CS-Cart GroupLock
User Group Visibility Control
CS-Cart's user group system handles categories, products, and pages — but stops short on menus, and gives you no control over what happens when the wrong user hits a restricted URL. GroupLock closes both gaps without touching a single core file.
01 What it does
GroupLock works directly on top of CS-Cart's native user group system — no new concepts, no parallel infrastructure. The same user groups you already manage in Customers → User groups are now enforced everywhere.
top_menu_form_post hook.02 What GroupLock adds vs. CS-Cart core
CS-Cart's native user group system is solid for catalog visibility. GroupLock makes it complete.
| Feature | CS-Cart Core | With GroupLock |
|---|---|---|
| Category visibility by user group | ✓ Native | ✓ + configurable fallback |
| Product visibility by user group | ✓ Native | ✓ + configurable fallback |
| CMS page visibility by user group | ✓ Native | ✓ + configurable fallback |
| Menu item visibility by user group | ✗ Not supported | ✓ Full control |
| Guest → sign-in redirect on restricted URL | ✓ Native | ✓ |
| Registered user, wrong group → outcome | ✗ Silent 404 | ✓ Configurable |
| Custom access-denied message | ✗ Not supported | ✓ Per rule |
| Multiple user groups per rule | ✗ Not supported | ✓ Per rule |
| No core file modifications | — | ✓ Hook-based only |
03 Requirements
| Requirement | Value | Notes |
|---|---|---|
| CS-Cart core version | 4.x | Tested on CS-Cart 4.13.1 through 4.20.x |
| Supported editions | CS-Cart, Ultimate, Multi-Vendor | Works identically on all editions |
| User groups | Existing groups required | Create groups first at Customers → User groups before adding rules |
| Database | MySQL / MariaDB | Creates two lightweight tables: ?:gl_rules and ?:gl_rule_groups |
| Core file edits | None | Hook-based only — upgrade-safe |
04 Installation
Purchase and download
Get GroupLock from the CS-Cart Marketplace and download the .zip archive.
Install via Admin Panel
Go to Add-ons → Manage Add-ons → +, select the downloaded .zip and click Upload & Install. GroupLock creates its two database tables automatically.
Verify user groups exist
Navigate to Customers → User groups and confirm the groups you want to use in rules are active. GroupLock cannot create groups — it uses your existing ones.
Configure default fallback
Go to Add-ons → Manage Add-ons → GroupLock → Settings and set your store-wide default fallback behavior. Individual rules can override this per item.
Add your first rule
Navigate to Website → GroupLock and click Add rule. Select the item type, the specific item, the allowed user groups, and the fallback. Save — the rule takes effect immediately on the next page render.
05 Settings
All settings at Add-ons → Manage Add-ons → GroupLock → Settings.
| Setting | Default | Description |
|---|---|---|
| Default fallback behavior | Hide | What happens when a user outside the allowed groups accesses a restricted item. Applied to all rules unless the rule sets its own fallback. Options: Hide, Redirect to sign-in, Show custom message. |
| Custom access-denied message | This content is restricted to specific user groups. | The message shown when a rule's fallback is set to "Show custom message". Supports plain text. |
| Protect category URLs | Yes | Enforce GroupLock rules when a restricted category URL is accessed directly — not just in listings. |
| Protect product URLs | Yes | Enforce GroupLock rules when a restricted product URL is accessed directly. |
06 Managing rules
Navigate to Website → GroupLock to view and manage all visibility rules. Each rule defines:
| Field | Description |
|---|---|
| Item type | What the rule applies to: Navigation menu item, Category, Product, or CMS page. |
| Item | The specific menu item, category, product, or page. Selected via CS-Cart's native pickers for categories and products; dropdown for menu items. |
| Allowed user groups | One or more user groups that are permitted to see this item. Users in at least one of the selected groups get access. Everyone else hits the fallback. |
| Fallback for other users | What to do when a user outside the allowed groups encounters this item. Overrides the default setting per rule. |
| Status | Active or Disabled. Disabled rules are ignored — useful for testing without deleting. |
07 Fallback behavior
When a user outside the allowed groups encounters a restricted item, GroupLock applies one of three fallback actions — configurable per rule, with a store-wide default.
