Magento User Sub-Accounts for Impersonation - magento

I have a requirement for a Magento project that accounts are hierarchical. That is one account can "own" multiple other accounts. If one account owns another account it is allowed to impersonate that account: create orders, view account information, and view previous orders.
I'm not sure where to begin. If you have any thoughts, could you please point me in the right direction?

One solution would be to set up a Multiple Select attribute and populate it with the user ids of the users allowed to impersonate. You could then create either a separate php file that runs magento and logs in the user based on who they select, or integrate it into the cms.
Here is my custom 'login' code that lets my sso users from my Microsoft Database login to magento.
You call this function and pass it a 'user' you want to login as. Seems to work pretty well, however you will need to modify it to your needs. Don't expect it to work out of the box!
FYI: if you don't pass in all the junk that magento needs about the dispatchevents() then the user will not login properly. I had to reverse engineer this whole dern thing, so don't expect to see it anywhere else besides here and bits and pieces of magento core :)
$userId = 5;
$user = Mage::getModel('customer/customer')->load($userId)->setWebsiteId(1);
$this->LoginToMagento($user, null);
function LoginToMagento($user, $noAddress) {
// Must include this file in order to use the object
include ('/var/www/app/code/core/Mage/Customer/controllers/AccountController.php');
// Configure Magento to think its using the frontend
Mage::getSingleton("core/session", array("name" => "frontend"));
Mage::getConfig()->init();
Mage::getConfig()->loadEventObservers('frontend');
Mage::app()->addEventArea('frontend');
Mage::app()->loadArea(Mage_Core_Model_App_Area::AREA_FRONTEND);
// Grab the request and modify it with my emulated controller's information
$request = Mage::app()->getRequest();
$request->setRouteName('customer');
$request->setControllerModule('Mage_Customer');
$request->setRoutingInfo('');
$request->setModuleName('customer');
$request->setControllerName('account');
$request->setModuleKey('module');
$request->setControllerKey('account');
$request->setActionName('loginPost');
$request->setActionKey('action');
// Grab the response
$response = Mage::app()->getResponse();
// Feed the request and response into a new accountcontroller object
$accountControl = new Mage_Customer_AccountController($request, $response);
// Dispatch events related to the controller actions for predispatch
Mage::dispatchEvent('controller_action_predispatch', array('controller_action' => $accountControl));
Mage::dispatchEvent('controller_action_predispatch_customer', array('controller_action' => $accountControl));
Mage::dispatchEvent('controller_action_predispatch_customer_account_loginPost', array('controller_action' => $accountControl));
// Grab an instance of the customer session model
$session = Mage::getSingleton('customer/session');
try{
// Attempt to login the user
$session->setCustomerAsLoggedIn($user);
$session->renewSession();
} catch (Mage_Core_Exception $e) {
// Lets hope to never get here
$message = $e->getMessage();
error_log($message);
Mage::getSingleton('core/session')->addError($message);
}
// Perform the postdispatch events for 'after emulation of the controller'
Mage::dispatchEvent('controller_action_postdispatch_customer_account_loginPost', array('controller_action'=>$accountControl));
Mage::dispatchEvent('controller_action_postdispatch_customer', array('controller_action'=>$accountControl));
