Category Specific Access Restriction (CSAR) - [Support Thread]

[Danielle]

The Specials category is the restricted one. If you are not logged in and you go to the Specials category, you are taken to the login page, which is fine.

If you are logged in, and DO have special privileges, when you go the Specials category, you are taken to the My Account page, when you should have access to view the Specials category.

If you are logged in, and do not have privileges, you are taken to the My Account page as well.

Thanks Danielle,

Clicked through all cats w/out problems. None of your categories seem to be access restricted but they are price restricted, I can't see prices. Logged in and clicked through all cats and can see prices and add products to cart.

Only coming to blocks when clicking on the heading 'Wholesale'. Do you have 'Dual Pricing - Wholesale Pricing' installed?

I don't think CSAR itself poses a problem. Are there any other mods installed that may clash with CSAR?

Frank

[frank18]

The Specials category is the restricted one. If you are not logged in and you go to the Specials category, you are taken to the login page, which is fine.

If you are logged in, and DO have special privileges, when you go the Specials category, you are taken to the My Account page, when you should have access to view the Specials category.

If you are logged in, and do not have privileges, you are taken to the My Account page as well.

It does not appear to take a snapshot and gets trapped in a loop. Not a behaviour I have seen with CSAR installs on other sites. Without analysing the code I can not help further. Could you download the content of the includes folder, zip it up and and email it to the address I am about to PM?

Frank

[frank18]

Danielle, can you set category 16 (bath) as a restricted category (even if only temporary) and report back how this category responds. Reason being that this issue has got me puzzled - despite the local time being already midnight and my bed is waiting for me.....

Thanks / Frank

[Danielle]

Danielle, can you set category 16 (bath) as a restricted category (even if only temporary) and report back how this category responds. Reason being that this issue has got me puzzled - despite the local time being already midnight and my bed is waiting for me.....

Thanks / Frank

It behaves the same way, if I am not logged in, it takes me to the login page. If I am logged in, it takes me to the My Account page, regardless of whether my user account has special privileges or not.

I have zipped the includes folder and e-mailed it to you.

Thanks!

[frank18]

It behaves the same way, if I am not logged in, it takes me to the login page. If I am logged in, it takes me to the My Account page, regardless of whether my user account has special privileges or not.

I have zipped the includes folder and e-mailed it to you.

Thanks!

Danielle,

I checked your includes folder but can't find anything sinister.

The file that tests for restrictions and privileges is

includes/modules/pages/index/header_php.php

The relevant code at the end of that file is

PHP Code:

// ********* bof CATEGORY_RESTRICTION **********
/**
* we want product details of certain categories to be accessible by members only so redirect them to the login page
 */
if (!$_SESSION['customer_id'] && !$_SESSION['customers_privileges'] > 0 && in_array($current_category_id,explode(',', CATEGORY_RESTRICTION_LOGIN_CATEGORY)) ) {
    $_SESSION['navigation']->set_snapshot();
  zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL')); 
      }

/**
* we are testing if a logged in customer has special privileges to view products in this category
 */
if ($_SESSION['customer_id'] && !$_SESSION['customers_privileges'] > 0 && in_array($current_category_id,explode(',', CATEGORY_RESTRICTION_LOGIN_CATEGORY)) ) {
    $_SESSION['navigation']->set_snapshot();
  zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL'));
      }
  
/**
* we are testing if a logged in customer has special privileges to view products of a restricted manufacturer
 */
if (!$_SESSION['customers_privileges'] > 0 && in_array($_GET['manufacturers_id'],explode(',', CATEGORY_RESTRICTION_LOGIN_MANUFACTURER)) ) {
    $_SESSION['navigation']->set_snapshot();
  zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL')); 
      }

if ($_SESSION['customer_id'] && !$_SESSION['customers_privileges'] > 0 && in_array($_GET['manufacturers_id'],explode(',', CATEGORY_RESTRICTION_LOGIN_MANUFACTURER)) ) {
    $_SESSION['navigation']->set_snapshot();
  zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL')); 
      }

// ********* eof CATEGORY_RESTRICTION **********


// This should be last line of the script:
$zco_notifier->notify('NOTIFY_HEADER_END_INDEX'); 


... and all of that code looks perfectly ok to me in your file

Can you please double check that your admin/customers.php file has been merged correctly. I am beginning to think that special privileges are not being posted to the DB when editing customer details and the customer remains a *normal" customer (no privileges).

Thanks / Frank

[Danielle]

Hi Frank,

I checked in phpMyAdmin and I can see that the privileges are being posted. It does save it in the admin as well and shows in the customer list that the customer has privileges.

