INSERT INTO BLC_CLIENT_REDIRECT_URIS (ID, REDIRECT_URI) VALUES ('MY_CLIENT_ID', 'https://www.my-storefront.com/my-account/quotes');
- v1.0.0-latest-prod
In Broadleaf, managing Quotes as a Seller requires adding permissions to a CSR admin user. This provides distinct abilities to publish Quotes so that they can be checked out by Customers or to reject requests for Quotes from Customers. Sellers like normal CSRs enter the storefront using the impersonation flow. However, they do not actually impersonate customers or guests when entering the storefront: They act as themselves to perform Seller-specific operations like reviewing requests for quotes and publishing approved versions of them for Customers to check out with.
To make an admin a Seller (a CSR who can manage Quotes), the following permissions should be assigned:
ALL_CSR
ALL_IMPERSONATE
ALL_PUBLISH_QUOTE - Grants a CSR more privileged access against quotes compared to normal CSRs.
For example, publishing a quote or rejecting a quote request.
Before actually starting the Seller flow, the Authorized Client for the Application accepting quotes must be configured to allow redirecting from the Admin to the Storefront as all redirections like this must be validated by the Auth service.
To set up the allowed redirects, go to:
"Authorization Servers" under "Security" in the sidebar (/authorization-servers)
Select the Authorization Server for the Application or Tenant if multiple are grouped (i.e., they share customers)
Go to the "Authorized Clients" tab
Edit the Authorized Client for the Storefront Application
Expand the "Advanced" section
In the list for "Post Authentication Success Redirect Uris", sdd the full URI for the Quotes management view in the storefront, e.g., https://www.my-storefront.com/my-account/quotes
Submit
INSERT INTO BLC_CLIENT_REDIRECT_URIS (ID, REDIRECT_URI) VALUES ('MY_CLIENT_ID', 'https://www.my-storefront.com/my-account/quotes');After the Auth setup is complete, an Admin can now enter the storefront as a Seller.
In this flow, the admin enters an impersonation session but acts as themselves not as a customer—the customer_id and related claims will not be set.
A parameter, impersonate_self=true, is used to indicate that the admin is "impersonating" themselves.
|
Tip
|
See Impersonation for more details on AuthenticationService’s impersonation flow |
Out of box, this flow can be entered in the Admin UI by:
Navigating to an Application
Selecting "Quotes" under "Commerce" in the sidebar (/quotes)
Highlighting a submitted Quote request
Clicking on the view on storefront icon on the right of the row
At this point, the admin should be redirected to the storefront and able to view requested and in-review Quotes.
Once in the storefront, the Seller now has the ability to manage requested and in-review Quotes. The operations included are:
Assigning the Quote to themselves as the reviewer
Adding and viewing notes
Notes can be marked as internal-only
Modifying the contents of the Quote
Modifying the prices of Quote items
If the Customer added a shipping address, modifying the fulfillment price
Publishing a Quote
This makes it ready to be checkout-out with
May include an expiration date, e.g., mark the Quote offer as good until some date
Rejecting a requested Quote with a reason
|
Tip
|
See Quote Status Transitions for more details on each quote status in CartOperationService |