Closed margamorais closed 3 weeks ago
This is a great point! I think the best course is the suggestion of making the existing pubic: true
property determine visibility in the Shop API. I think that is the most simple and expected behaviour, and does not require us to introduce a new permission to cover just this case.
Thank you!
Describe the bug Since Vendure 2.2.0 it's possible to add permissions to custom fields, however these permissions also affect what the Customer can see in the storefront, as it affects the shop-api. By adding requiresPermission to a customField, if the Customer role doesn't have this permission, the field won't be visible in the storefront.
To Reproduce Steps to reproduce the behavior:
Expected behavior Given that the custom field type already has a public setting, which tells if the field is visible in the shop api or not, the requires permissions setting should not be affecting this. Either, there is a Permission.Customer, similar to the Permission.SuperAdmin which allows us to add that permission to the field and makes it visible in the shop-api, even though it has other permissions required, or the requiresPermissions setting should not affect the visibility of the field on the shop-api, it should only affect the field on the admin-api/admin-ui.
Environment (please complete the following information):