product variation not viewable/editable by content-authors

silvershop / silvershop-core

SilverShop is an e-commerce shopping cart module for the SilverStripe CMS

http://silvershop.github.io

BSD 2-Clause "Simplified" License

113 stars 119 forks source link

product variation not viewable/editable by content-authors #686

Open sparkcom opened 6 years ago

sparkcom commented 6 years ago

the canEdit / canDelete / canCreate/canView methods need to be defined in the Variation class as content-authors can't work on variation. Currently a way to work around it is to set the permissions using an extension

bummzack commented 6 years ago

That is a general SilverStripe "issue" or limitation. DataObjects can never be edited by non-admins if permissions aren't explicitly granted.

Not sure if we should introduce explicit permissions for variations (eg. that editing of variations can be granted to a group of users), or if the permissions should just be inherited from the parent Product? I'm leaning towards the latter approach. Thoughts?

sparkcom commented 6 years ago

The latter approach to inherit permissions from parent Product is logical.

There is the same issue with Attribute and AttributeValue. PermissionProvider may be a good solution for them.