Hi, thanks for the in-depth articles on medusa and especially on the marketplace topic, it's really something that other people, like me, are missing to solve business problems.

I played around with the installation and configuration for a while, but I saw some problems. I'm not very strong in this area and headless systems development, so I apologize in advance if the questions are silly:

For example, a user can still modify other stores products via localhost:9000/admin/products/:id
I did use Permission Guard, but apparently it doesn't work for me

Also, a more global issue is that in general the system was originally designed for one store, so as far as I understand there are still a lot of things that need to be changed manually (eg discounts, where the discount is created one store, but can be used in all and so on)

Not very advanced developers like me quite difficult to rewrite ready-made solutions, and most importantly not secure

Are there plans for further development of the plugin in the direction of a complete and ready-made solution, or this is just a demonstration of medusa and medusa-extender capabilities?

Thank you!

Hello @JustDenP , thank you for using this plugin and following along with the tutorial.

The tutorial serves as a starting point of how to create a marketplace. Currently, it's possible to create multiple stores with each of them having their own orders, products, and users.

If you want to link discounts and other entities to a store, then you simply need to add store_id to that entity and do a similar work that has been done for products and users.

As for the permission guard, can you please share with me the code snippet please and what permissions you've added in the database?

Regarding further development, unfortunately I think we will not be working on further development for the plugin. We might open the plugin for community contributions. The plugin was being used just as a code base for the tutorial series which we are stopping here.

Hey @JustDenP from a security point of view, along the permissions that allow the access to some paths, you can create custom guards that can check that the loggedInUser store_id is the same as the one on the resources that the users want to access and return a 401 if it isn't true or continue if it is.

Basically, with the tutorial and the code you have all the bricks you need to understand how to manipulate and control medusa to build your own specific system 🙌