Merge pull request #80 from saucal/bugfix/shop-manager-permissions

Bugfix/shop manager permissions

Author: ksere

class-pinterest-for-woocommerce.php

@@ -195,8 +195,12 @@ private function init_hooks() {
 			add_action( 'init', array( $this, 'verification_rewrite' ) );
 			add_filter( 'query_vars', array( $this, 'verification_query_var' ), 10, 1 );
 			add_action( 'parse_request', array( $this, 'verification_request' ), 10, 1 );
+
+			// Allow access to our option through the REST API.
+			add_filter( 'woocommerce_rest_api_option_permissions', array( $this, 'add_option_permissions' ), 10, 1 );
 		}
 
+
 		/**
 		 * Init Pinterest_For_Woocommerce when WordPress Initialises.
 		 */
@@ -264,6 +268,21 @@ public function ajax_url() {
 		}
 
 
+		/**
+		 * Allow access to our option through the REST API for a user that can manage the store.
+		 * The UI relies on this option being available through the API.
+		 *
+		 * @param array $permissions The permissions array.
+		 *
+		 * @return array
+		 */
+		public function add_option_permissions( $permissions ) {
+
+			$permissions[ PINTEREST_FOR_WOOCOMMERCE_OPTION_NAME ] = current_user_can( 'manage_woocommerce' );
+			return $permissions;
+		}
+
+
 		/**
 		 * Return APP Settings
 		 *

includes/admin/class-pinterest-for-woocommerce-admin-settings-page.php

@@ -417,7 +417,7 @@ public function maybe_go_to_service_login_url() {
 				return;
 			}
 
-			if ( ! current_user_can( 'manage_options' ) ) {
+			if ( ! current_user_can( 'manage_woocommerce' ) ) {
 				wp_die( esc_html__( 'Cheatin’ huh?', 'pinterest-for-woocommerce' ) );
 				return false;
 			}

src/API/Advertisers.php

@@ -43,7 +43,7 @@ public function __construct() {
 	 * @return boolean
 	 */
 	public function permissions_check( WP_REST_Request $request ) {
-		return current_user_can( 'manage_options' );
+		return current_user_can( 'manage_woocommerce' );
 	}
 
 

src/API/DomainVerification.php

@@ -52,7 +52,7 @@ public function __construct() {
 	 * @return boolean
 	 */
 	public function permissions_check( WP_REST_Request $request ) {
-		return current_user_can( 'manage_options' );
+		return current_user_can( 'manage_woocommerce' );
 	}
 
 

src/API/FeedIssues.php

@@ -54,7 +54,7 @@ public function __construct() {
 	 * @return boolean
 	 */
 	public function permissions_check( WP_REST_Request $request ) {
-		return current_user_can( 'manage_options' );
+		return current_user_can( 'manage_woocommerce' );
 	}
 
 

src/API/FeedState.php

@@ -80,7 +80,7 @@ public function __construct() {
 	 * @return boolean
 	 */
 	public function permissions_check( WP_REST_Request $request ) {
-		return current_user_can( 'manage_options' );
+		return current_user_can( 'manage_woocommerce' );
 	}
 
 

src/API/Tags.php

@@ -43,7 +43,7 @@ public function __construct() {
 	 * @return boolean
 	 */
 	public function permissions_check( WP_REST_Request $request ) {
-		return current_user_can( 'manage_options' );
+		return current_user_can( 'manage_woocommerce' );
 	}
 
 

src/API/VendorAPI.php

@@ -104,25 +104,6 @@ public function register_routes() {
 	 * @return boolean
 	 */
 	public function permissions_check( WP_REST_Request $request ) {
-
-		return true;
-	}
-
-	/**
-	 * Return is user has permissions to edit option
-	 *
-	 * @param string          $option the option to check for permission.
-	 * @param WP_REST_Request $request The request.
-	 *
-	 * @return boolean
-	 */
-	public function user_has_option_permission( $option, $request ) {
-
-		$permissions = apply_filters( PINTEREST_FOR_WOOCOMMERCE_PREFIX . '_rest_api_option_permissions', array(), $option, $request );
-		if ( isset( $permissions[ $option ] ) ) {
-			return $permissions[ $option ];
-		}
-
-		return current_user_can( 'manage_options' );
+		return current_user_can( 'manage_woocommerce' );
 	}
 }