My Account Menu Permissions
The My Account application contains a menu that provides links to different features within the application. The menu is available in two locations: the sidebar and application header.
Each menu is generated dynamically based on the feature areas the user has permission to access. By default, the user's NetSuite roles and permissions determine which menu actions are shown. For example, if a user doesn't have permission to view Order History in NetSuite, they won't see the Order History & Returns link in their My Account menu.
However, the mechanism for generating the menu items based on permissions is different for each menu. Permissions attributes are set for each view and then in the template files those permissions attributes are used to determine which links to display.
Header Menu
The Header application module displays the application header. The header_menu_myaccount.tpl template defines each menu and submenu item in the HTML. To determine which menu items the user can view, the HTML checks permissions based on the values of the data-permissions attribute.
For example, in the header_menu_mayaccount.tpl code snippet, the div is displayed when the logged-in user's permissions match both listed data-permissions attributes
<a class="header-menu-myaccount-anchor-level3" href="#" data-touchpoint="customercenter" data-hashtag="#returns" data-permissions="transactions.tranFind.1,transactions.tranRtnAuth.1" name="returns">
{{translate 'Returns'}}
</a>
Account Overview Menu
The Account Overview menu is generated automatically when the My Account application loads. Each application module that defines a feature with a corresponding menu item returns a MenuItems object.
The MenuItems object is usually defined in the entry point module. For example, the following code snippet from the Quote.js file defines the menu item that appears in the Account Overview menu.
MenuItems: {
parent: 'orders'
, id: 'quotes'
, name: _('Quotes').translate()
, url: 'quotes'
, index: 5
, permission: 'transactions.tranFind.1,transactions.tranEstimate.1'
}
After all modules are loaded, the SC.MyAccount module's MyAccount.on method loads menu items into an array.
Forbidden Access
The My Account application only enables permitted features, but users may still try to access restricted pages. The ErrorManagement.ForbiddenError.View module of the ErrorManagement application module displays an error message if a user doesn't have permission to access a feature. By default, the template for this view displays the following error message:
Sorry! You have no permission to view this page. Please contact the website administrator, click here to continue.
You can customize this template to fit your web store's needs.