smartstore · suatsuphi · Feb 28, 2024 · Feb 28, 2024 · Feb 28, 2024 · Feb 28, 2024
diff --git a/src/Smartstore.Core/Checkout/Permissions.Checkout.cs b/src/Smartstore.Core/Checkout/Permissions.Checkout.cs
@@ -83,6 +83,7 @@ public static class Cart
  {
  public const string Self = "cart";
  public const string Read = "cart.read";
+ public const string AccessOrders = "cart.accessorders";
  public const string AccessShoppingCart = "cart.accessshoppingcart";
  public const string AccessWishlist = "cart.accesswishlist";
 

diff --git a/src/Smartstore.Core/Migrations/SmartDbContextDataSeeder.cs b/src/Smartstore.Core/Migrations/SmartDbContextDataSeeder.cs
diff --git a/src/Smartstore.Core/Platform/Security/Services/StandardPermissionProvider.cs b/src/Smartstore.Core/Platform/Security/Services/StandardPermissionProvider.cs
@@ -41,6 +41,7 @@ public virtual IEnumerable<DefaultPermissionRecord> GetDefaultPermissions()
  PermissionRecords = new[]
  {
  new PermissionRecord { SystemName = Permissions.Catalog.DisplayPrice },
+ new PermissionRecord { SystemName = Permissions.Cart.AccessOrders },
  new PermissionRecord { SystemName = Permissions.Cart.AccessShoppingCart },
  new PermissionRecord { SystemName = Permissions.Cart.AccessWishlist },
  new PermissionRecord { SystemName = Permissions.System.AccessShop }
@@ -52,6 +53,7 @@ public virtual IEnumerable<DefaultPermissionRecord> GetDefaultPermissions()
  PermissionRecords = new[]
  {
  new PermissionRecord { SystemName = Permissions.Catalog.DisplayPrice },
+ new PermissionRecord { SystemName = Permissions.Cart.AccessOrders },
  new PermissionRecord { SystemName = Permissions.Cart.AccessShoppingCart },
  new PermissionRecord { SystemName = Permissions.Cart.AccessWishlist },
  new PermissionRecord { SystemName = Permissions.System.AccessShop }
@@ -63,6 +65,7 @@ public virtual IEnumerable<DefaultPermissionRecord> GetDefaultPermissions()
  PermissionRecords = new[]
  {
  new PermissionRecord { SystemName = Permissions.Catalog.DisplayPrice },
+ new PermissionRecord { SystemName = Permissions.Cart.AccessOrders },
  new PermissionRecord { SystemName = Permissions.Cart.AccessShoppingCart },
  new PermissionRecord { SystemName = Permissions.Cart.AccessWishlist },
  new PermissionRecord { SystemName = Permissions.System.AccessShop }

diff --git a/src/Smartstore.Web/Components/AccountDropdownViewComponent.cs b/src/Smartstore.Web/Components/AccountDropdownViewComponent.cs
@@ -18,6 +18,7 @@ public async Task<IViewComponentResult> InvokeAsync()
  DisplayAdminLink = await Services.Permissions.AuthorizeAsync(Permissions.System.AccessBackend),
  ShoppingCartEnabled = await Services.Permissions.AuthorizeAsync(Permissions.Cart.AccessShoppingCart),
  WishlistEnabled = await Services.Permissions.AuthorizeAsync(Permissions.Cart.AccessWishlist),
+ OrdersEnabled = await Services.Permissions.AuthorizeAsync(Permissions.Cart.AccessOrders),
  //ShoppingCartItems = await Services.DbContext.ShoppingCartItems.CountCartItemsAsync(customer, ShoppingCartType.ShoppingCart, Services.StoreContext.CurrentStore.Id),
  //WishlistItems = await Services.DbContext.ShoppingCartItems.CountCartItemsAsync(customer, ShoppingCartType.Wishlist, Services.StoreContext.CurrentStore.Id)
  };
@@ -29,12 +30,15 @@ public async Task<IViewComponentResult> InvokeAsync()
  .Text(T("Account.MyAccount"))
  .AsItem());
 
- model.MenuItems.Add(new MenuItem().ToBuilder()
- .Action("Orders", "Customer")
- .LinkHtmlAttributes(new { @class = "dropdown-item", rel = "nofollow" })
- .Icon("fal fa-file-lines fa-fw")
- .Text(T("Account.MyOrders"))
- .AsItem());
+ if (model.OrdersEnabled)
+ {
+ model.MenuItems.Add(new MenuItem().ToBuilder()
+ .Action("Orders", "Customer")
+ .LinkHtmlAttributes(new { @class = "dropdown-item", rel = "nofollow" })
+ .Icon("fal fa-file-lines fa-fw")
+ .Text(T("Account.MyOrders"))
+ .AsItem());
+ }
 
  if (model.DisplayAdminLink)
  {

diff --git a/src/Smartstore.Web/Controllers/CustomerController.cs b/src/Smartstore.Web/Controllers/CustomerController.cs
@@ -494,6 +494,11 @@ public async Task<IActionResult> Orders(int? page, int? recurringPaymentsPage)
  return ChallengeOrForbid();
  }
 
+ if (!await Services.Permissions.AuthorizeAsync(Permissions.Cart.AccessOrders))
+ {
+ return RedirectToRoute("Homepage");
+ }
+
  var ordersPageIndex = Math.Max((page ?? 0) - 1, 0);
  var rpPageIndex = Math.Max((recurringPaymentsPage ?? 0) - 1, 0);
 

diff --git a/src/Smartstore.Web/Infrastructure/Menus/MyAccountMenu.cs b/src/Smartstore.Web/Infrastructure/Menus/MyAccountMenu.cs
@@ -3,6 +3,7 @@
 using Smartstore.Core.Content.Menus;
 using Smartstore.Core.Identity;
 using Smartstore.Core.Localization;
+using Smartstore.Core.Security;
 
 namespace Smartstore.Web.Infrastructure
 {
@@ -110,16 +111,20 @@ protected virtual async Task<TreeNode<MenuItem>> BuildAsync()
  Icon = "fal fa-address-book",
  ActionName = "Addresses",
  ControllerName = "Customer"
- },
- new MenuItem
+ }
+ });
+
+ if (await _services.Permissions.AuthorizeAsync(Permissions.Cart.AccessOrders))
+ {
+ root.Append(new MenuItem
  {
  Id = "orders",
  Text = T("Account.CustomerOrders"),
  Icon = "fal fa-file-lines",
  ActionName = "Orders",
  ControllerName = "Customer"
- }
- });
+ });
+ }
 
  if (_orderSettings.ReturnRequestsEnabled)
  {

diff --git a/src/Smartstore.Web/Models/Common/AccountDropdownModel.cs b/src/Smartstore.Web/Models/Common/AccountDropdownModel.cs
@@ -10,6 +10,7 @@ public partial class AccountDropdownModel : EntityModelBase
  public bool ShoppingCartEnabled { get; set; }
  public int ShoppingCartItems { get; set; }
  public bool WishlistEnabled { get; set; }
+ public bool OrdersEnabled { get; set; }
  public int WishlistItems { get; set; }
 
  public List<MenuItem> MenuItems { get; } = new();