Just missed a point. To regenerate the issue one has to update the 'Auto Save Cart' to 'Y' for the e-commerce product store record.
Thanks, *Chinmay Patidar* | Sr. Enterprise Software Engineer HotWax Commerce by HotWax Systems Plot no. 80, Scheme no. 78 Part 2, Near Brilliant Convention Center, Indore, M.P, India - 452010 Cell phone: +91-9713978795 On Sat, Dec 23, 2017 at 5:08 PM, Chinmay Patidar < [email protected]> wrote: > Hello All, > > Adding to the Suraj's example of CreateShoppingList, I would like to > elaborate more on the same. > > In current implementation, 'checkShoppingListSecurity' service is a > permission-service for 'createShoppingList' service. The system creates a > shopping list for an anonymous user on the ecommerce when adding an item to > the cart (try in incognito window so it doesn't pick party from the cache). > But with the current implementation, checkShoppingListSecurity returns an > error saying that "You must be logged in to complete the process". In > simple words, the 'createShoppingList' service gets called for an anonymous > user which eventually triggers 'checkShoppingListSecurity' service. > > The above explanation gives an example of a use case where one could > possibly have no userLogin but has a permission service implemented(for > covering use cases of userLogin). > > Also, it seems that one can't use a permission-service when no > userLogin would be present. > > Also, for now, to fix the issue we can call the > "checkShoppingListSecurity" service from the service > declaration/implementation to overcome the error of no userLogin. Although, > it creates confusion to me that the same service when called internally > works fine but when called as a permission service, returns an error. > > Please let me know if calling the security service internally would be the > proper approach. > > Thanks, > *Chinmay Patidar* | Sr. Enterprise Software Engineer > HotWax Commerce by HotWax Systems > Plot no. 80, Scheme no. 78 Part 2, Near Brilliant Convention Center, > Indore, M.P, India - 452010 > Cell phone: +91-9713978795 > > On Mon, Dec 11, 2017 at 5:43 PM, Jacques Le Roux < > [email protected]> wrote: > >> Hi Suraj, >> >> I don't see how you could check permissions for an anonymous user. >> Maybe by giving anonymous users specific permissions in the context of >> ecommerce? >> >> But does it makes sense, I'm not sure. Then maybe as mentioned Rishi we >> should fix services like CreateShoppingList >> BTW did you cross any issues with anonymous users or is that only you >> thinking? >> >> Jacques >> >> >> >> Le 01/12/2017 à 09:41, Suraj Khurana a écrit : >> >>> Thanks everyone for your inputs. >>> >>> Yes, there are similar occurrences where permission service is defined >>> and >>> service is used in case of an anonymous user as well. >>> Example: *CreateShoppingList* and related services >>> >>> I was presuming we can execute any service as permission service >>> irrespective of taking *userLogin *into consideration. Please correct me >>> if >>> I am wrong or missing something. >>> >>> -- >>> Thanks and Regards, >>> *Suraj Khurana* | Sr. Enterprise Software Engineer >>> *HotWax Commerce* by *HotWax Systems* >>> Plot no. 80, Scheme no. 78, Vijay Nagar, Indore, M.P. India 452010 >>> >>> >>> On Wed, Nov 29, 2017 at 7:35 PM, Rishi Solanki <[email protected]> >>> wrote: >>> >>> If an service implements and do checks for the permissions then it must >>>> have the auth set as true. If any occurrences found then it should be by >>>> mistake and service definition should be fix to match. >>>> >>>> So I think the behavior we have is correct, whenever we want to check >>>> the >>>> permission it should have the user in context. >>>> >>>> Suraj, Any scenario you have in mind where we only require permission >>>> service without user? >>>> >>>> >>>> Rishi Solanki >>>> Sr Manager, Enterprise Software Development >>>> HotWax Systems Pvt. Ltd. >>>> Direct: +91-9893287847 >>>> http://www.hotwaxsystems.com >>>> www.hotwax.co >>>> >>>> On Wed, Nov 29, 2017 at 1:39 PM, Scott Gray < >>>> [email protected]> >>>> wrote: >>>> >>>> auth="false" and a permission service are completely incompatible >>>>> scenarios. In what situation could you possibly have no userLogin and >>>>> successfully run a permission service? >>>>> >>>>> What would you expect to happen instead of the current behavior? >>>>> >>>>> Regards >>>>> Scott >>>>> >>>>> On 3 November 2017 at 17:35, Suraj Khurana >>>>> <suraj.khurana@hotwaxsystems. >>>>> com> >>>>> wrote: >>>>> >>>>> Hello team, >>>>>> >>>>>> I noticed that in any service definition if auth is set to false and >>>>>> permission service is also the service definition, it overrides the >>>>>> >>>>> auth >>>> >>>>> parameter to true by itself. >>>>>> >>>>>> For quick reference, it is written at *createPermission* method of >>>>>> *ModelServiceReader* class. >>>>>> Can someone please elaborate this behavior. IMO, this should not >>>>>> >>>>> happen. >>>> >>>>> -- >>>>>> Thanks and Regards, >>>>>> *Suraj Khurana* | Sr. Enterprise Software Engineer >>>>>> *HotWax* *Commerce* by *HotWax Systems* >>>>>> Plot no. 80, Scheme no. 78, Vijay Nagar, Indore, M.P. India 452010 >>>>>> >>>>>> >> >
