I spent some time debugging this pile of garbage and here's what I found.
The admin order editing function calls the internal API behind the scenes. The API requires the client to be logged in (hence the session check in the permission snipped I linked to above).
The log in is done per page, that is, you don't log in to the API once and then use that session. Each admin page seems to be logging in separately:
Here's the relevant portion where it tries to log in to the API from the order_info page.
I debugged the browser requests sent from that page and I could see the
key variable was empty. I must've been passed empty like that from the sale/order.php controller. So I checked the relevant part in that controller too. Apparently, it checks the $api_info variable which, in it's turn, relies upon the config_api_id configuration. That value sits in your setting table and has to be set to 1:UPDATE `setting` SET `value`='1' WHERE `key`='config_api_id'
Once that's done, make sure your store has an API user created and configured to be in use. Create under Settings - Users - API. Enable under Settings - Settings - [your primary store] - Option - API User.
No comments:
Post a Comment