Developer forum

Hi,

cause of the issue per the your case - unable to use impersonator for permissions on DW10 now (it's OK with appropriate settings in Settings-CP-Users on DW9). So, the issue is now under discussion, final results can be provided here later. Sorry for enconvience.

BR, Oleg QA 

Hi Oleg,

Is there an update on this yet?

Kind regards,
Caro De Weze

Hi Caro

When a user (master) impersonates another user, the master user inherits all of the permissions from the permission container of the impersonated user. So the master users permissions will no longer have an affect. This is working as designed.

BR Nicolai

Hi Nicolai,

Thanks for the update.

What is the easiest way to add that it works differently for one specific group? We have representatives that are part of the group 'Nussbaumer vertegenwoordigers'. For this group I have set that they cannot order anything. The representative must be able to log in as their customers to track orders, but are not allowed to order via this account. So it seemed easiest to me to specify for the group 'Nussbaumer representative' that every user they impersonate has the same permissions as the group the representative is part of. My screenshots in the original question make this clearer. I cannot just adjust the permissions for the customers themselves, because they can of course simply order.

I am of course also open to another option if this is not the way to go.

Kind regards,
Caro De Weze

Hi Caro,

What you request is not possible. As Nicolai commented: it is by design.

BR
Snedker

Hi Morten,

Can't I add for example an if/else that checks whether the master user is part of the 'Nussbaumer vertegenwoordigers' group and if that is true then it should not have any cart functionalities? This is quite important for our customer.

Kind regards,
Caro De Weze

Hi Caro,

(Apologies @rasmus If I'm thread-bombing here, just wanted to suggest this...)

I think "the easiest way to add that it works differently for one specific group? " is to hard code something into the template (but certainly not the prettiest ;-)

Since the top level users is a member of the 'Nussbaumer vertegenwoordigers' you should be able to check that in the template and then disable add to cart.

For example in ProductAddToCart you can then amend the hideAddtoCartVariable to hide the cart for this specific user group. 

Not very elegant but it should work, remember to check other templates as well (like the product list, depending on with which templates that is set-up)

Hi Caro,

It is possible, but then I will recommend handling it via notification subscribers and some additional coding that utilizes our API. If you need assistance on this particular part, please pick it up at ticket 16832.

@Justin  - that doesn not quite cut it. :)

The issue is that the scope is an impersonated user, so you do not have information about the impersonator. So you have to save information at the point of time just before impersonating that will indicate whether or not performing cart operations is allowed. You could potentially do this on the template, but for my taste it belongs in the bin folder.

BR
Snedker