Prestashop: Customer can see all vouchers

Hi @Hlavtox,

I manage to reproduce the issue with PS:1.7.5.1.
If you have already fixed it on your end or if you think you can do it, please do send us a pull request!
Ping @marionf what do you think?

Thanks!

@khouloudbelguith

I can't reproduce the issue.

I created a voucher for every customers
I created a voucher for John Doe

With John Doe account, I see only John Doe's voucher

With another customer account, I don't see any voucher

@marionf

Thanks to check the Customer group selection.

@khouloudbelguith

You mean, I need to select a specific customer group for the voucher instead of a specific customer ?

@marionf

Yes, for vouchers to be displayed.

All right I edited steps to reproduce the issue in the description

Customer group restriction works fine.

If you restrict voucher for a specific group, users from other groups wont see it.

If you restrict voucher for a specific customer, other users wont see it.

The problem is, the function adds to every voucher list all vouchers, which have SOME KIND of group restriction. Which is wrong.

@Hlavtox what is this option in BO when you create the voucher ?

If I restrict a voucher for a specific customer group, users from other groups can see it.
Take a look at the video:
https://drive.google.com/file/d/1WysTgHCARG1pzZrcRXHCAE3QLq_THURT/view?usp=sharing

@marionf

Why do you guys change to ticket to something completely else!!! Customer restriction works fine. The problem was, that customers could see all voucher which were not restricted to a single customer.

And on your video, it works as it should. You selected 2 groups for that voucher and your customer belongs to that group, that's why he sees it.

In 1.7, it seems to work fine, because you can't see that 10% generic voucher.

I think this logic should be re-thinked through.

Because, let aside the group restrictions, why should a customer see a voucher with a code? You could as well apply it directly in the cart.

I think the customer should see only higlighted vouchers in his "My Vouchers" section.

@Hlavtox

And on your video, it works as it should. You selected 2 groups for that voucher and your customer belongs to that group, that's why he sees it.

Yes, you are right, my bad.

The problem was, that customers could see all voucher which were not restricted to a single customer.

I can't reproduce it, could you send a video or screenshot of your cart rule's configuration ?

In 1.7, it seems to work fine, because you can't see that 10% generic voucher.

What is your Prestashop's version ?

@khouloudbelguith How did you do to repoduce it on 1.7.5.1 ?

Hi @marionf,

steps to reproduce:

1. Create a new customer group GA
2. Create a new customer C1 with Group access only GA
3. Create a new customer C2 with Group access only Customer & visitor & Guest
4. Create a cart rule CR1
   4.1 this cart rule is only limited to a single customer ( [email protected])
   4.2 this cart rule have a restriction: customer group selection
   4.3 unselected groups: GA
   4.4 selected groups : Customer / visitor / Guest
5. Create another cart rule CR2 a restriction: customer group selection (selected groups : Customer / visitor / Guest)

In FO if we are signed with the customer C2 the cart rule CR1 is displayed but not applied ( In fact it should not be displayed because it is just limited to [email protected])

PS: In the list voucher in FO, if we are signed with the customer C2 the cart rule is displayed =>, In fact, it should not be displayed because it is just limited to [email protected])

I attached a video record
https://drive.google.com/file/d/1lUySJIMwDVZJ_UxFsL548g8ZHP-cw8gL/view
Thanks!

@khouloudbelguith

I did exactly the steps you described and when I am logged with customer C2 I don't see the cart rule.

https://drive.google.com/open?id=1S_PnrJvJO89zdxI5nr4M1_CvayNclAgQ

Hi @marionf,

Thanks for your feedback.
There is a step is missing, we need to create another cart rule CR2 with group selection "Customers".
When we login in Fo with the customer C2, in the voucher list we found two cart rules (CR1 & CR2)
CR1 is incorrect.
I edited the steps in my previous comment.
Thanks!

@khouloudbelguith So, on 1.7 there is even more stuff that doesn't work :D On 1.6, at least the group restrictions worked.

