Implementing store owner settings management by Copilot · Pull Request #695 · grandnode/grandnode2

Copilot · 2026-05-17T14:19:26Z

- Add SettingController to Grand.Web.Store with GeneralCommon, Catalog, Customer, Sales, Media (no file manager), Content actions - Create views and partials for all settings pages in Store area - Media settings preserve file manager fields (AllowedFileTypes, FileManagerEnabledCommands, FileManagerDisabledUICommands) - Add Settings model namespace to Store _ViewImports.cshtml - Restrict PushNotifications/AdminSearch/SystemSettings SiteMap entries to ManageSystem permission so store managers cannot see them - Add migration 2.5 to update existing installations Agent-Logs-Url: https://github.com/grandnode/grandnode2/sessions/e0160bcc-7e3e-4cd7-9f36-e0a1f176f95b Co-authored-by: KrzysztofPajak <16772986+KrzysztofPajak@users.noreply.github.com>

KrzysztofPajak · 2026-05-17T15:05:56Z

@copilot migration to version 2.4

Agent-Logs-Url: https://github.com/grandnode/grandnode2/sessions/25e0c368-068f-46b8-9ec9-e6ba9aeee5a4 Co-authored-by: KrzysztofPajak <16772986+KrzysztofPajak@users.noreply.github.com>

Copilot · 2026-05-17T15:07:34Z

@copilot migration to version 2.4

Done — the migration has been moved to version 2.4 (commit f57c54d). It now lives in Migrations/2.4/MigrationUpdateAdminSiteMap.cs with Priority => 1 so it runs after MigrationUpgradeDbVersion_24 which has Priority => 0.

Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>

KrzysztofPajak · 2026-05-18T17:58:44Z

@copilot Merchandise return reasons and Merchandise return actions, need to be per store

Agent-Logs-Url: https://github.com/grandnode/grandnode2/sessions/1bb61bfc-6900-4ff3-928d-0e52909309b9 Co-authored-by: KrzysztofPajak <16772986+KrzysztofPajak@users.noreply.github.com>

Copilot · 2026-05-18T18:15:46Z

@copilot Merchandise return reasons and Merchandise return actions, need to be per store

Done in commit d8a2037. Both MerchandiseReturnReason and MerchandiseReturnAction now implement IStoreLinkEntity (LimitedToStores + Stores fields). The service's GetAll* methods accept an optional storeId and filter accordingly. The Store SettingController automatically scopes the list to the current store and pre-assigns the store when creating new items. The public-facing GetMerchandiseReturnHandler also passes the current store ID so customers only see reasons/actions relevant to their store.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

ccsca2021.crl.certum.pl
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Store/Grand.Web.Store.csproj -v q mmandHandler.cs ndHandler.cs (dns block)
ccsca2021.ocsp-certum.com
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Store/Grand.Web.Store.csproj -v q mmandHandler.cs ndHandler.cs (dns block)
crl.certum.pl
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Store/Grand.Web.Store.csproj -v q mmandHandler.cs ndHandler.cs (dns block)
subca.ocsp-certum.com
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Store/Grand.Web.Store.csproj -v q mmandHandler.cs ndHandler.cs (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled
Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Added a new `PermissionNames` property to the `StandardAdminSiteMap` class in `StandardAdminSiteMap.cs`. This property specifies required permissions for the "Vendor settings" menu item, enhancing access control.

…om/grandnode/grandnode2 into copilot/allow-store-owner-settings

KrzysztofPajak · 2026-05-19T16:07:19Z

@copilot MerchandiseReturnReason and MerchandiseReturnActio in Grand.Web.Admin - Edit/Add shoud be able to select store (only one or any), Grand.Web.Store - should be able add, edit new store with Current store, If Edit and store is not selected store owner can't edit, delete

…edit/delete Agent-Logs-Url: https://github.com/grandnode/grandnode2/sessions/72a91e28-9c24-4ec8-a1c3-31096706e27b Co-authored-by: KrzysztofPajak <16772986+KrzysztofPajak@users.noreply.github.com>

Copilot · 2026-05-19T16:13:22Z

@copilot MerchandiseReturnReason and MerchandiseReturnActio in Grand.Web.Admin - Edit/Add shoud be able to select store (only one or any), Grand.Web.Store - should be able add, edit new store with Cur...

