After WC update, Shop Managers can only edit users with the Customer role

Thanks for this note.

Yes, this filter allows to add custom role to whitelist for shop manager. There is no problem with it.

Problem that a new default condition is applied at v. 3.4.6 not only to the users with ‘shop_manager’ role, but to the WordPress multisite superadmin users too.
current_user_can( 'shop_manager' )
always returns true for the superadmin under WordPress multisite.

Additional checking is required before check if user has ‘shop_manager’ role inside wc_modify_editable_roles():

if ( is_multisite() && is_super_admin() ) {
    return $roles;
}

and similar for the wc_modify_map_meta_cap(), as ‘current_user_can()’ does not provide a correct way to check if user has a ‘shop_manager’ role.
Also we need to take into account the note from WordPress Codex for this function:
“While checking against particular roles in place of a capability is supported in part, this practice is discouraged as it may produce unreliable results”.

May be check a role of a user this way:

$user = wp_get_current_user();
if ( in_array( 'shop_manager', $user->roles ) {
   ...
}

It will be better to see at the WooCommerce change log, not a short:
“Fix – Security issues”,
but more detailed description of the changes applied, like at the begin of your message: “Shop Managers can only edit users with the Customer role by default” in order users and developers will be ready, what to wait after update to the new version.

I had to briefly deactivate WC on the network, quickly edit my user and then reactivate WC. A bit annoying, but maybe less risky than manually downgrading until they patch it.

Hi @kelwoos,

I think I got the same problem as you had but I don’t quite understand how you resolved it.

I want shop managers to be able to add another role, let’s say “VIP Customer”, to some users. Now in the “grant roles” list I got only “Customer” role. How can I make this “VIP Customer” visible on that list?

Regards,
Marcin

• This reply was modified 6 years, 1 month ago by Mordimer_PN.

Hi @mordimer_pn,

you can take a code from @kelwoos message and replace ‘editor’ in

$roles[] = 'editor';

line with ID of your role. It may be looks like ‘vip_customer’. So code will be:

$roles[] = 'vip_customer';

The 2nd role will be available to shop_manager after that.

I’ve just read the post at WooCommerce development blog and now I understand everything ?? Works perfectly.

Thank you @shinephp!

Hi
Thanks for SoLUTION
I’ve a question about this action!
woocommerce_shop_manager_editable_roles

why i dont find this action in the woocommerce docs ?
where can I find it original with descriptions ?
tnx

Hi,

WooCommerce developers described woocommerce_shop_manager_editable_roles filter here.

Finally, the best documentation is a source code.

I used the following code in functions.php:

function myextension_shop_manager_role_edit_capabilities( $roles ) {
$roles[] = ‘stylisten’;
return $roles;
}
add_filter( ‘woocommerce_shop_manager_editable_roles’, ‘myextension_shop_manager_role_edit_capabilities’ );

Unfortunately, this isn’t working. If I log in as the Shop Manager, edit a person, I only can see: Role: “Customer”.

Role: stylisten is 100% active with the plugin.

@nhatimme,

Check if your code does not contain syntax errors. Your example above uses not correct single quotes.
Be sure that code is executed. For example, under WP multisite subsites may have different active themes.
Be sure that ‘stylisten’ is a role ID, not a role name, in case role has different values for these attributes, like name ‘Editor’ vs. ID ‘editor’.

How can I add multiple roles to this code?

I honestly could not get anything to work for Shop Managers. So, I simply created a new role (copy from Shop Manager) and moved all the SHop Managers to the new role. Problem solved.