Danielle,

I checked your includes folder but can't find anything sinister.

The file that tests for restrictions and privileges is



The relevant code at the end of that file is

PHP Code:

// ********* bof CATEGORY_RESTRICTION **********
/**
* we want product details of certain categories to be accessible by members only so redirect them to the login page
 */
if (!$_SESSION['customer_id'] && !$_SESSION['customers_privileges'] > 0 && in_array($current_category_id,explode(',', CATEGORY_RESTRICTION_LOGIN_CATEGORY)) ) {
    $_SESSION['navigation']->set_snapshot();
  zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL')); 
      }

/**
* we are testing if a logged in customer has special privileges to view products in this category
 */
if ($_SESSION['customer_id'] && !$_SESSION['customers_privileges'] > 0 && in_array($current_category_id,explode(',', CATEGORY_RESTRICTION_LOGIN_CATEGORY)) ) {
    $_SESSION['navigation']->set_snapshot();
  zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL'));
      }
  
/**
* we are testing if a logged in customer has special privileges to view products of a restricted manufacturer
 */
if (!$_SESSION['customers_privileges'] > 0 && in_array($_GET['manufacturers_id'],explode(',', CATEGORY_RESTRICTION_LOGIN_MANUFACTURER)) ) {
    $_SESSION['navigation']->set_snapshot();
  zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL')); 
      }

if ($_SESSION['customer_id'] && !$_SESSION['customers_privileges'] > 0 && in_array($_GET['manufacturers_id'],explode(',', CATEGORY_RESTRICTION_LOGIN_MANUFACTURER)) ) {
    $_SESSION['navigation']->set_snapshot();
  zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL')); 
      }

// ********* eof CATEGORY_RESTRICTION **********


// This should be last line of the script:
$zco_notifier->notify('NOTIFY_HEADER_END_INDEX'); 


... and all of that code looks perfectly ok to me in your file

Can you please double check that your admin/customers.php file has been merged correctly. I am beginning to think that special privileges are not being posted to the DB when editing customer details and the customer remains a *normal" customer (no privileges).

Thanks / Frank

[Danielle]

Just an update that I also just tried restricting by manufacturer instead of category, and when I do that, I can access everything, with or without privileges. It doesn't restrict anything. So it's the exact opposite of if I try and restrict by category, in which case it restricts everything even if I do have privileges. So strange!

[frank18]

Just an update that I also just tried restricting by manufacturer instead of category, and when I do that, I can access everything, with or without privileges. It doesn't restrict anything. So it's the exact opposite of if I try and restrict by category, in which case it restricts everything even if I do have privileges. So strange!

OK I figured it out! It is just the authorization settings in the admin.

We need Customer Approval Status – Authorization Pending set to 2, because we don’t want retail customers to see an add to cart button, checkout, etc. If I set it to 0, the CSAR mod works perfectly. Setting that value to anything else makes the CSAR mod not function correctly.

Just tried to replicate this on my CSAR demo site: I set cust auth to '2' then went to the store front, clicked on a restricted cat and was redirected to the login page. Logged in and I had immediate access - just the same as if cust auth was set to '0'. The status of cust auth should have no bearing on the behaviour of CSAR.

So.... that behaviour is still in contrast to what you are experiencing with your site. There still has to be a clash with one of the other installed mods. As a workaround you may want to set cust auth to '0' AND then enter every single master cat as price restricted (the top line in CSAR admin...). If that works then at least the store can be operational again. It is only a workaround - no permanent solution and tedious if there are lots of categories.....

Cheers / Frank

[Danielle]

Well that's bizarre, because none of our mods have anything to do with the customer authorization status either. In any case, I did some custom coding and made a workaround that works for our store.

Thank you for all your help!

Just tried to replicate this on my CSAR demo site: I set cust auth to '2' then went to the store front, clicked on a restricted cat and was redirected to the login page. Logged in and I had immediate access - just the same as if cust auth was set to '0'. The status of cust auth should have no bearing on the behaviour of CSAR.

So.... that behaviour is still in contrast to what you are experiencing with your site. There still has to be a clash with one of the other installed mods. As a workaround you may want to set cust auth to '0' AND then enter every single master cat as price restricted (the top line in CSAR admin...). If that works then at least the store can be operational again. It is only a workaround - no permanent solution and tedious if there are lots of categories.....

Cheers / Frank

[frank18]

Well that's bizarre, because none of our mods have anything to do with the customer authorization status either. In any case, I did some custom coding and made a workaround that works for our store.

Thank you for all your help!

No problem Danielle - could you please let me know how you implemented that workaround.

Thanks / Frank