AbleCommerce Forums
»
AbleCommerce
»
General Questions
»
9.0.4 design question with admin create-order process
Rank: Advanced Member
Groups: HelpDesk, Developers
Joined: 11/9/2018(UTC)
Posts: 564
Thanks: 122 times
Was thanked: 26 time(s) in 25 post(s)
|
I just noticed that I can change the email address on the billing address page to something different than the user's email address. And that changed address is not validated against the user database to see if it already exists on another user account.
So it's entirely possible to create an order assigned to one user, but have the order bill-to email address match another existing able user account.
Should that bill-to-email field be allowed to be changed at that point in the order process?
The reason this concerns me is how the controller saves the billing address fields. It's updating the primary-address object for the given user. But it never updates the parent user object email address. So you could wind up with a user record that has one email address, while the primary address for that user has an entirely different email address. And it's an email that could already exist on another user account elsewhere in the system.
The controller is not updating the email address on the user object. It only updates the user address object.
I'm thinking it's a really bad idea to have any chance of the same email address associated with completely different user records like that.
Thoughts?
|
|
|
|
|
|
Rank: Advanced Member
Groups: System, Administrators, Developers, Registered, HelpDesk
Joined: 10/29/2018(UTC)
Posts: 472
Thanks: 4 times
Was thanked: 34 time(s) in 33 post(s)
|
Hi Joe,
I've started a discussion with the dev team, but here are my thoughts.
The order email address is used for notification. It can be updated to anything and is not checked against the user records. I think that it has always been this way. I know we all have special and unique situations, but in our store, we will have user X placing orders on behalf of his/her client. So it's fairly common to see an order placed with billing address that is not the same as the user placing the order.
If we were to suddenly try and enforce the user's email and the order email, then it might cause some issues for our store and possibly others as well.
It's a very interesting question nonetheless. Hopefully we can get some input by the developers.
Katie |
Thanks for your support!
Katie
Secure eCommerce Software and Hosting |
 1 user thanked Katie S for this useful post.
|
|
|
|
Rank: Advanced Member
Groups: HelpDesk, Developers
Joined: 11/9/2018(UTC)
Posts: 564
Thanks: 122 times
Was thanked: 26 time(s) in 25 post(s)
|
I agree with you. I'm not entirely sure it's a concern. On the other hand, I've always sort of taken it for granted that an email address would be unique within the system. And it is, but only if you look in users. So maybe it's not a problem worth digging.
I think it's always been that way. If it hasn't been an issue in 15 years, maybe it's not an issue :)
|
|
|
|
|
|
AbleCommerce Forums
»
AbleCommerce
»
General Questions
»
9.0.4 design question with admin create-order process
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.
Important Information:
The AbleCommerce Forums uses cookies. By continuing to browse this site, you are agreeing to our use of cookies.
More Details
Close
