Rights and roles
One of the features of Enterprise Edition is rights and roles management. Rights and roles allow you to control access to the elements to be displayed and available functions of OXID eShop for individual users and user groups.
There is a distinction between the rights and the roles for the actual shop, here also referred to as front end, and the Admin panel, the so-called back end. In this document, front and back end are used as terms to clarify the various aspects of rights and roles management.
Rights regulate access to certain functions, such as access to products and categories or the display of certain areas of the product’s details page. Multiple rights can be grouped together in roles and assigned to users and user groups.
The rights and roles management can be activated in the configuration file config.inc.php
via the setting $this->blUseRightsRoles = 3
.
Rights and roles for the shop (front end)
Different permissions can be granted for the shop. This can be defined in the products’ and categories’ management section in the Admin panel as well as under
.Displaying products and categories
You can choose to allow only certain user groups to see selected products and categories. This can be defined in the Rights tab of products and categories by assigning one or more user groups. This is an exclusive right. This means that only users who belong to the assigned user groups will be able to see the respective products and categories after logging into the shop. All other users and user groups will never be able to see these parts of the product catalogue.
Buying products and categories
You can also define specific user groups that will be able to buy certain products and categories. This can also be done by assigning the respective user groups in the Rights tab of products or categories. The screenshot shows that unauthorised users don’t have the option of adding, for example, kites to the shopping cart in the product overview. By clicking on More information, they can only open the product’s details page.
The To cart button also doesn’t display in the detailed view, as long as the customer is not logged in to the shop and belongs to the authorised user group.
Access to functions and areas of the details page
Rights and roles can also be assigned for the entire product catalogue. The shop comes with the following rights that can be combined into roles and assigned to the desired user groups:
Add product to shopping cart (TOBASKET)
Show product price (SHOWARTICLEPRICE)
Show product’s short description (SHOWSHORTDESCRIPTION)
Show product’s long description (SHOWLONGDESCRIPTION)
These rights and roles can be defined under
. You can combine different rights combinations in roles and assign them to user groups. Once a right has been granted for one user group, this right will no longer apply to all other user groups.Hint
Initially all users have all rights. A right is first restricted as soon as a minimum of one role gets this right activated explicitly and this role has at least one usergroup assigned. This usergroup does not need any users attached. Therefore you may create a usergroup Full Access that is related to the matching role Full Access, which has all rights set to active. Then all users get restricted in the first step and in the second step you can grant rights to other specific usergroups by adding matching roles.
You can also define your own rights based on view classes and their methods. Rights-based display can be implemented in templates using an assigned ident.
As you can see in the screenshot, prices are not displayed for unauthorised users on the details page and in the product overview.
Rights and roles for the Admin panel (back end)
Roles can also be defined for the Admin panel to represent the various responsibilities in the administration of OXID eShop.
Access to products and categories
The rights can be defined very differently for the editing of products and categories. For example, they regulate the creation, modification and deletion of products and categories as a whole and, if necessary, access to each control element (field, check box, or option) of the respective input area.