Users can order inactive catalog items.
The catalog item will be visible only if the logged in user has a 'catalog_admin' role.
For any user without the catalog_admin role, it will display the 'You are either not authorized or the cart item is invalid' error message.
Steps to Reproduce
- Log into any Jakarta/Kingston Instance.
- Open Any catalog Item.
- Click on try it button.
- Instead of ordering the catalog item, create a bookmark in the browser.
- Close all the open windows in the browser.
- Click on the bookmark recently created and place an order for the catalog item.
- The RITM will be successfully generated.
- Go back to the catalog item and make it inactive (by unchecking the Active field).
- Again, click on the bookmark recently created and place an order for the catalog item.
- The RITM will be successfully generated even though the catalog item was inactive.
In the example, We are taking 'Apple iPad 3' Catalog item.
As 'Beth Anglin' User is having 'catalog_admin' role, she is able to order catalog item.
As 'Abraham Lincoln' User is not having 'catalog_admin' role, he is getting 'You are either not authorized or the cart item is invalid' error message.
The user who is having the 'catalog_admin' role can test and work on any inactive catalog item as well. This is an Expected behaviour by design.