Mage::dispatchEvent('controller_action_postdispatch', array('controller_action'=>$accountControl));
$customer = Mage::getModel('customer/customer')
->getCollection()
->addAttributeToSelect('*')
->addAttributeToFilter('entity_id', array('eq' => $user->getId()))
->getFirstItem();
try
{
// Prepare a collection of required values that the customer *should* have been set from netforum
$collection = Mage::getModel('eav/entity_attribute')->getCollection();
$collection->addFieldToFilter('entity_type_id', Mage::getModel('eav/entity')->setType('customer')->getTypeId());
// The var representing if validation has failed
$failedReq = false;
// Loop through each user defined required attribute and if we find one
// on the customer that is not set, forward the user to their account config page
foreach ($collection as $attribute)
{
if ($attribute['is_required'] && $attribute['is_user_defined'])
{
$attrCode = $attribute['attribute_code'];
if (!isset($customer[$attrCode]))
{
$failedReq = true;
}
}
}
// Try to determine where we logged in from (URL)
Mage::getSingleton("core/session", array("name" => "frontend"));
$session = Mage::getSingleton("customer/session");
$outputMessage = $session->getData('before_auth_url');
// Proceeed differently based on the existence of addresses
if ($noAddress == true)
{
if ($failedReq)
{
// Customer failed login. To be expected if they are signing in with SSO and never have before
$redirect_to = 'https://' . $_SERVER['HTTP_HOST'] . '/customer/account/edit/';
Mage::getSingleton('core/session')->addError('<b>Please fill in the required fields marked with * and click "Save"</b>');
header("Location: $redirect_to");
}
else
{
// Customer checks out ok, but has no addresses. Send them to the address setup screen
Mage::getSingleton('core/session')->addError('<b>Please fill in your address and phone number, then click "Save"</b>');
$redirect_to = 'https://' . $_SERVER['HTTP_HOST'] . '/customer/address/edit/';
header("Location: $redirect_to");
}
}
else
{
// Customer has addresses being passed from SSO
$defaultBillingId = $customer->getDefaultBillingAddress()->getId();
$hasPhoneNumber = false;
foreach ($customer->getAddresses() as $address)
{
$addrs = Mage::getModel('customer/address')->load($address->getId());
$magePhone = $addrs->getTelephone();
if ($magePhone)
{
$hasPhoneNumber = true;
}
}
if ($failedReq)
{
// Customer failed login. To be expected if they are signing in with SSO and never have before
$redirect_to = 'https://' . $_SERVER['HTTP_HOST'] . '/customer/account/edit/';
Mage::getSingleton('core/session')->addError('<b>Please fill in the required fields marked with * and click "Save"</b>');
header("Location: $redirect_to");
}
else
{
// Customer is has default values filled out
if (!$hasPhoneNumber)
{
// Phone number is missing for an address so redirect there and force em to enter it.
Mage::getSingleton('core/session')->addError('<b>Please fill in the required fields marked with * and click "Save Address"</b>');
$redirect_to = 'https://' . $_SERVER['HTTP_HOST'] . '/customer/address/edit/id/' . $defaultBillingId;
header("Location: $redirect_to");
}
else
{
// Everything is ok, so just try to send them back to where they came from, or the account screen
if ($outputMessage)
{
$redirect_to = $outputMessage;
}
else
{
$redirect_to = 'https://' . $_SERVER['HTTP_HOST'] . '/customer/account/';
}
header("Location: $redirect_to");
}
}
}
}
catch (Exception $e)
{
if ($outputMessage)
{
$redirect_to = $outputMessage;
}
else
{
$redirect_to = 'https://' . $_SERVER['HTTP_HOST'] . '/customer/account/';
}
header("Location: $redirect_to");
}
}