08 Rule types
GroupLock supports four item types. Each is handled at the appropriate CS-Cart hook point.
top_menu_form_post hook before menu render. CS-Cart has no native group support for menus — this is GroupLock's most unique feature. Identify items by selecting from the menu dropdown in the rule form.get_categories hook — restricted categories are excluded at SQL level with a NOT IN condition. Direct URL access is also blocked when Protect category URLs is enabled.get_products hook — restricted products are excluded at SQL level. Direct URL access blocked when Protect product URLs is enabled. Works alongside CS-Cart's native product user group filtering.NOT IN (?n) conditions directly into CS-Cart's SQL queries — restrictions are enforced at the database level, not filtered in PHP after retrieval. There is no performance overhead proportional to catalog size.09 Multi-Vendor support
GroupLock works identically on CS-Cart Multi-Vendor. The storefront controllers are the same, the user group system is the same, and the same gaps exist across all vendor storefronts.
| Aspect | Details |
|---|---|
| Menu visibility | Menu rules apply across all vendor storefronts without additional configuration. |
| Category / product rules | Rules are scoped by company_id internally. A rule set for the root store does not bleed into vendor storefronts. |
| Vendor-type user groups | Vendor privilege user groups (used for backend vendor panel access) are separate from customer-facing groups and are not affected by GroupLock rules. |
| Admin access | GroupLock is managed from the root admin panel. Vendors do not have access to GroupLock rule management. |
10 Use cases
B2B and wholesale stores
Registered wholesalers sign in and see pricing, products, and navigation sections that guests never reach. Create rules that hide your wholesale catalog categories from guests and redirect non-wholesale registered users to a sign-in or contact page. The menu reflects their group from the moment they sign in — no extra logic, no theme hacks.
How to hide a CS-Cart menu item for guests
Go to Website → GroupLock → Add rule. Set Item type to Navigation menu item, select the menu and item from the dropdown, select your registered customer group(s) as the allowed groups, set Fallback to Hide. Save. Guests will no longer see the menu item — registered users in the allowed groups see it normally.
How to redirect guests to sign-in on restricted categories
Add a rule with Item type Category, select the category, set the allowed groups to your registered/wholesale group, and set Fallback to Redirect to sign-in. Enable Protect category URLs in settings. Guests who browse to the category URL are redirected to the CS-Cart sign-in page automatically.
Tiered customer access (VIP, Standard, Guest)
Create rules that show exclusive categories and products only to your VIP Members group, standard catalog to all registered users, and a public subset to guests. Each group gets a clean, relevant storefront — not a storefront full of 404s and dead links. Use the "Show custom message" fallback on VIP pages so registered non-VIP users understand why content is restricted.
Member-only or private catalogs
Apply GroupLock rules to all catalog categories with the allowed group set to your registered customer group. Guests hitting any product or category URL are redirected to sign in. Registered users in the wrong group see the custom message. The rule map is cached per request — no repeated database queries per page.
Ready to take control of your storefront visibility?
Get GroupLock on the CS-Cart Marketplace — hook-based, no core edits, live immediately.
11 FAQ
Does CS-Cart support user group visibility for navigation menus natively? ▼
top_menu_form_post hook, which fires before the menu is rendered.What happens to a registered user in the wrong group when they hit a restricted URL? ▼
Can one rule apply to multiple user groups? ▼
Does GroupLock modify CS-Cart core files? ▼
top_menu_form_post, get_categories, and get_products. No core files are modified. It is upgrade-safe by design.Are restrictions enforced at the URL level or just in listings? ▼
NOT IN conditions. When Protect category URLs and Protect product URLs are enabled, direct URL access is also blocked — the fallback applies there too.Does GroupLock work with CS-Cart Multi-Vendor? ▼
Do I need to flush the CS-Cart cache after saving a rule? ▼
What happens if I uninstall GroupLock? ▼
?:gl_rules and ?:gl_rule_groups) and all stored rules. The storefront returns to default CS-Cart behavior — no residual effect on menus, categories, or products.