ast_open_inline_tracking_form_fun permission hook

  • In some AST methods, the user needs “manage_woocommerce” permission in order to add tracking to a shipment.

    This is WAY overkill as there is a permission for “edit_shop_orders”. We shouldn’t need to grant such broad ranging permission to add tracking to orders.

    Please change the permissions need to add shipping to orders to “edit_shop_orders” or provide a filter for changing the permission needed.

    Line 490 of /wp-content/plugins/woo-advanced-shipment-tracking/includes/class-wc-advanced-shipment-tracking-settings.php

    if ( ! current_user_can( ‘edit_shop_orders’ ) ) {
    exit( ‘You are not allowed’ );
    }

    or change current_user_can calls to use a filter/method that implements a filter

    Thank you

    • This topic was modified 1 year, 1 month ago by midwestE.
Viewing 12 replies - 1 through 12 (of 12 total)
  • Plugin Author gaurav1092

    (@gaurav1092)

    Hi @edouble74,

    Okay, we will add the ‘manage_woocommerce’ permission through the filter in the next version of the plugin.

    Thanks

    Thread Starter midwestE

    (@edouble74)

    Very much appreciate it, thank you so much for understanding our needs

    Thread Starter midwestE

    (@edouble74)

    I know a release has not been made yet, but do you have a name for the filter yet, so i can implement it in advance? Currently, I have the source edited and I hate to do that

    Plugin Author gaurav1092

    (@gaurav1092)

    No, right now we don’t have a name of the filter. We will update you once we release the plugin.

    Thread Starter midwestE

    (@edouble74)

    Just a bump here, I got the most recent version and don’t see any filter available on line 492

    Plugin Author gaurav1092

    (@gaurav1092)

    Hi @edouble74,

    Regarding the filter you mentioned on line 492, we want to clarify that it was not included in the latest version of the plugin. We did explore adding this hook, but due to some technical challenges, it was not implemented as it didn’t work as intended.

    Thanks

    Thread Starter midwestE

    (@edouble74)

    public function ast_open_inline_tracking_form_fun() {

$permission = apply_filters('ast_open_inline_tracking_form_permission', 'manage_woocommerce');
if ( ! current_user_can( $permission ) ) {
  exit( 'You are not allowed' );
}

    This is all that is needed

    Would allow us to use 

    
add_filter('ast_open_inline_tracking_form_permission', function ($permission) {
    return 'edit_shop_orders';
});
    Thread Starter midwestE

    (@edouble74)

    Any follow up here? Maybe I’m missing something but it’s a pretty straightforward. Thank you!

    Thread Starter midwestE

    (@edouble74)

    Still hoping to get this hook added

    Thread Starter midwestE

    (@edouble74)

    Any progress here, just one small line of code ??

    Plugin Author gaurav1092

    (@gaurav1092)

    @edouble74 We attempted to add the filter in the “ast_open_inline_tracking_form_fun” function, but it didn’t work due to the file loading priority. However, we will include the filter in the next version of the plugin.

    Best regards,
    Gaurav

    Thread Starter midwestE

    (@edouble74)

    @gaurav1092 very much appreciate that!

Viewing 12 replies - 1 through 12 (of 12 total)
  • You must be logged in to reply to this topic.