I know I am late but
http://amasty.com/sales-reps-and-dealers.html
This extension can be helpful to achieve what you are looking for. It will allow to create hierarchical accounts and assign the sales rep/sub admins to the orders and provide the access levels.
Hope this helps.

Related

Order split with online transaction on checkout in magento 2.4 enterprise

I'm facing one issue while splitting the order on checkout. I followed these code mentioned in the link:-
https://magento.stackexchange.com/questions/196669/magento-2-split-order-for-every-item
and
https://github.com/magestat/magento2-split-order
Both solution is working with offline payment like check/mo, Cash on delivery, po number etc. But its not working with credit card details. Always getting error regarding credit card details.
I'm putting some more information through code:-
I am stuck at a point to distribute order and assign payment method into it.
there are two scenario i'm getting:
if i assign payment method checkmo,Cash on delivery then order is splitted and everything is working fine with this.
But i need to order products using credit card and when i assign payment method code(credit card payment method is 'nmi_directpost') and also assign card details into quote and placed and order then its showing me error differently, Some time its shows credit card details is not valid, sometime page is redirected to cart page without any log/exception. Here is bunch of code i'm trying to do:-
public function aroundPlaceOrder(QuoteManagement $subject, callable $proceed, $cartId, $payment = null)
{
$currentQuote = $this->quoteRepository->getActive($cartId);
// Separate all items in quote into new quotes.
$quotes = $this->quoteHandler->normalizeQuotes($currentQuote);
if (empty($quotes)) {
return $result = array_values([($proceed($cartId, $payment))]);
}
// Collect list of data addresses.
$addresses = $this->quoteHandler->collectAddressesData($currentQuote);
/** #var \Magento\Sales\Api\Data\OrderInterface[] $orders */
$orders = [];
$orderIds = [];
foreach ($quotes as $items) {
/** #var \Magento\Quote\Model\Quote $split */
$split = $this->quoteFactory->create();
// Set all customer definition data.
$this->quoteHandler->setCustomerData($currentQuote, $split);
$this->toSaveQuote($split);
// Map quote items.
foreach ($items as $item) {
// Add item by item.
$item->setId(null);
$split->addItem($item);
}
\Magento\Framework\App\ObjectManager::getInstance()->get('Psr\Log\LoggerInterface')->info('new quote 1st :-'. print_r($split->getData(),true));
$this->quoteHandler->populateQuote($quotes, $split, $items, $addresses, $payment);
// $split->getPayment()->setMethod('nmi_directpost');
// if ($payment) {
// $split->getPayment()->setQuote($split);
// $data = $payment->getData();
// $paymentDetails = $paymentCardDetails = '';
// $postData = file_get_contents("php://input");//Get all param
// $postData = (array)json_decode($postData);//Decode all json param
// foreach ($postData as $key => $value) {
// if ($key == 'paymentMethod') { //Get paymentMethod details
// $paymentDetails = (array)$value;
// foreach ($paymentDetails as $key1 => $paymentValue) {
// if ($key1 == 'additional_data') { //get paymentMethod Details like card details
// $paymentCardDetails = (array)$paymentValue;
// }
// }
// }
// }
// $split->setMethod('checkmo');
\Magento\Framework\App\ObjectManager::getInstance()->get('Psr\Log\LoggerInterface')->info('Paynet :-');
// $payment = $quotes->getPayment();
$objectManager = \Magento\Framework\App\ObjectManager::getInstance();
$cart = $objectManager->get('\Magento\Checkout\Model\Cart');
$quote = $cart->getQuote();
$paymentMethod = $quote->getPayment()->getMethod();
$payment = $this->checkoutSession->getQuote()->getData();
\Magento\Framework\App\ObjectManager::getInstance()->get('Psr\Log\LoggerInterface')->info('second Paynet :-');
\Magento\Framework\App\ObjectManager::getInstance()->get('Psr\Log\LoggerInterface')->info('new quote :-'. print_r($paymentMethod,true));
// $split->setPayment($payment);
// $split->getPayment()->importData(array(
// 'method' =>'nmi_directpost',
// 'cc_type' =>'VI',
// 'cc_number' =>'4111111111111111',
// 'cc_exp_year' =>'2025',
// 'cc_exp_month'=>'10',
// ));
// }
// \Magento\Framework\App\ObjectManager::getInstance()->get('Psr\Log\LoggerInterface')->info('original quote :-'. print_r($quotes->getData(),true));
\Magento\Framework\App\ObjectManager::getInstance()->get('Psr\Log\LoggerInterface')->info('new quote :-'. print_r($split->getData(),true));
// \Magento\Framework\App\ObjectManager::getInstance()->get('Psr\Log\LoggerInterface')->info('new quote :-'. print_r($payment->getData(),true));
// Dispatch event as Magento standard once per each quote split.
$this->eventManager->dispatch(
'checkout_submit_before',
['quote' => $split]
);
$this->toSaveQuote($split);
$order = $subject->submit($split);
$orders[] = $order;
$orderIds[$order->getId()] = $order->getIncrementId();
if (null == $order) {
throw new LocalizedException(__('Please try to place the order again.'));
}
}
$currentQuote->setIsActive(false);
$this->toSaveQuote($currentQuote);
$this->quoteHandler->defineSessions($split, $order, $orderIds);
$this->eventManager->dispatch(
'checkout_submit_all_after',
['orders' => $orders, 'quote' => $currentQuote]
);
return $this->getOrderKeys($orderIds);
}
Please suggest how can we achieve order splitting with credit card payment.
Splitting payment across multiple credit cards like this is referred to as 'partial authorization'. (Note: This is a very different thing from 'partial invoicing' or 'partial capturing', terms you'll also see thrown around.)
Magento's default Authorize.Net gateway includes partial authorization functionality, you just have to enable it in the gateway settings. This works with both Community and Enterprise Edition. See official documentation on the setup and workflow here.
To my knowledge, this is the only payment method that supports it.
Note that the customer does not get to choose how much to charge to each card. Rather, if the card they enter does not have sufficient funds, they will be prompted to enter another one.

