My Account Menu Permissions

This topic applies to

Applies to

SuiteCommerce Web Stores

The My Account application contains a menu that provides links to different features within the application. This menu is available in the following locations:

  • The sidebar menu.

  • The application header.

SuiteCommerce generates each of these menus dynamically based on feature areas the user has permissions to access. By default, SuiteCommerce uses the NetSuite roles and permissions of the currently-logged-in user to determine which menu actions are displayed. For example, if a user does not have permission to view the Order History in NetSuite, the Order History & Returns link is not displayed in the My Account menu for that user.

However, the mechanism for generating the menu items based on permissions is different for each menu. Permissions attributes are set for each view as needed and then in the template files those permissions attributes are used to determine which links to display.

Header Menu

The Header application module displays the application header. The header_menu_myaccount.tpl template defines each menu and submenu item in the HTML. To determine which menu items the user has permissions to view, the HTML tests the permissions based on the values of the data-permissions attribute.

For example, in the following code snippet from header_menu_mayaccount.tpl, the div is displayed only when the permissions for the currently logged in user matches both data-permissions attributes listed.

<a class="header-menu-myaccount-anchor-level3" href="#" data-touchpoint="customercenter" data-hashtag="#returns" data-permissions="transactions.tranFind.1,transactions.tranRtnAuth.1" name="returns">
   {{translate 'Returns'}}
   </a>

Account Overview Menu

The Account Overview menu is generated automatically when the My Account application is loaded. Each application module that defines a feature with a corresponding menu item returns an object called MenuItems. This object is generally defined within the entry point module. For example, the following code snippet from the Quote.js file defines the menu item that appears in the Account Overview menu:

MenuItems: {
         parent: 'orders'
      ,   id: 'quotes'
      ,   name: _('Quotes').translate()
      ,   url: 'quotes'
      ,   index: 5
      ,   permission: 'transactions.tranFind.1,transactions.tranEstimate.1'
      }

After all modules are loaded into the application, the MyAccount.on method of the SC.MyAccount module loads each menu item into an array.

Forbidden Access

Although the My Account application only enables features that a user has permission to access, it is possible they may attempt to access a page they do not have permission to view. The ErrorManagement.ForbiddenError.View module of the ErrorManagement application module displays an error message if a user does not have permission to access a feature. By default, the template for this view displays the following error message:

Sorry! You have no permission to view this page. Please contact the website administrator, click here to continue.

You can customize this template as needed for your web store.