Allow Access To Shop Manager Fails to Load User Profile WholesaleX Section
-
Hello, granting the shop manager full access to WholesaleX fails when the shop manager is managing a user; the wholesalex section in user profile errors out with 403:
/wp-json/wholesalex/v1/profile_action?_locale=user
Status Code:v 403 Forbidden
{code: “rest_forbidden”, message: “Sorry, you are not allowed to do that.”, data: {status: 403}}If the shop manager is given full access, it also needs to allow managing the user’s wholesalex attributes.
-
By the way the immediate solution is to give shop_manager access to manage_options:
add_action('init', 'add_manage_options_to_shop_manager');
function add_manage_options_to_shop_manager() {
$role = get_role('shop_manager');
if ($role) {
$role->add_cap('manage_options');
}
}Scratch that, it gives too much access. Instead, adding current_user_can(‘edit_users’) to the rest api callback will fix this with little impact:
public function profile_restapi_callback() {
register_rest_route('wholesalex/v1','/profile_action/',array(
array(
'methods' => 'POST',
'callback' => array($this, 'profile_action_callback'),
'permission_callback' => function () {
return current_user_can('manage_options') || current_user_can('edit_users');
}, 'args' => array(),),));
}This is file class-wholesalex-profile.php in /public_html/wp-content/plugins/wholesalex/includes/menu/ line 68 or so
- You must be logged in to reply to this topic.