Laravel - Check if user is authenticated on another server

Let say I have a laravel site on a host and another host just for storing some specific files. In second host I want to check if user is authenticated on laravel site and then I gave him/her access to the file. How can I do this?
You could pretty much just use normal PHP code for that, without having to touch the Laravel framework on your other server.
For example, create your own custom cookie or session variable that contains a token from authentication. Make the logic something like $authToken = md5($user->username) . "." . md5($user->password);, then just add it to a cookie or the $_SESSION[] variable.
From here, create a small backend on the other server that you use for storage, and do something like this.
<?php
/////////////
/**
* Here there should be database connection logic.
*/
/////////////
$posts = (object) $_POST;
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
$postArray = [
'authToken',
'user'
];
foreach($postArray as $post)
{
if (!isset($_POST[$post]))
{
return false;
}
}
$query = htmlspecialchars("SELECT * FROM users WHERE id=" . $posts->user);
$result = mysqli_query($connection, $query);
$row = mysqli_fetch_all($result);
$db_stack = md5($row['username']) . "." . md5($row['password']);
if ($posts->authToken != $db_stack)
{
return false;
}
// Return the requested file here.
}
If (Auth::check()) $file = file_get_contents($urlToFile);

Magento SOAP login error

I have configured Magento SOAP api to connect it with my android app, customers can login from android app into magento. The problem I am facing is when I send the request it shows the error - "Session expired".
this is my API.php file
<?php
// app/code/local/Anaqa/Customapimodule/Model/Login/Api.php
class Anaqa_Customapimodule_Model_Customerlogin_Api extends Mage_Api_Model_Resource_Abstract {
public function customerEntry($email) {
#Mage::app()->setCurrentStore($website);
# // Init a Magento session. This is super ultra important
#Mage::getSingleton('core/session');
// $customer Mage_Customer_Model_Customer
// We get an instance of the customer model for the actual website
$customer = Mage::getModel('customer/customer')
->setWebsiteId(Mage::app()->getStore()->getWebsiteId());
// Load the client with the appropriate email
$customer->loadByEmail($email);
return $customer;
}
/*
ini_set("soap.wsdl_cache_enabled", "0");
$client = new SoapClient('http://magentohost/api/soap/?wsdl', array('cache_wsdl' => WSDL_CACHE_NONE));
$session = $client->login('apiUser', 'apiKey');
$result = $client->call($session, 'product.list');
$client->endSession($session);
Mage::app()->setCurrentStore($website);
// Init a Magento session. This is super ultra important
Mage::getSingleton('core/session');
// $customer Mage_Customer_Model_Customer
// We get an instance of the customer model for the actual website
$customer = Mage::getModel('customer/customer')
->setWebsiteId(Mage::app()->getStore()->getWebsiteId());
// Load the client with the appropriate email
$customer->loadByEmail($email);
// Get a customer session
$session = Mage::getSingleton('customer/session');
$session->loginById($customer->getId());
if ($session->isLoggedIn()) {
return $session->getSessionId();
} else {
return null;
}
} */
}
I would use the customer/session model to access the customer.
$sessionCustomer = Mage::getSingleton('customer/session');
if($sessionCustomer->isLoggedIn()) {
$customer = Mage::getSingleton('customer/session')->getCustomer();
The wrinkle here is in order for magento to access the session data it needs to know the customer is logged in, otherwise you won't be able to return the customer data with the session data.

