Issue with displaying orders

Vendors are getting “access denied” errors to orders if they only have order types of “suborder”.

In class.yith-vendors-admin.php, line 435 we have the following:

if( $post && 'shop_order' == $post->post_type ){
    $vendor_orders = $vendor->get_orders( 'all' );
    if( $is_seller && ! in_array( $post->ID, $vendor_orders ) ){
        wp_die( sprintf( __( 'You do not have permission to edit this order. %1$sClick here to view and edit your orders%2$s.', 'yith-woocommerce-product-vendors' ), '<a href="' . esc_url( 'edit.php?post_type=shop_order' ) . '">', '</a>' ) );
    }
}

Note the line:

$vendor_orders = $vendor->get_orders( 'all' );

Looking at the get_orders function (class.yith-vendor.php) I notice that the ‘all’ flag only checks the commission table for orders

$query = $wpdb->prepare ( "SELECT DISTINCT order_id FROM {$wpdb->commissions} WHERE vendor_id = %d", $this->id );

As we don’t have any commission orders in place, this means that suborders and quotes will never be allowed to be viewed by the vendors.

I’d recommend changing the ‘all’ query to something more appropriate so all orders are actually found. For now I’m changing the plugin core code to the below, but it’s definitely not ideal to be doing this…

if( $post && 'shop_order' == $post->post_type ){
     $vendor_orders = $vendor->get_orders( 'suborder' );

     if( $is_seller && ! in_array( $post->ID, $vendor_orders ) ){
        wp_die( sprintf( __( 'You do not have permission to edit this order. %1$sClick here to view and edit your orders%2$s.', 'yith-woocommerce-product-vendors' ), '<a href="' . esc_url( 'edit.php?post_type=shop_order' ) . '">', '</a>' ) );
     }
}

• This topic was modified 8 years, 2 months ago by Scott Bowler.