Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User Not permitted when trying to update a subscription [3.x]: #3155

Closed
terryupton opened this issue May 3, 2023 · 6 comments
Closed

User Not permitted when trying to update a subscription [3.x]: #3155

terryupton opened this issue May 3, 2023 · 6 comments
Assignees
@pdaleramirez
Labels
bug commerce3 Issues related to Commerce v3 🚪 gateways

Comments

@terryupton
Copy link

What happened?

Description

When a user tries to update a subscription form on their front-end, we are seeing the following error:
User Not permitted
Screenshot 2023-05-03 at 09 57 38

At the moment this is implemented on the _includes/sprig/subscriptions/sprig-manage-addresses.twig partial.
But essentially it uses the following Craft Commerce Subscription code and subscriptions/save controller.

 <form id="subscriptionAddressesForm" method="POST">
    {{ csrfInput() }}
    {{ hiddenInput('action', 'commerce/subscriptions/save') }}
    {{ hiddenInput('subscriptionId', subscriptionId) }}
    {{ hiddenInput('fields[subscriptionBillingAddressId]', billingAddress) }}
    {{ hiddenInput('fields[subscriptionShippingAddressId]', shippingAddress) }}
    {% if redirectUrl %}
      {{ redirectInput(siteUrl(redirectUrl)) }}
    {% endif %}

This action does work if I am logged in as an admin user. But we need this functionality for customer users.

Craft CMS version

Craft Pro 3.8.7

Craft Commerce version

3.4.20.1

PHP version

8.0.28

Operating system and version

No response

Database type and version

MariaDB 10.4.28

Image driver and version

No response

Installed plugins and versions
@terryupton terryupton added commerce3 Issues related to Commerce v3 bug labels May 3, 2023
@terryupton
Copy link
Author

By setting the customers user group to enable 'manage subscriptions', seems to have resolved this.
Screenshot 2023-05-03 at 11 28 37

@lukeholder
Copy link
Member

One shouldn't have to create permissions for a customer to edit their custom fields. Looking into it now.

@pdaleramirez pdaleramirez added the 🔎 status: investigating Trying to reproduce label May 4, 2023
@pdaleramirez pdaleramirez mentioned this issue May 4, 2023
Merged
@pdaleramirez pdaleramirez self-assigned this May 5, 2023
@pdaleramirez pdaleramirez added 🚪 gateways and removed 🔎 status: investigating Trying to reproduce labels May 5, 2023
@lukeholder
Copy link
Member

lukeholder commented May 30, 2023
edited

We have fixed this for the next release of commerce; a customer can now update (switch, cancel, reactivate etc) a subscription if they are the owner of the subscription and it’s a front-end request. Otherwise, the normal permissions will apply.

To get the fix early, change your craftcms/commerce requirement in composer.json to:

"require": {
  "craftcms/commerce": "dev-develop#190463d8ce9b46b602acaacf814f37fb624fda2f as 4.2.10",
  "...": "..."
}

Then run composer update.

@nfourtythree
Copy link
Contributor

Version 4.2.10 of Commerce is now out with this fix.

Thanks!

@terryupton
Copy link
Author

Thanks @lukeholder and @nfourtythree
Is this only Commerce 4? As the client tis on Commerce 3. Will this be ported back to 3 as well?

@ryanirelan
Copy link

This also closes this discussion: #3105

And my PR for fixing the docs, since I was told this was expected behavior. craftcms/docs#490

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pdaleramirez pdaleramirez

Labels
bug commerce3 Issues related to Commerce v3 🚪 gateways
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ryanirelan @lukeholder @nfourtythree @pdaleramirez @terryupton