Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Billy 53 posts 244 karma points c-trib
    Jan 13, 2023 @ 10:45
    Billy
    0

    User cannot delete orders/carts

    Hi,

    When a user has access to the 'commerce' section, it is not possible to delete orders/carts. It shows an error 'unauthorized access'.

    enter image description here

    enter image description here

    enter image description here

    But when adding the 'settings' section it is possible.

    enter image description here

    Is this a bug or supposed to be like this? I do not want the user to be able to go into website settings section.

    Thanks for any feedback.

  • Matt Brailsford 4124 posts 22220 karma points MVP 9x c-trib
    Jan 13, 2023 @ 11:26
    Matt Brailsford
    0

    What version of Vendr are you using?

  • Billy 53 posts 244 karma points c-trib
    Jan 16, 2023 @ 06:30
    Billy
    0

    Umbraco v10.1.1 & Vendr v3.0.5

  • Matt Brailsford 4124 posts 22220 karma points MVP 9x c-trib
    Jan 16, 2023 @ 09:39
    Matt Brailsford
    100

    Ahh, it looks like I've misunderstood how the .NET Core Authorize attribute works. I've applied it twice, once with the settings section policy and once with the commerce section policy and I assumed these would be checked in an OR manor, but it looks like it checks them in an AND manor.

    I've created a new policy now for SettingsOrCommerce section checking and have updated all the locations where I previously had 2 Authorize attributes.

    If you want to test this fix, there is a new 3.0.6-beta0006 build on our unstable feed at https://nuget.outfield.digital/unstable/vendr/v3/index.json

Please Sign in or register to post replies

Write your reply to:

Draft