Category Specific Access Restriction (CSAR) - [Support Thread]

[chibipaw]

Applied and verified.
That simple fix appears to have solve the circumvention problem.
I'll still need to look at what Im doing wrong that I have not been able to restrict by manufacturer id only. Either it might be a merge problem or usage problem.

One thing to note for the benefit of other users of this mod.
It's a little obvious, but it I still think it should be mentioned.
CSAR can only protect categories and its items only if the product's master category ID is under the restricted category. It will have no affects on products that are linked to a restricted category, but the master category is in a nonrestricted category.

Yep, I could reproduce that.

Open the file /includes/templates/MY_TEMPLATE/templates/tpl_product_info_display.php, find

Code:

if (!$_SESSION['customer_id'] && !$_SESSION['customers_privileges'] > 0 && in_array($result->fields['master_categories_id'],explode(',', CATEGORY_RESTRICTION_LOGIN_CATEGORY)) ) { 
 // block access to this product 
  echo TEXT_ILLEGAL_ACCESS ;

removed the part in red, change to

Code:

if (!$_SESSION['customers_privileges'] > 0 && in_array($result->fields['master_categories_id'],explode(',', CATEGORY_RESTRICTION_LOGIN_CATEGORY)) ) { 
 // block access to this product 
  echo TEXT_ILLEGAL_ACCESS ;

It is marked for the next updated version.



Sorry, I can't reproduce this, you may want to check for merging errors. Products by manufacturer works fine in a few test sites and also on a live 1.5.5a store.

[frank18]

.....One thing to note for the benefit of other users of this mod.
It's a little obvious, but it I still think it should be mentioned.
CSAR can only protect categories and its items only if the product's master category ID is under the restricted category. It will have no affects on products that are linked to a restricted category, but the master category is in a nonrestricted category.

If you link a non-restricted product to a restricted category then, naturally, that product will show, simply because it was never intended to be restricted in first place.

Vice versa, if you link a restricted product to a non-restricted category then that product will not show. After all, that product was intended to be restricted in first place.

The governing factor (in either case) is the master category.

So, I don't see an issue with these scenarios.

Btw, got your PM, thanks.

Cheers / Frank

[chibipaw]

Just want to drop a status update.
Successfully upgraded from ZC 1.5.4 to ZC 1.5.5a. Installed CSAR 2.2.0 without too many merging issues. I did some light testing and have pushed it to the production server. But I still haven't figured out how the mechanics of manufacturer restriction works yet, as setting the restriction mID, I can still freely browse any products. But at least the most important components works great.

Next step, I'll be installing other less important mods, hopefully nothing will conflict.

Just in the process of parceling up CSAR 2.2.0 modified for ZC 1.5.5a and will submit in the next day or so.

PM me your email and I send you a copy of the pack in the next day or 2.

[chibipaw]

Looks like I might have discovered a bug, or maybe a merge problem. But Im inclined to think it's the former.
So far everything looks good, but if I merge line 421 in admin/customers.php:
c.customers_privileges, c.customers_referral // CSAR 3 of 9

This errors appear when I click on the Edit button:
WARNING: An Error occurred, please refresh the page and try again.

This error appears in the logs:
[26-Jul-2016 05:23:43 America/Los_Angeles] PHP Fatal error: 1064:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/ CSAR 3 of 9
from customers c left join addre' at line 9 :: select c.customers_id, c.customers_gender, c.customers_firstname,
c.customers_lastname, c.customers_dob, c.customers_email_address,
a.entry_company, a.entry_street_address, a.entry_suburb,
a.entry_postcode, a.entry_city, a.entry_state, a.entry_zone_id,
a.entry_country_id, c.customers_telephone, c.customers_fax,
c.customers_newsletter, c.customers_default_address_id,
c.customers_email_format, c.customers_group_pricing,
c.customers_authorization,
c.customers_privileges, c.customers_referral // CSAR 3 of 9
from customers c left join address_book a
on c.customers_default_address_id = a.address_book_id
where a.customers_id = c.customers_id
and c.customers_id = '2' ==> (as called by) /home/shop/myadmin/customers.php on line 425 <== in /home/shop/includes/classes/db/mysql/query_factory.php on line 167

If the line isn't merged, and simply left as default, everything works fine. Except while editing the user, the Customers Special Privileges Status field will default as "None" instead of defaulting to the current state of the user. Selecting the appropriate privilege will toggle the customer privilege accordingly.
Any idea what might cause this issue? Also simply taking the customer.php from the package and overwriting the ZC default version will cause the same error upon selecting the Edit button.

