Feature request from senthilengg, posted on GitHub Sep 02, 2016
Comment from senthilengg, posted on GitHub Sep 02, 2016
@sevos I have made it working with the work around of giving access to Marketing --> Catalog price rules alone and without catalog or product permission. So here is the new ticket consider this as reopened. Sine i am not sure how can I reopen the parent ticket.
Comment from sevos1984, posted on GitHub Sep 05, 2016
I've set role only to Pages and Catalog price rules but didn't get products list. Please attach your permissions list.
Comment from senthilengg, posted on GitHub Sep 05, 2016
@sevos1984 Here you go ... I think I haven't mentioned that it should also have the widget permission. But still its working without catalog permission.
With Widgets permissions all work fine. Do you mean it shouldn't work without Catalog permissions?
@sevos1984 my expectation is, it should work even without catalog rule and widget. Because widget doesn't require catalog permission to load products and catalog price does not require catalog permission as well. Similarly pages should also work independently without both catalog rule and widget.
I came to these kind of permission setup after seeing the 403 forbidden errors. But from a layman stand point or from a dministratorr view it should be working independently. Do you agree ?
If so I think this can be fixed by extending the controller function of to look at the current url's permission rather than the xmlhttp or Ajax URL permission during an ajax call. Since the origin of this issues is an ajax call to the catalog rule module. I believe this will bring in fantastic user experience from a catalog or magento admin view and honestly the current behavior looks really inconsistent from a user experience stand point.
Comment from sevos1984, posted on GitHub Sep 06, 2016
I don't agree that Widgets should work without widget permission. And if Widget and Pages allowed all works right, I don't see any bugs here. Wrong setup will give 403 to user but to avoid this all modules should be refactored, that a huge amount of work that is not in priority at the moment.
Comment from senthilengg, posted on GitHub Sep 07, 2016
My perspective of seeing this as a bug is , Since its working without catalog permission and why it should not work without widget or catalog rule. But this topic can still taken to consideration for improvement if your internal team and consultants interested in doing so. So I am leaving this as open, if you feel otherwise feel free to close the issue.
Comment from sevos1984, posted on GitHub Sep 07, 2016
Improvement for permissions relation are in backlog MAGETWO-3128. Thanks
Thanks. Appreciated @sevos1984