Developer forum

Forum » Development » Transfer permissions to impersonated user

Transfer permissions to impersonated user

E-mail notifications
Caro De Weze
Reply
Posted on 30/08/2024 13:38:55

Hi,

How do I ensure that the permissions of a user in a certain group are taken over if you impersonate another user with that user?

Example: I have the group 'Nussbaumer vertegenwoordigers' containing the user 'Vertegenwoordiger test':

For this group I have set permissions so its users do not have access to the cart. I have set up with impersonation that 'Vertegenwoordiger test' can impersonate these two users:

When I now log in as a 'Representative' test and I impersonate the user Caro De Weze, I don't want the cart to be visible for this either. If I simply log in as Caro De Weze without impersonation, this must of course remain visible.
In my opinion I can add something like this in Swift to the Swift_ImpersonationBar.cshtml template. Can someone get me started?

Kind regards,
Caro De Weze


Replies

 
Oleg Rodionov Dynamicweb Employee
Oleg Rodionov
Posted on 03/09/2024 09:02:56
Reply

Hi,

cause of the issue per the your case - unable to use impersonator for permissions on DW10 now (it's OK with appropriate settings in Settings-CP-Users on DW9). So, the issue is now under discussion, final results can be provided here later. Sorry for enconvience.

BR, Oleg QA 

 
Caro De Weze
Posted on 23/09/2024 07:00:29
Reply

Hi Oleg,

Is there an update on this yet?

Kind regards,
Caro De Weze

 
Nicolai Pedersen Dynamicweb Employee
Nicolai Pedersen
Posted on 23/09/2024 09:22:46
Reply

Hi Caro

When a user (master) impersonates another user, the master user inherits all of the permissions from the permission container of the impersonated user. So the master users permissions will no longer have an affect. This is working as designed.

BR Nicolai

 
Caro De Weze
Posted on 23/09/2024 09:37:28
Reply

Hi Nicolai,

Thanks for the update.

What is the easiest way to add that it works differently for one specific group? We have representatives that are part of the group 'Nussbaumer vertegenwoordigers'. For this group I have set that they cannot order anything. The representative must be able to log in as their customers to track orders, but are not allowed to order via this account. So it seemed easiest to me to specify for the group 'Nussbaumer representative' that every user they impersonate has the same permissions as the group the representative is part of. My screenshots in the original question make this clearer. I cannot just adjust the permissions for the customers themselves, because they can of course simply order.

I am of course also open to another option if this is not the way to go.

Kind regards,
Caro De Weze

 
Morten Snedker Dynamicweb Employee
Morten Snedker
Posted on 30/09/2024 13:34:41
Reply

Hi Caro,

What you request is not possible. As Nicolai commented: it is by design.

BR
Snedker

 
Caro De Weze
Posted on 30/09/2024 14:08:07
Reply

Hi Morten,

Can't I add for example an if/else that checks whether the master user is part of the 'Nussbaumer vertegenwoordigers' group and if that is true then it should not have any cart functionalities? This is quite important for our customer.

Kind regards,
Caro De Weze

 
Justin Sjouw Dynamicweb Employee
Justin Sjouw
Posted on 30/09/2024 14:19:52
Reply

Hi Caro,

(Apologies @rasmus If I'm thread-bombing here, just wanted to suggest this...)

I think "the easiest way to add that it works differently for one specific group? " is to hard code something into the template (but certainly not the prettiest ;-)

Since the top level users is a member of the 'Nussbaumer vertegenwoordigers' you should be able to check that in the template and then disable add to cart.

For example in ProductAddToCart you can then amend the hideAddtoCartVariable to hide the cart for this specific user group. 

Not very elegant but it should work, remember to check other templates as well (like the product list, depending on with which templates that is set-up)

 

 

 
Morten Snedker Dynamicweb Employee
Morten Snedker
Posted on 30/09/2024 14:19:58
Reply

Hi Caro,

It is possible, but then I will recommend handling it via notification subscribers and some additional coding that utilizes our API. If you need assistance on this particular part, please pick it up at ticket 16832.

 
Morten Snedker Dynamicweb Employee
Morten Snedker
Posted on 30/09/2024 14:24:51
Reply

@Justin  - that doesn not quite cut it. :)

The issue is that the scope is an impersonated user, so you do not have information about the impersonator. So you have to save information at the point of time just before impersonating that will indicate whether or not performing cart operations is allowed. You could potentially do this on the template, but for my taste it belongs in the bin folder.

BR
Snedker

 

You must be logged in to post in the forum