I am using a Magento website with over 10 stores. These stores are managed by different companies. However, if a customer created an account in Store(View) 1, he can also log in on StoreView 2. Is their a way to restrict this and make sure he can only login to the Store he was created in?
I know it is possible to restrict account sharing on a website level, but I need Store level.
Thanks!
By default, Magento only supports limiting user accounts on a Global or per Website basis, not per Store.
Those settings are at Admin > System > Configuration > Customers > Customer Configuration > Account Sharing Options.
To try to answer your question, you can force the user to logout between stores/websites. Look in Admin > System > Configuration > General > Web > Session Validation Settings and set Use SID on Frontend to No.
If the limitations have to be per Store, then you will need a module to introduce that.
Related
I am trying to implement common login in multi website for group of sites.
Suppose we have one site which have multicurrency and each website have different payment,price and inventory.
Example : uae.abc.com, in.abc.com, uk.abc.com all website should belongs to abc.com group of websites should have common login, similar would be xyz.com website.
if we tried using customer scope as global than once user registered user can login to all sites be it in group or not, trying to fix using below code to access same group using customer scope as website.
I have overridden Magento\Customer\Model\Config\Share
public function isWebsiteScope()
{
if(in_array($this->_storeManager->getStore()->getId(), [1,2,3,4])) {
return 0;
}
if(in_array($this->_storeManager->getStore()->getId(), [5,6,7,8])) {
return 0;
}
return $this->_config->getValue(
self::XML_PATH_CUSTOMER_ACCOUNT_SHARE,
\Magento\Store\Model\ScopeInterface::SCOPE_STORE
) == self::SHARE_WEBSITE;
}
But login is not working, can any one help me on this.
Thanks in advance
If you want to have single account for all multi-stores you have to do the following:
1 Share customer accounts
You can configure this feature here: System -> Configuration -> Customer Configuration -> Share Customer Accounts.
Share sessions between Magento websites.
There are 3 possible store configurations:
If your websites are located in one domain, but in different directories, e.g. "www.example.com/stores/store1" and "www.example.com/stores/store2" you can setup your "Cookie Path" to "/stores/" in System -> Configuration -> Web -> Session Cookie Management.
If your websites are located in different sub-domains e.g. "store1.example.com" and "store2.example.com" you can setup "Cookie Domain" to ".example.com" in System -> Configuration -> Web -> Session Cookie Management.
If you have different domains, in this case you can add session ID to the URL for another store. Use this construction "Mage::getModel('core/url')->addSessionParam()->getUrl('...')" to get the URL with session parameter.
After that your customers will be able to switch between multi-stores Magento websites without re-login. In other words, if customer will login in one Magento website, he will be able to see another multi-store Magento website using his first store account.
I think that that would be prohibited by either browser Content Security Policy or website XSS prevention. You could try a Microsoft-based sign in system so you could have a user data retrieval from a third database that only allows data to be accessed by the accounts that add it. Then, you also would get all the benefits of Microsoft security.
By default, Magento shows different widget types as options in the backend, such as 'Cms Page Link' and 'Catalog Category Link'. However, I want to provide my client only with the theme's relevant widgets, so I want to be able to remove some widgets, at least as an admin option.
The options for the backend are set via the respective core modules /etc/widget.xml. What is the best way to override this, without a core hack?
Any suggestion would be much appreciated!
#Daco
Magento has features to implement the above. It is achieved with the help of "ROLES" and "USERS" in the system tab of magento admin panel.
Solution
Create a role for your client "client_xyz" by going to
System->Permission->Roles.
Add Resources to the role, these resources are the links that you
would like to restrict the users upon or grant them permissions.
After creating the roles and resources, create a user to be given to the client. The Users can be created under System->Permissions->Users.
Create the users assign the roles that are already created. And now when the users login using this newly created credentials. They will only see what is granted by the Admin.
I have just added another website to my Magento eCommerce site and I would like my existing customer bass to be able to login to the new website with the same username and password that they have registered with for the original site. I also need any customer who signs up in the future to be assigned to both websites.
When I go to edit a user there is a drop-down box to say which website they are associated with, but the field is disabled and doesn't look like a multi select drop-down. Which would suggest to me that Magento isn't set up to share details between websites.
Does anyone know if this is possible?
In the admin, under System > Configuration > Customers > Customer Configuration > Account Sharing Options, you'll be able to choose between sharing accounts per website or globally.
I want to know whether it is possible to have multiple stores under 1 Magento installations.. which means there will be 3-4 Paypal accounts integrated on my site and each product is integrated to 1 one of them.
Yes. All PayPal module settings have website or store view configuration scopes.
I am learning through the Magento theme customization and Module creation steps, i have a question about user roles in Magento
If i have multiple stores in my website, will the admin of one store can access details of another store. And is there any super admin like user role who can view all the stores products?
Thanks
The backend for magento is one so different users with different privilege can enter the same backend for all store...
you can also limit access of user to different features and configurations. Like you can give one user the privilege to see orders and another one to approve invoices.
Plus you can define the scope so that one user can enter certain store values.
The default admin have access to all store all features.