Based on our complex pricing requirements we need to store some additional details in order to calculate a lineitem's cost. Is the ExtendedData collection a safe place to put these details or is it easily changed by technically-savvy users?
Once we calculate a lineitem total (in the Basket view for example) we want to persist that price throughout the rest of the checkout process 1.) without having to recalculate it each step and 2.) without a user being able to dig into the ExtendedData and maliciously alter the calculated prices.
I've noticed that Merchello seems to frequently recalculate the total price for line items by calling Total() in a variety of views, which we need to avoid based on our pricing requirements.
Line Item ExtendedData should be "secure" - keeping in mind I'm not a security expert =)
It's used to record the price before the VAT adjustment for example. If you use a coupon, checkout and look at the extended data in the invoice line item you will also see some meta information about the price adjustment in the discount line item for example.
Thanks, Rusty. We need to override that quantity * price at almost every step during checkout so we're using a combination of DataModifier (to alter the base unit price) and then a few ExtendedData values.
Is ExtendedData a secure location for custom price details?
Based on our complex pricing requirements we need to store some additional details in order to calculate a lineitem's cost. Is the ExtendedData collection a safe place to put these details or is it easily changed by technically-savvy users?
Once we calculate a lineitem total (in the Basket view for example) we want to persist that price throughout the rest of the checkout process 1.) without having to recalculate it each step and 2.) without a user being able to dig into the ExtendedData and maliciously alter the calculated prices.
I've noticed that Merchello seems to frequently recalculate the total price for line items by calling Total() in a variety of views, which we need to avoid based on our pricing requirements.
Line Item ExtendedData should be "secure" - keeping in mind I'm not a security expert =)
It's used to record the price before the VAT adjustment for example. If you use a coupon, checkout and look at the extended data in the invoice line item you will also see some meta information about the price adjustment in the discount line item for example.
Here is a list of the main items Merchello Core stores in extended data - https://github.com/Merchello/Merchello/blob/merchello-dev/src/Merchello.Core/Constants-ExtendedDataKeys.cs
The Total() extension just multiples the Quantity by the Price field of the line item itself.
Thanks, Rusty. We need to override that quantity * price at almost every step during checkout so we're using a combination of DataModifier (to alter the base unit price) and then a few ExtendedData values.
is working on a reply...