Possible to Ignore ACL for Administrator users in Nop Ajax Filters?

Is there a way to get the Ajax Filters plugin to ingore product ACL for users with Administrator role?

We maintain our own custom application based on NopCommerce v3.9 and use your Ajax Filters plugin as part of this application, particularly for Specification Attribute filtering. As well, we make extensive use of customer roles and ACL permission to control product access as well.

We have two administrator type roles; a the default NopCommerce admin role and a second and somewhat restricted admin role. However, for both roles we want to effectively ignore catalog/product ACL restrictions for these users so that we don't have to explicitly add or otherwise maintain additional roles for the associated users.

In testing, I've modified the Nop.Core.Customers.CustomerExtensions.GetCustomerRoleIds() method to not only return the roles actually assigned to the user, but also include all other role Ids if the user is an admin. But it appears your Ajax Filters plugin doesn't utilize this method to get the customer roles Ids as I don't see that they are passed to the Ajax Filters stored procedure in the database.

Is there another core method that can be modified to pass all role Ids to Ajax Filters to accomplish the ACL override for admins?

Hi mkratzer,

Actually we do pass the allowed customer role ids ( AllowedCustomerRoleIds - comma separated list of ids)  to the stored procedure and here is the code that we use in nopCommerce 3.90 to get them:

//Access control list. Allowed customer roles
var allowedCustomerRolesIds = _workContext.CurrentCustomer.CustomerRoles
                .Where(cr => cr.Active).Select(cr => cr.Id).ToList();

Hope this helps!

Boyko,

I appreciate the response. Unfortunately the use of CustomerRoles virtual property on the domain model makes it difficult to intervene in this case.

Its it at all possible to get a custom version of the v3.9 plugin DLL that uses the GetCustomerRoleIds() extension method in Nop.Services.Customers.CustomerExtensions as is used with the default Nop.Service.ProductService.SearchProducts() method and subequent ProductLoadAllPaged stored procedure.

Hi mkratzer,

You can actually override the execute stored procedure method and if it is a call to our stored procedure you can simply change the customer roles parameter.

Boyko,

After testing, on initial category load there is no call to the ProductLoadAllPagedNopAjaxFilters SP. The SP is only called when selecting an attribute filter. The result being that the specification attribute filter options are not displayed on initial category page load if the user is not explicitly assigned a role associated to the category products.

So I assume we're back to the initial cause in that the AjaxFilters class methods are using the CustomerRoles virtual property instead of the GetCustomerRolesIds() extention method.

If you can contact me directly via the email in my customer profile, I'd be happing to discuss pricing for a customized build of the class DLL.

Hi mkratzer,

Please send us an email (it could be found on our Contact Us page) as we have disabled the PM functionality to prevent Spam.

Email sent. Thanks again for the help so far. Appreciate it.