #450

Closed SariSaar closed 1 month ago

SariSaar commented 2 months ago

This PR prepares the codebase for the ability to restrict transaction rights per individual user. Operators can allow or restrict users from initiating transactions, independent of other actions that the user can take on the marketplace.

When the user does not have this permission in their effectivePermissionSet relationship and they try to make an order or send an inquiry, they are redirected to the NoAccessPage.

Screenshot 2024-09-11 at 10 25 12

New translations

One of the new translations uses rich text formatting for the FormatMessage – read more here.

  "InquiryForm.noTransactionRightsError": "Oops, something went wrong. You don't have transaction rights. <NoAccessLink>Read more about transaction rights.</NoAccessLink>",
  "NoAccessPage.initiateTransactions.schemaTitle": "No transaction rights",
  "NoAccessPage.initiateTransactions.heading": "You don't have transaction rights",
  "NoAccessPage.initiateTransactions.content": "To start a transaction, you need to receive transaction rights from the {marketplaceName} team.",

Updated translation

  "InquiryForm.userPendingApprovalError": "Oops, something went wrong. Your account is waiting for approval.",

Notes

For developers who see this before the feature is fully released in the API & Docs:

When transaction rights have been revoked for a marketplace user, the following Marketplace API endpoint will be restricted:

Transactions POST "transactions/initiate"

Gnito commented 2 months ago

@SariSaar you should make a check to CheckoutPage too. I.e user might be on a CheckoutPage, when operator removes the right to initiate transactions. (Or user might even manually try to access checkout page by modifying URL directly.)

Something similar was made on this PR https://github.com/sharetribe/web-template/pull/428/

Also consider other scenarios: A user is already on contact form (on listing page) and operator removes the right before the user submits the form https://github.com/sharetribe/web-template/pull/428/commits/788292c24f9728677444c07695889211f65fb006

Related to this, I don't think you should add the redirection to the contact form's submit (aka handleSubmitInquiry). If the redirection is there, user will lose what they were writing on that form.

A better or more user-friendly UX is that a) We don't allow user to open the modal on handleContactUser function. https://github.com/sharetribe/web-template/pull/428/commits/c967d74fc78874be73b2e578bd39c07f88f948eb b) if the form is open (while operator removes the right), we handle the error that API returns. https://github.com/sharetribe/web-template/pull/428/commits/788292c24f9728677444c07695889211f65fb006

This way user is proactively redirected to NoAccessPage (before they write anything) and in the rare scenario (where restriction is added while user is writing a long message), they don't lose that message. Instead, they see an error message under the textarea and they can then decide to copy the message to be used later.