send transactional email magento

I'm trying to send a confirmation email when a subscription order is created in magento but is not sending anything.
i know email configuration its fine because when i buy a regular product i do receive the email.
i created a template on System -> Transactional Emails , template with id=12, then on code on class AW_Sarp2_Model_Checkout_Type_Onepage extends Mage_Checkout_Model_Type_Onepage i call to send subs email method but it never sends any email
class AW_Sarp2_Model_Checkout_Type_Onepage extends Mage_Checkout_Model_Type_Onepage
{
public function saveOrder()
{ Mage::log("checkout/onepage",null,"onepageemail.log");
$isQuoteHasSubscriptionProduct = Mage::helper('aw_sarp2/quote')->isQuoteHasSubscriptionProduct(
$this->getQuote()
);
if (!$isQuoteHasSubscriptionProduct) //HERE I ASK IF IS A SUBSCRIBE PRODUCT {Mage::log("checkout/onepage34",null,"onepageemail.log");
return parent::saveOrder();
}
$this->validate();
$isNewCustomer = false;
switch ($this->getCheckoutMethod()) {
case self::METHOD_GUEST:Mage::log("checkout/onepage40",null,"onepageemail.log");
$this->_prepareGuestQuote();
break;
case self::METHOD_REGISTER:Mage::log("checkout/onepage43",null,"onepageemail.log");
$this->_prepareNewCustomerQuote();
$isNewCustomer = true;
break;
default:Mage::log("checkout/onepage47",null,"onepageemail.log");
$this->_prepareCustomerQuote();
break;
}
if ($this->getQuote()->getCustomerId()) {Mage::log("checkout/onepage52",null,"onepageemail.log");
$this->getQuote()->getCustomer()->save();
}
#AW_SARP2 override start
$service = Mage::getModel('aw_sarp2/sales_service_profile', $this->getQuote());Mage::log("checkout/onepage56",null,"onepageemail.log");
$service->submitProfile();Mage::log("checkout/onepage57",null,"onepageemail.log");
#AW_SARP2 override end
$this->getQuote()->save();Mage::log("checkout/onepage60",null,"onepageemail.log");
if ($isNewCustomer) {Mage::log("checkout/onepage61",null,"onepageemail.log");
try {
$this->_involveNewCustomer();Mage::log("checkout/onepage63",null,"onepageemail.log");
} catch (Exception $e) {
Mage::logException($e);
}
}
$this->_checkoutSession->setLastQuoteId($this->getQuote()->getId())
->setLastSuccessQuoteId($this->getQuote()->getId())
->clearHelperData();Mage::log("checkout/onepage71",null,"onepageemail.log");
// add recurring profiles information to the session
$profiles = $service->getRecurringPaymentProfiles();Mage::log("checkout/onepage73",null,"onepageemail.log");
if ($profiles) {Mage::log("checkout/onepage74",null,"onepageemail.log");
$ids = array();
foreach ($profiles as $profile) {
$ids[] = $profile->getId();
}Mage::log("checkout/onepage78",null,"onepageemail.log");
$this->sendSubscribeEmail2();Mage::log("checkout/onepage79",null,"onepageemail.log");
$this->_checkoutSession->setLastRecurringProfileIds($ids);
Mage::log("checkout/onepage82",null,"onepageemail.log");
}
return $this;
}
public function sendSubscribeEmail2(){ //HERE I TRY TO SEND THE EMAIL
$templateId = 12;
// Set sender information
$senderName = Mage::getStoreConfig('trans_email/ident_support/name');
$senderEmail = Mage::getStoreConfig('trans_email/ident_support/email');
$sender = array('name' => $senderName,
'email' => $senderEmail);
// Set recepient information
$recepientEmail = 'minorandres#gmail.com';
$recepientName = 'Test Test';
// Get Store ID
$storeId = Mage::app()->getStore()->getId();
// Set variables that can be used in email template
$vars = array('customerName' => 'test',
'customerEmail' => 'minorandres#gmail.com');
$translate = Mage::getSingleton('core/translate');Mage::log("checkout/onepage103",null,"onepageemail.log");
// Send Transactional Email
Mage::getModel('core/email_template')
->sendTransactional($templateId, $sender, $recepientEmail, $recepientName, $vars, $storeId);Mage::log("checkout/onepage106",null,"onepageemail.log");
if (!Mage::getModel('core/email_template')->getSentSuccess()) {
Mage::log("EXCEPTION!!!! =( checkout/onepage107",null,"onepageemail.log");
}
is there something in xml files that i have to do or other place?, please help me
Since i am dealing with subscription products they are handle by a different SMTP provider, on the exception.log i got and error "Mandril cant send email" something like that then i went to Admin Panel and under system>transactional emails has a subtab called mandril i configured that tool and create an account on mandril, then i put the API key indicaded by mandril into system>configuration>mandril(on left side).

