Vulnerability in EPiServer.Forms
This is regarding the new Promotion system.We have a lot of processes (Changing lineitems in Commerce Manager, Exchanges, Returns etc) that can manipulate an order after it has been placed (i.e. has become a PurchaseOrder). This means that we have to rerun the Promotion Engine and "recalculate" the promotions that should be applied to that PurchaseOrder. We've run in to some issues with these types of PurchaseOrder changes, some examples:* Date-restrictions are based on DateTime.Now instead of when the order was placed. (we've solved this, but it isn't pretty)* VisitorGroup-restrictions are based on the IPrincipal that is stored in HttpContext.User. This means that when we modify the order from, for example, the Commerce Manager or a web request these never get applied because they get filtered out.There's probably other scenarios that we haven't encountered yet.
Are there any plans on enabling us to use PurchaseOrder data to apply discounts instead of contextual data?