Done in commit a36b145.

Grand.Web.Admin: Both MerchandiseReturnReason and MerchandiseReturnAction create/edit partials now include a Stores multi-select field, so admins can assign each item to one or multiple stores (or leave unselected for all stores).

Grand.Web.Store: Edit and delete actions for both MerchandiseReturnReason and MerchandiseReturnAction now check whether the current store is included in the item's Stores list — if the item has LimitedToStores = true and the store owner's store is not in the list, the request is redirected back to the list (access denied). Create actions still auto-assign the current store to new items.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

ccsca2021.crl.certum.pl
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Store/Grand.Web.Store.csproj -v q (dns block)
ccsca2021.ocsp-certum.com
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Store/Grand.Web.Store.csproj -v q (dns block)
crl.certum.pl
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Store/Grand.Web.Store.csproj -v q (dns block)
subca.ocsp-certum.com
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Store/Grand.Web.Store.csproj -v q (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled
Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

KrzysztofPajak · 2026-05-19T16:18:24Z

@copilot Grand.Web.Amin - list Merchandise return reasons and Merchandise return actions show for all store - to just only for selected store

KrzysztofPajak · 2026-05-19T16:21:54Z

@copilot Grand.Web.Admin - edit store does not select current store, Grand.Web.Store - it allow to edit/delete Merchandise return actions/Merchandise return reasons event if the belong to all store - it shouldn't

… store scope Agent-Logs-Url: https://github.com/grandnode/grandnode2/sessions/ea9c4855-f181-40ae-b3d4-f99c9c898926 Co-authored-by: KrzysztofPajak <16772986+KrzysztofPajak@users.noreply.github.com>

Copilot · 2026-05-19T16:23:24Z

@copilot Grand.Web.Amin - list Merchandise return reasons and Merchandise return actions show for all store - to just only for selected store

Done in commit fed6a1c. The admin MerchandiseReturnReasonList and MerchandiseReturnActionList grid actions now call GetActiveStore() and pass the result to GetAllMerchandiseReturnReasons(storeId) / GetAllMerchandiseReturnActions(storeId), so the grids only show items assigned to (or shared with) the currently selected store in the Sales settings page.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

ccsca2021.crl.certum.pl
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Admin/Grand.Web.Admin.csproj -v q ./src/Web/Grand.Web/Views/Account/SubAccountAdd.cshtml ./src/Web/Grand.Web/Views/Account/Partials/CheckUsernameAvailability.cshtml cheduleTask.cs ask.cs ask.cs cheduleTask.cs .cs (dns block)
ccsca2021.ocsp-certum.com
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Admin/Grand.Web.Admin.csproj -v q ./src/Web/Grand.Web/Views/Account/SubAccountAdd.cshtml ./src/Web/Grand.Web/Views/Account/Partials/CheckUsernameAvailability.cshtml cheduleTask.cs ask.cs ask.cs cheduleTask.cs .cs (dns block)
crl.certum.pl
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Admin/Grand.Web.Admin.csproj -v q ./src/Web/Grand.Web/Views/Account/SubAccountAdd.cshtml ./src/Web/Grand.Web/Views/Account/Partials/CheckUsernameAvailability.cshtml cheduleTask.cs ask.cs ask.cs cheduleTask.cs .cs (dns block)
subca.ocsp-certum.com
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Admin/Grand.Web.Admin.csproj -v q ./src/Web/Grand.Web/Views/Account/SubAccountAdd.cshtml ./src/Web/Grand.Web/Views/Account/Partials/CheckUsernameAvailability.cshtml cheduleTask.cs ask.cs ask.cs cheduleTask.cs .cs (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled
Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