I think the order should be like this:

1. All vouchers which doesn't apply to the the customer's group should be crossed out. - This should work, at least on 1.6.
2. All vouchers that apply to a single customer and the customer is not the one logged in should be crossed out. - This should work, at least on 1.6.
3. Now with the rest. I think:
   3A) The customer should see only his personal vouchers, regardless being highlighted or not.
   3B) The customer should see generic vouchers, ONLY if they are highligted.

What do you think?

@khouloudbelguith

I think it's normal CR1 is displayed for C2 because you defined 2 conditions:
limited to [email protected] AND limited to Customer / visitor / Guest
Which means, your cart rule will be available for [email protected] customer AND for any customer in Customer / visitor / Guest group

@marionf, with PS1.6, we have this PR: https://github.com/PrestaShop/PrestaShop/pull/8701 similar to the issue.
Thanks!

There are some things to be specified here:

1) What happens when a cart rule is limited to a specific customer AND to a/some customer's group(s) ?
Who should see the voucher ? Only the specific customer ? Or also any customer in the group ?
Currently, the voucher is displayed only for the specific customer
Except if there is a 2nd cart rule, limited to the same customer groups as the first one (as here)

3A) The customer should see only his personal vouchers, regardless being highlighted or not

It's already the case in 1.7

3B) The customer should see generic vouchers, ONLY if they are highligted.

Currently, generic voucher (not limited to a specific customer or to customers groups) are not displayed in customer's account in FO, no matter if it's highlighted or not

A way to simplify point 1. could be:
If I select a specific customer, I can't add a restriction on customer group (the checkbox is disabled) and vice versa: if I select customer group restriction, I can't add a specific customer (the field is disabled)

Guys this needs to be solved, I would say it's a major business mistake for everybody.

As soon as you set SOME KIND of group restrictions and the user belongs to that group. The voucher gets shown to him. If you don't set group restrictions = enable it for everybody, he doesn't see it. Group restrictions shouldn't do anything with the voucher visibility.

@marionf Good point, should be like this.

Visiblity in BO should be controlled by "Highlight" option or a separate "Show in user's account" option, that would get created for this.

@khouloudbelguith do you think this issue is a duplicate of #10766 or they are two different issues ?

Hi @colinegin,

The steps to reproduce the issue (other customers can see vouchers) are different.
In fact, this issue: https://github.com/PrestaShop/PrestaShop/issues/13002 we are talking about Cart rule limited to just a customer & group restriction
In this ticket: https://github.com/PrestaShop/PrestaShop/issues/10766, we have another condition (Total available = 0 < Total available for each user)

So, two different cases to reproduce the issue.
@colinegin, what do you think? we close an issue as duplicate & we add the case2 in the other shop?

Thanks!

Oh sorry I misunderstood the other issue.
They may be related to each other, but they are not duplicated so we should leave both of them :)
Thanks !

@khouloudbelguith @matks

I saw the PR regarding issue, but maybe try this first.

When you look to CartRule.php - line 396, you will see $sql .= ' UNION (SELECT ' . $sql_part1 . ' WHERE cr.group_restriction= 1 ' . $sql_part2 . ')';

What this does is, that it adds to the list ALL RULES, that have SOME SORT of group restrictions enabled.

If you comment out this line, the logic for group restrictions still continue to work fine and it doesn't show generic vouchers = fixes this issue.

The behavior for displaying generic vouchers is then controlled by $includeGeneric = true/false, as it was designed. After this fix, the page works as it should - it only shows vouchers restricted to this one single customer, no matter if it is automatic or with a code.

PS: I don't know what is your opinion, but I think this page should also show all vouchers that are BOTH GENERIC AND HIGHLIGHTED. But this would probably need a bigger mod to getCustomerCartRules function, because if you enable $includeGeneric and $highlight_only, it would hide the customer-restricted vouchers, which are probably not highlighted.

Mitigated ( = partially fixed) by https://github.com/PrestaShop/PrestaShop/pull/15903

@matks Maybe we can close this issue and open a new one with what remains to do ?

@marionf Yes 👍 I do that

Done in https://github.com/PrestaShop/PrestaShop/issues/15938