Updating customer data from observer after customer_register_success event

Having issues setting the customers group id from an observer. The event is picking up on a new user creation via customer_register_success event. The event is passed to my observer, e.g.
public function registrationSuccess(Varien_Event_Observer $observer) {
// extract customer data from event
$customer = $observer->getCustomer()->getData();
Mage::log('COOKIES', json_encode($_COOKIE));
// a cookie should have been set with the membership id
if (isset($_COOKIE['membership_account_id'])) {
Mage::log('COOKIE SET, ASSOCIATING MEMBERSHIP');
// associate new account with membership, and upgrade user to membership status
$this->associateMembership($customer['entity_id'], $_COOKIE['membership_account_id']);
}
}
Which then calls the associateMembership method to update the group id, and set a custom customer attribute called rms_id:
public function associateMembership($customer_id, $account_id) {
// load customer model
$customer = Mage::getModel('customer/customer')->load($customer_id);
Mage::log('CUSTOMER DATA: ' . json_encode($customer->toArray()));
// upgrade customer to membership level, and set custom rms_id attribute
$customer
->setWebsiteId(Mage::app()->getWebsite()->getId())
->setGroupId(4)
->setRmsId($account_id);
// save
try {
$customer->save();
Mage::log('ACCOUNT ASSOCIATED: CUSTOMER ID = ' . $customer_id . ' ACCOUNT ID = ' . $account_id);
} catch (Exception $ex) {
Mage::log($ex);
}
}
For some reason, there's no error coming back. I'm getting the correct user id, and everything seems to be working. However, the group is not being set, nor is my custom id.
Should I be using another event that will allow the save to go through?
Try loading the website id before loading the customer
$customer = Mage::getModel('customer/customer')
$customer->setWebsiteId(Mage::app()->getWebsite()->getId());
$customer->load($customer_id);
customer_register_success will re-save the customer data after you save it in your custom observer
Also customer_register_success pass the customer data so you should not need to reload it.
see /app/code/core/Mage/Customer/controllers/AccountController.php
Mage::dispatchEvent('customer_register_success',
array('account_controller' => $this, 'customer' => $customer)
);
Try
public function registrationSuccess(Varien_Event_Observer $observer) {
// extract customer data from event
$customer = $observer->getCustomer();
Mage::log('COOKIES', json_encode($_COOKIE));
// a cookie should have been set with the membership id
if ($membership_account_id = Mage::getModel('core/cookie')->get('membership_account_id')) {
Mage::log('COOKIE SET, ASSOCIATING MEMBERSHIP');
$customer->setGroupId(4)
->setRmsId($membership_account_id);
}
return $this;
}
Try to set customer website id before load.
e.g.
$customer = Mage::getModel('customer/customer')
->setWebsiteId(Mage::app()->getWebsite()->getId())
->load($customer_id);
Also try to put die; after $customer->save(); while testing - in such case you will be sure that nothing else changes customers data after you (may be some other observer).

Resources