Restrict customers being able to view a category/plp - spartacus-storefront

What is the suggested approach to restrict a customer viewing a PLP, based on the user group assigned to the CategoryModel?
For example, let's say a category with code "c012345" is assigned to the user group "promoPreviewCustomers". I have two registered customers who are a part of the customergroup but only one customer is in the promoPreviewCustomers group.
Only the customer who is in a promoPreviewCustomers group, should be able to see the PLP of the category page c012345.
Our initial thought was to drive this through a personalisation rule within Commerce.
What are other people's thoughts on how this should be implemented within Spartacus, given that the product search API does not take into account the logged in customer?

Any restriction done only in Spartacus will be only for the UX as true restriction can only be done in the backend. Therefore, the best approach would be to drive this behavior with personalization within Commerce

Related

How to verify that guest email is already exist as customer in system on checkout page in Shopify

We need to add feature in Shopify that guest/customer can't purchase the product more then limit defined in product meta field in CMS.
Basically, we have limited edition of product so want that single person [email verification] can purchase 1-2 quantity in life time.
For this we tried following ways:
Webhook: But not able to find solution to show error on checkout page and stop order if we found such condition.
Custom code on template itself: But we are not able to verify email from CMS that its already attached to a customer otherwise we will get all orders of that customers and then products and matched with current cart product and show error message
Don't allow guest checkouts. Force your customers to login with an email. Them you can be certain of not allowing them to checkout with more than the one or two of these products in their lifetime. Otherwise, accept their order and simply cancel/refund the cheaters.

Sylius VAT based on delivery address

I'm trying to evaluate Sylius as a replacement for an existing shop system. However, I was unable to find an option on the demo system where Sylius calculates VAT based on the user's delivery address. Additionally, the VAT is not displayed in the frontend. How can this be configured?
If you want to show product based on address in frontend that would be little tricky, I think best way is to create custom channel. Then detect user location and show proper channel (maybe subdomain) - in any case for this you need to know user location. We resolved this in one project with asking him at the begining then store to cookie or account if he is logged in.
Regarding tax based on address in checkout that is possible, tax is very flexible and it is related to type of products (category) or location, so you can create different tax for different countries and this will be updated in checkout process after user decide where to deliver it.

Require 3rd party age verification in shopify

I have a requirement to do 3rd party age verification before I ship an order. I'm using a company called EVS for this. They released a shopify app recently, but seems partly baked. It requires a user to enter date of birth when registering for an account and then triggers the verification when the user places an order. The main problem with that is that it's rare for a customer to actually create an account before ordering for the first time -- instead they order first, then shopify emails them to create an account after the fact. Creating the account afterward does not allow the customer to enter DOB.
So I'm planning to implement my own solution. I can use EVS's API to run the verification by sending a combination of Name, Address, DOB, DL# and State, and last 4 of SSN. I have already built a proprietary order management system that pulls in customer and order data, and I can write a client to perform the verification.
I'm less savvy on the shopify side. I need to balance customer friction when placing an order for the first time, against having to do a lot of manual work for verification.
Below are the options I have conceived. Are there any other options? Any ideas for a better solution? Keep in mind I need to verify a customer once. I can tag the customer account as verified, and once verified it's business as usual.
Alter shopify templates to only show the checkout button when a user is logged in. If not logged in, show a "Create an account" button instead. That way the user provides DOB during account creation and the EVS app works as designed.
Set up a separate verification site like verify.my-domain.com. I can trigger an email to the customer upon order creation and ask them to verify. (May have issues with incorrect email addresses or spam filtering.)
If customer is not logged in, or account is not age verified, and they click Checkout, I can redirect them to a page. I can use a form on the page to do the verification. If verification passes, send them on to checkout.
For option 3, I don't know what shopify allows or what best practices allow. Can I use js to pass data to my own server on a different subdomain? Or post the form to another subdomain and then redirect back to shopify?
I'd appreciate any thoughts or suggestions.
You have pretty much summed up all your options, to clarify on them a little:
You can require that customers create an account in the store checkout settings. /admin/settings/checkout
This would work, you could iframe it in too on a custom Page. Or, better, use cross-domain calls or jsonp.
This is a little convoluted and you would have to persist and maintain lot of external state. I'd avoid this
I think a combination of 1 and 2. Turn on "require customer account". Modify the customer account creation page. Implement a cross domain policy with your server which will host custom code leveraging the EVS API.
I'm not sure if you are selling tangible goods or not but with stringent policies on users' age you have to bear in mind that shipping addresses could change. For a tight integration you should look at having webhooks whenever a customer is changed and make sure all their data is still valid since their last EVS approval.
I've been looking into this quite extensively and we've spent a number of hours experimenting with options. Our client in this case is on Shopify Plus so we do have the benefit of access to checkout.liquid.
Our research has led us to believe that one cannot pass the required 'customer note' of the date of birth to the checkout should they be attempting to checkout as a 'guest'. Perhaps because the 'customer' does not yet exist.
Our options have been narrowed down to:
Write a custom backend app that allows Shopify and EVS to communicate directly (XML API on the EVS side) in the checkout process or just prior and then pass the verification status back to Shopify to allow the order to proceed, or append some relevant status marker for the fulfillment department to act accordingly. The EVS app doesn't prevent the order from proceeding, but does flag the customer's age as unverified in the Risk Level panel in the admin. This would be quite a substantial project and by no means low hanging fruit. There is also risk of re-doing a lot of what the EVS app does already and running into they same obstacles they did.
Force customers to register prior to checkout (if not signed in). This seems the most viable approach. The only caveat being that existing customers will not have the customer note (birth date) and we'd need to build a smaller backend app to allow them to append this to their customer account via the Shopify API (this cannot be done via liquid).
These are our findings and I'd love to know more about how you ended up approaching this.

Is there a way to get transactions for all container accounts belongs to a specific site aggregated using Yodle APIs?

Is there a way to get transactions for all container accounts that belong to a specific site aggregated using Yodle APIs?
For example, the American Express Cards (siteId: 12) have bank, credits, loans and etc enabled containers.
So, can we get the transactions for all enabled container accounts for a single site?
If you mean to ask this- "Is there a way to get transactions for all the accounts(all containers) belongs to a particular site?" Then.
Yodlee provides two ways to get the transactions.
Getting transactions for a specific account i.e., you need to provide itemAccountId for each account to get the transactions for the specific account using executeUserSearchRequest API.
Getting transactions for all the accounts i.e., you need not to provide itemAccountId for any of the particular account while provide rest of the input parameters to get transactions using executeUserSearchRequest but this will return you transactions for all the accounts. Using your example, it will give you transactions for all the container present under SiteID-12 as well as other sites added by the consumer. Though you can use the second approach to get the transactions for all accounts and then filter it out for all containers belongs to a specific site. You can use the sumInfoId(ContentServiceID) present in the response for each transaction.

Design pattern for maintaining different state(s) across browser tabs in a single session

I have an MVC 4 based web app. Where I provide 2 login types, 1. Employee and 2. Customer. With Customer login, I present a dashboard and other stuff, about his orders, etc. With Employee login, I allow the employee to search for his customers and provide the ability to carry out certain customer specific tasks.
It is possible that, an employee after login can seach for a number of customers and fetch each of their details in multiple browser tab(s).
I am having difficulty in maintaining state for each tab, if I put the unique identifier of the customer in session, as the next subsequent request will overwrite the session!
To solve this, I have relied on a (dirty) viewbag based solution, where I set the customer number in viewbag in every view.
Is there an elegant solution to solve this? a known design pattern?