This is a major issue that I want to point out (again) and that needs all of the possible attention RN.
I also link this https://github.com/Shopify/shopify-cli/issues/1412
as it describes the issue pretty well.
We are a Shopify development agency. We build themes for our clients. We switched to the ne CLI from Themekit and we find ourselves in a very bad spot. As Dev. agency we are "collaborators" in all our client's stores. "Collaborators" with full permissions (available). And that is something we did following Shopify instructions on transforming staff accounts in Collaborators as this allows multiple access to our developers instead of personal accounts while also freeing up some spots for staff members to our clients Shopify stores.
Now > if we try to do anything via Shopify CLI > eg- Shopify theme serve, we only have
✗ You are not authorized to edit themes on STOREURL
Make sure you are a user of that store, and allowed to edit themes."
The only solution appears to have a staff account but we can't create a staff account for every dev in our agency for every store we work with.
If you can have collabs logout of everything and back in, or an outright clean environment. The auth system is super weird with org-accounts,org-staff-accounts, regular-accounts. There's also blurb buried in the app-cli-theme getting-stared docs about org-staff accounts not being useable at all.
The standard will probably become only use shopify development tools in a Virtual machine that is unique for each job /s.
Dear Paul, thank you for taking the time to reply. We did this and it somehow worked.. It is actually also working the switch between stores I just wonder for how long.
Everything you said and pointed out in the next response is spot on. And overall I also agree on the fact that there is a lack of support / attention on the cli/dev related topics.
Will try to do as you said via plus merchants..
Collaborator accounts consistently get handled as an afterthought when features get created; which is ironically hilarious when they are the target demographic for things like tooling and create a ecosystem backbone.
authenication issues, theme inspector , app-cli, metafield definitions(requires settings access) ,etc .
The app-cli is sloppy and lacks decent feedback in combination with shopify's auth systems. Instead of communicating known issues upfront as part of the setup in the cli by pinging apis for 401's. It makes for confusing mess of can-I-or-can-I-not just start working on the task at hand or will my day be spent yak-shaving.
What kind of tool lets you "login" then only tells you after the fact of errors after you try to do actions you have permissions for by all reason. Yes yes authentication is different from authorization but this is completely different from general cli utilities as the actions were are trying to do are core to that tool's existence.
More annoying when those errors giving no actionable context, and the only resource that talks about those errors has many many unresolved tickets about it, so many it be a job in itself to list them.
Even with glacier releases like granular permissions, or the themekit-access app , shopify is planets away from a anything resembling a 1st class development experience.
You'll get little traction here. After the holidays you'd prolly just want to put the following on blast because it is pretty ridiculous for this to be a norm for the development ecosystem:
Through your plus merchants tell their MSM's
If your in the partners-slack put up a poll at primetime about the app-cli & 2nd class nature of collaborators to other partners/agencies and ping some relevant staff.