…rol for return reasons/actions Agent-Logs-Url: https://github.com/grandnode/grandnode2/sessions/8dc1a3e4-0ddc-4146-8511-9670ea427abf Co-authored-by: KrzysztofPajak <16772986+KrzysztofPajak@users.noreply.github.com>

Copilot · 2026-05-19T16:32:58Z

@copilot Grand.Web.Admin - edit store does not select current store, Grand.Web.Store - it allow to edit/delete Merchandise return actions/Merchandise return reasons event if the belong to all store - ...

Fixed in commit a3aafbe:

Grand.Web.Admin - create now pre-selects current store: MerchandiseReturnReasonCreate and MerchandiseReturnActionCreate now call GetActiveStore() and pre-populate the Stores field with the currently active admin store scope.
Grand.Web.Store - blocks "all stores" items: Access control in the Store controller is now enforced via a new IsStoreOwnerAccessAllowed() helper. Store owners can only edit/delete items that are explicitly assigned to their store (LimitedToStores = true AND their store is in the Stores list). Items with LimitedToStores = false (available to all stores) are now blocked from edit/delete by store owners.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

ccsca2021.crl.certum.pl
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Admin/Grand.Web.Admin.csproj -v q (dns block)
ccsca2021.ocsp-certum.com
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Admin/Grand.Web.Admin.csproj -v q (dns block)
crl.certum.pl
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Admin/Grand.Web.Admin.csproj -v q (dns block)
subca.ocsp-certum.com
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Admin/Grand.Web.Admin.csproj -v q (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled
Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

KrzysztofPajak · 2026-05-19T18:32:58Z

@copilot Grand.Web.Store - Merchandise return reasons/Merchandise return actions - Add new - does not save current store in store field!

…ctions for return reasons/actions Agent-Logs-Url: https://github.com/grandnode/grandnode2/sessions/378b4da7-97f7-4a8e-8499-302e8929d2aa Co-authored-by: KrzysztofPajak <16772986+KrzysztofPajak@users.noreply.github.com>

Copilot · 2026-05-19T18:36:30Z

@copilot Grand.Web.Store - Merchandise return reasons/Merchandise return actions - Add new - does not save current store in store field!

Fixed in commit e47017b. The Store area's create views don't include a Stores form field (store owners don't need to pick a store — it's always their own store). The GET action was populating model.Stores correctly, but the value was lost on POST since it wasn't bound from the form.

The fix enforces the store assignment server-side in both MerchandiseReturnReasonCreate and MerchandiseReturnActionCreate POST handlers — the current store scope is always applied before saving, regardless of what the form submits.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

ccsca2021.crl.certum.pl
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Store/Grand.Web.Store.csproj -v q (dns block)
ccsca2021.ocsp-certum.com
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Store/Grand.Web.Store.csproj -v q (dns block)
crl.certum.pl
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Store/Grand.Web.Store.csproj -v q (dns block)
subca.ocsp-certum.com
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Store/Grand.Web.Store.csproj -v q (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled
Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

KrzysztofPajak · 2026-05-19T18:53:57Z

@copilot Grand.Web.Store Edit action lost info about store

…eturn reasons/actions Agent-Logs-Url: https://github.com/grandnode/grandnode2/sessions/3e7ecc0b-076a-45c1-a0b2-fcdd42203638 Co-authored-by: KrzysztofPajak <16772986+KrzysztofPajak@users.noreply.github.com>

Copilot · 2026-05-19T18:56:49Z

@copilot Grand.Web.Store Edit action lost info about store

Fixed in commit 47ad1a2. The edit views in the Store area don't include a Stores form field, so model.ToEntity(entity) was overwriting the entity's existing Stores and LimitedToStores values with empty/default ones from the unbound model.

