Posted by Anonymous on December 7, 2011 at 8:47pm
I created an authenticated user profile, how do I only give the website owner access to the managing the store without them being able to change modules or anything like that?
I created an authenticated user profile, how do I only give the website owner access to the managing the store without them being able to change modules or anything like that?
Comments
Do you have a manager role or
Do you have a manager role or some other role designed specifically for that purpose? The authenticated user role is an automatic role all Drupal sites and not one that you'd normally give permission to manage administrative functions.
Once you have a role in place for that purpose, you'll grant specific permissions at admin/people/permissions. Which permissions to grant really varies on the way your store is set up and the way you'd like it to be administered.
Some things to think about:
There can be dozens of permissions that need to be set in specific ways depending on your use case. A good way to test it can be through trial and error. Create a test user account with your manager role. Log in as that test user and see if you can accomplish the tasks you'd want that role to accomplish and make sure you can't accomplish any tasks you don't want the role to accomplish.
Scott Rouse
http://about.me/scott.rouse
Permissions
Thank you! This makes more sense now. Would I have to add a module in order to allow customers to login?
No
In essence, no. User authentication/login is handled by Drupal core.
If you want to force users to create an account before checking out, you just need to configure permissions such that anonymous users are not allowed to access checkout.
Unfortunately, a common e-commerce request is to allow customers to create an account during the checkout process. This is not yet handled well in Drupal Commerce. The Commerce Checkout Login module should, eventually, handle that task, but it does nothing right now.
Scott Rouse
http://about.me/scott.rouse
Good to know
Thank you! I've been changing the permissions and it still won't let me add products as a manager :( Hopefully I'll get that figured out soon and the website should go live on friday! Yay! :)
Hints
Here are a few permissions I can think of off hand:
Product
Node
System
Remember, there are two very different things that have to be created/edited with Drupal Commerce to create what we think of a a single "product":
1. The Product entity as defined by Commerce
2. The Product Display Node
Scott Rouse
http://about.me/scott.rouse
Aha! moment!
I had checked everything but the administration theme and suddenly everything works!
It's the little things
Yeah, it's amazing how one little switch can bring so much unhappiness. :-)
Scott Rouse
http://about.me/scott.rouse
Software updates
Are software updates something that I should give them access to?
Depends
That's up to you. I typically don't since Drupal updates usually require some investigation as to whether they may break the site and always require a backup of the database in case something goes wrong.
Scott Rouse
http://about.me/scott.rouse
Payments
Since I'm using PayPal for credit card transactions, updating payments would not be a good idea right? Except perhaps delete payments if something goes wrong? PayPal still a confusing topic for me
You're probably using PayPal
You're probably using PayPal Website Payments Standard (WPS) to process transactions. That means that a customer purchase roughly follows these steps:
Customer proceeds to checkout (/checkout) where they enter some information in one or more stages:
Customer is redirected off site to PayPal to complete their payment. Your site provides PayPal a unique key for the transaction.
Updating payments on the site may, in fact, be something a store manager may do. If, for example, they needed to issue a refund or add notes to a payment, this permission would be helpful. The manager (or any of your site's users...admin or otherwise) never has access to a customer's private payment information (credit card/bank account/etc). That is done exclusively on PayPal's servers and PayPal won't release that data.
Now, take the following congratulations and word of warning with a grain of salt...
First of all, kudos to you for taking on what I consider to be one of the most difficult and confusing website-related tasks: eCommerce. I know you've put a lot of time into this project, and I think it's terrific that you've chosen this to tackle as your first Drupal project.
That being said, it would be irresponsible of me to not issue one last word of warning. eCommerce is fraught with complication and real legal risks. Even when using a third-party payment method such as PayPal WPS, you still take on the great responsibility of collecting and storing private (and legally protected) data from customers and a customer completing checkout on your site is essentially a contract between you (or the client) and that customer to provide goods as promised. I have many clients and potential clients who take a much-too-lacadasical approach to eCommerce. The popularity of sites like eBay leads us to believe that it's a simple process with little risk to the seller. In practice, eBay shields sellers from almost all of the risks associated with online sales.
A few things to keep in mind:
Now, don't let me scare you away. And please understand that it's not at all personal. I'm sure you've looked into all possible scenarios. Just trying to help.
Best,
Scott
Scott Rouse
http://about.me/scott.rouse
Great tips!
Thank you Scott for explaining PayPal and Drupal to me, it has deft. been a learning experience. I currently do not any SSLs in place since I didn't know that I would need to add it. I still need to work on terms of use and privacy policies for the website since I wasn't sure how the payment system worked.
Currently the user has a HostGator account which is where I'm going to upload the site. And, I will look into the robust password policy.
This has been quite the challenging/fun project I've learned so much. I only hope that I've done everything right