If you link a non-restricted product to a restricted category then, naturally, that product will show, simply because it was never intended to be restricted in first place.

Vice versa, if you link a restricted product to a non-restricted category then that product will not show. After all, that product was intended to be restricted in first place.

The governing factor (in either case) is the master category.

So, I don't see an issue with these scenarios.

Btw, got your PM, thanks.

Cheers / Frank

[frank18]

Looks like I might have discovered a bug, or maybe a merge problem. But Im inclined to think it's the former.
So far everything looks good, but if I merge line 421 in admin/customers.php:
c.customers_privileges, c.customers_referral // CSAR 3 of 9
......

Yep, you are right!

That block should read:

Code:

$customers = $db->Execute("select c.customers_id, c.customers_gender, c.customers_firstname,
                                          c.customers_lastname, c.customers_dob, c.customers_email_address,
                                          a.entry_company, a.entry_street_address, a.entry_suburb,
                                          a.entry_postcode, a.entry_city, a.entry_state, a.entry_zone_id,
                                          a.entry_country_id, c.customers_telephone, c.customers_fax,
                                          c.customers_newsletter, c.customers_default_address_id,
                                          c.customers_email_format, c.customers_group_pricing,
                                          c.customers_authorization, c.customers_privileges, c.customers_referral
                                  from " . TABLE_CUSTOMERS . " c left join " . TABLE_ADDRESS_BOOK . " a
                                  on c.customers_default_address_id = a.address_book_id
                                  where a.customers_id = c.customers_id
                                  and c.customers_id = '" . (int)$customers_id . "'");

Obviously too late at night (again!!), my apologies.

Glad I haven't submitted that updated pack as yet.

[chibipaw]

That one line sure looked a bit redundant form the original.
I too should have caught it earlier instead up staying up all night till sunrise too.
Late night makes bad code debugging..

Anyways, I've implemented your line of code, over writing the original block.
Edit button now works, and the Privilege selections are now reflective to the customer's current state.
:thumbs:
I'm going to move it to have some black box testing, but real test is when I have the next high demand collection release. I won't know when that happens since it depends how hyped up the customers are weeks before the collection release. If it's a hit my customers can be extreme, and often quite crafty. I've have had people written bots to snipe items, and even by pass the checkout form completely in order to get an edge over other customers.
We'll see how they'll deal with it when the release is ticketed based, and enforced by CSAR.

Yep, you are right!

That block should read:

Code:

$customers = $db->Execute("select c.customers_id, c.customers_gender, c.customers_firstname,
                                          c.customers_lastname, c.customers_dob, c.customers_email_address,
                                          a.entry_company, a.entry_street_address, a.entry_suburb,
                                          a.entry_postcode, a.entry_city, a.entry_state, a.entry_zone_id,
                                          a.entry_country_id, c.customers_telephone, c.customers_fax,
                                          c.customers_newsletter, c.customers_default_address_id,
                                          c.customers_email_format, c.customers_group_pricing,
                                          c.customers_authorization, c.customers_privileges, c.customers_referral
                                  from " . TABLE_CUSTOMERS . " c left join " . TABLE_ADDRESS_BOOK . " a
                                  on c.customers_default_address_id = a.address_book_id
                                  where a.customers_id = c.customers_id
                                  and c.customers_id = '" . (int)$customers_id . "'");

Obviously too late at night (again!!), my apologies.

Glad I haven't submitted that updated pack as yet.

[JakeLawless]

Is there anyway to prevent restricted cateogries from showing up on a live search as they can be clicked on added to cart and then the price is displayed/ Thanks.

[frank18]

Is there anyway to prevent restricted cateogries from showing up on a live search as they can be clicked on added to cart and then the price is displayed/ Thanks.

Hmmm... I thought this was first addressed almost 5 years ago (see post #9 of this thread). Are you sure you merged all files as per instructions?

[JakeLawless]

Hmmm... I thought this was first addressed almost 5 years ago (see post #9 of this thread). Are you sure you merged all files as per instructions?

Yes, it was installed by my web hosts. When i search for a product it doesnt appear but if i start searching it appears on my live search.

[jodean]

Does anyone know if the 2.1.2 version is compatible with ZC 1.5.5f ?