The fix captures the existing Stores and LimitedToStores values from the DB entity before mapping, then restores them after — for both MerchandiseReturnReasonEdit and MerchandiseReturnActionEdit POST handlers.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

ccsca2021.crl.certum.pl
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Store/Grand.Web.Store.csproj -v q (dns block)
ccsca2021.ocsp-certum.com
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Store/Grand.Web.Store.csproj -v q (dns block)
crl.certum.pl
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Store/Grand.Web.Store.csproj -v q (dns block)
subca.ocsp-certum.com
- Triggering command: /usr/share/dotnet/dotnet dotnet build src/Web/Grand.Web.Store/Grand.Web.Store.csproj -v q (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Configure Actions setup steps to set up my environment, which run before the firewall is enabled
Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

KrzysztofPajak · 2026-05-19T19:02:13Z

@copilot Delete Merchandise return reasons/ Merchandise return actions
do not clear cache

Agent-Logs-Url: https://github.com/grandnode/grandnode2/sessions/867feaba-6afe-4cab-a9be-09d8f705a90d Co-authored-by: KrzysztofPajak <16772986+KrzysztofPajak@users.noreply.github.com>

Copilot · 2026-05-19T19:04:12Z

@copilot Delete Merchandise return reasons/ Merchandise return actions
do not clear cache

...

Fixed in commit 38966b9. DeleteMerchandiseReturnAction was missing the cache clear call that DeleteMerchandiseReturnReason already had. Added await _cacheBase.RemoveByPrefix(CacheKey.MERCHANDISE_RETURN_ACTIONS_PATTERN_KEY) after deletion.

Copilot AI assigned Copilot and KrzysztofPajak May 17, 2026

Copilot created this pull request from a session on behalf of KrzysztofPajak May 17, 2026 14:19 View session

github-code-quality Bot found potential problems May 17, 2026

View reviewed changes

Comment thread src/Modules/Grand.Module.Migration/Migrations/2.4/MigrationUpdateAdminSiteMap.cs Fixed

Copilot started work on behalf of KrzysztofPajak May 17, 2026 15:06 View session

fix: move admin sitemap migration from version 2.5 to 2.4

f57c54d

Agent-Logs-Url: https://github.com/grandnode/grandnode2/sessions/25e0c368-068f-46b8-9ec9-e6ba9aeee5a4 Co-authored-by: KrzysztofPajak <16772986+KrzysztofPajak@users.noreply.github.com>

Copilot finished work on behalf of KrzysztofPajak May 17, 2026 15:08

Copilot AI requested a review from KrzysztofPajak May 17, 2026 15:08

github-code-quality Bot found potential problems May 17, 2026

View reviewed changes

Comment thread src/Modules/Grand.Module.Migration/Migrations/2.4/MigrationUpdateAdminSiteMap.cs Fixed

Potential fix for pull request finding 'Generic catch clause'

1d7b448

Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>

Copilot started work on behalf of KrzysztofPajak May 18, 2026 17:58 View session

feat: make merchandise return reasons and actions per-store

d8a2037

Agent-Logs-Url: https://github.com/grandnode/grandnode2/sessions/1bb61bfc-6900-4ff3-928d-0e52909309b9 Co-authored-by: KrzysztofPajak <16772986+KrzysztofPajak@users.noreply.github.com>

Copilot finished work on behalf of KrzysztofPajak May 18, 2026 18:16

KrzysztofPajak added 2 commits May 19, 2026 17:37

Add PermissionNames to Vendor settings menu item

7cd454c

Added a new `PermissionNames` property to the `StandardAdminSiteMap` class in `StandardAdminSiteMap.cs`. This property specifies required permissions for the "Vendor settings" menu item, enhancing access control.

