Tags/topics: 
3
Answers
Vote up!
1
Vote down!

How can I prevent my clients from editing their invoices?

I'm trying to use Drupal Commerce to handle billing for my web design and hosting clients.

The problem is, my test user ("test client") can change the quantity of items in his cart, or even remove them altogether. Obviously I don't want to send people a bill and have them decide that no, they don't actually owe me for this month's service fee, and then proceed to remove it from their cart.

How can I make it so that only administrators (i.e. me) are allowed to add, remove, and change the quantity of items in a cart?

Asked by: jhmoore
on December 7, 2012

3 Answers

Vote up!
3
Vote down!

You basically have two options here:

  1. Disable the Cart module entirely. In this scenario, you would create an order on the backend in the Checkout: Checkout status and then send your customers a link directly to the checkout form. URLs for checkout would be dependent on the Order ID, so for Order 50, the URL you'd send would be http://www.example.com/checkout/50.
  2. Keep the Cart module enabled, but edit the shopping cart form and remove the quantity edit / line item delete fields from the View. It's built entirely using Views, so you can remove these elements with no side effect. The only hitch is that if you remove the form elements from the View, the shopping cart form will no longer render as a form - Views only does that when form elements are present in the Views field list. You'd need to have a footer link or some other element on the page that could send the customer on to the appropriate checkout URL using the pattern mentioned above. If you put the Order ID in the View as a hidden field, you should be able to use it as a token in text area handlers in regions of the View like the footer.
Ryan Szrama
Answer by: Ryan Szrama
Posted: Dec 7, 2012
Vote up!
0
Vote down!

OK, I want to make sure I understand option 1.

Basically what I'd do is create a page that says "Mr. Client, you owe X amount, here's a link to the checkout form for this order."

Why does that require disabling the Cart module? Couldn't I just keep that module enabled, use it to add and remove items to the client cart as needed, and just say that users with the "Client" role aren't allowed to see the cart?

Answer by: jhmoore
Posted: Dec 7, 2012
Vote up!
0
Vote down!

Actually I wound up using the second method - I couldn't find a way to set permissions for viewing the cart page.

Thanks for your help!

Answer by: jhmoore
Posted: Dec 7, 2012