Merge branch 'copilot/allow-store-owner-settings' of https://github.c…

8ad8344

…om/grandnode/grandnode2 into copilot/allow-store-owner-settings

Copilot started work on behalf of KrzysztofPajak May 19, 2026 16:07 View session

feat: add Stores selector to admin views and access control to store …

a36b145

…edit/delete Agent-Logs-Url: https://github.com/grandnode/grandnode2/sessions/72a91e28-9c24-4ec8-a1c3-31096706e27b Co-authored-by: KrzysztofPajak <16772986+KrzysztofPajak@users.noreply.github.com>

Copilot finished work on behalf of KrzysztofPajak May 19, 2026 16:13

Copilot started work on behalf of KrzysztofPajak May 19, 2026 16:18 View session

feat: filter admin merchandise return reason/action lists by selected…

fed6a1c

… store scope Agent-Logs-Url: https://github.com/grandnode/grandnode2/sessions/ea9c4855-f181-40ae-b3d4-f99c9c898926 Co-authored-by: KrzysztofPajak <16772986+KrzysztofPajak@users.noreply.github.com>

Copilot finished work on behalf of KrzysztofPajak May 19, 2026 16:23

Copilot started work on behalf of KrzysztofPajak May 19, 2026 16:24 View session

Copilot finished work on behalf of KrzysztofPajak May 19, 2026 16:33

Copilot started work on behalf of KrzysztofPajak May 19, 2026 18:33 View session

Copilot finished work on behalf of KrzysztofPajak May 19, 2026 18:36

Copilot started work on behalf of KrzysztofPajak May 19, 2026 18:54 View session

fix: preserve Stores/LimitedToStores on edit POST in Store area for r…

47ad1a2

…eturn reasons/actions Agent-Logs-Url: https://github.com/grandnode/grandnode2/sessions/3e7ecc0b-076a-45c1-a0b2-fcdd42203638 Co-authored-by: KrzysztofPajak <16772986+KrzysztofPajak@users.noreply.github.com>

Copilot finished work on behalf of KrzysztofPajak May 19, 2026 18:57

Copilot started work on behalf of KrzysztofPajak May 19, 2026 19:02 View session

fix: clear cache after DeleteMerchandiseReturnAction

38966b9

Agent-Logs-Url: https://github.com/grandnode/grandnode2/sessions/867feaba-6afe-4cab-a9be-09d8f705a90d Co-authored-by: KrzysztofPajak <16772986+KrzysztofPajak@users.noreply.github.com>

Copilot finished work on behalf of KrzysztofPajak May 19, 2026 19:04

Conversation

Copilot AI commented May 17, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

KrzysztofPajak commented May 17, 2026

Uh oh!

Copilot AI commented May 17, 2026

Uh oh!

Uh oh!

KrzysztofPajak commented May 18, 2026

Uh oh!

Copilot AI commented May 18, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

KrzysztofPajak commented May 19, 2026

Uh oh!

Copilot AI commented May 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

KrzysztofPajak commented May 19, 2026

Uh oh!

KrzysztofPajak commented May 19, 2026

Uh oh!

Copilot AI commented May 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

Copilot AI commented May 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

KrzysztofPajak commented May 19, 2026

Uh oh!

Copilot AI commented May 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

KrzysztofPajak commented May 19, 2026

Uh oh!

Copilot AI commented May 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

I tried to connect to the following addresses, but was blocked by firewall rules:

Uh oh!

KrzysztofPajak commented May 19, 2026

Uh oh!

Copilot AI commented May 19, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Copilot AI commented May 17, 2026 •

edited

Loading

Copilot AI commented May 18, 2026 •

edited

Loading

Copilot AI commented May 19, 2026 •

edited

Loading

Copilot AI commented May 19, 2026 •

edited

Loading

Copilot AI commented May 19, 2026 •

edited

Loading

Copilot AI commented May 19, 2026 •

edited

Loading

Copilot AI commented May 19, 2026 •

edited

Loading