woocommerce / woocommerce

A customizable, open-source ecommerce platform built on WordPress. Build any commerce solution you can imagine.
https://woocommerce.com
9.41k stars 10.76k forks source link

No "Read_categories" capability exists #36558

Closed FireRedDev closed 1 year ago

FireRedDev commented 1 year ago

Prerequisites

Describe the bug

Hello! I have created a custom user role that should only be able to view reports. It has the permissions: read, read_product,view_admin_dashboard,view_woocommerce_reports This works, but causes the reports to be very limited. I already added read_product so that the user can see info on the the performance of a product, but the tabs of statistics by product categories and in general the product categories dont load, or as a more detailed explanation load the total by category but not its name (so just bunch of useless numbers). I guess this is because the user lacks the permission to read them, however i want the user to only be able to view them, not edit them like with edit_categories. Using this user, i also cant use the search function to filter products by product name (causes an error), but can view all the products and their statistics. I was unsure whether this constitutes a bug or feature request.

EDIT/Update: even when adding edit,manage and assign_categories capabilities it doesnt load the categories, the request for loading them in analytics just returns woocommerce_rest_cannot_view 403

Expected behavior

i can add a read_categories capability and the user can view reports/analytics with categories and filter with them

Actual behavior

either unending loading circles, failed requests due to permissions or just in general a page-wide error when trying to load the categories tab in analytics

Steps to reproduce

create a custom user role that should only be able to view reports. It has the permissions: read, read_product,view_admin_dashboard,view_woocommerce_reports click on analytics-categories

WordPress Environment

`

WordPress Environment

WC Version: 7.2.2 REST API Version: ✔ 7.2.2 WC Blocks Version: ✔ 8.9.2 Action Scheduler Version: ✔ 3.4.0 Log Directory Writable: ✔ WP Version: ❌ 6.0.3 - Es ist eine neuere Version von WordPress verfügbar (6.1.1) WP Multisite: – WP Memory Limit: 512 MB WP Debug Mode: – WP Cron: ✔ Language: de_DE External object cache: –

Server Environment

Server Info: Apache/2.4.54 (Unix) OpenSSL/3.0.2 PHP Version: 7.4.33 PHP Post Max Size: 10 MB PHP Time Limit: 120 PHP Max Input Vars: 1000 cURL Version: 7.81.0 OpenSSL/3.0.2

SUHOSIN Installed: – MySQL Version: 5.5.5-10.6.11-MariaDB-1:10.6.11+maria~ubu2204 Max Upload Size: 2 MB Default Timezone is UTC: ✔ fsockopen/cURL: ✔ SoapClient: ✔ DOMDocument: ✔ GZip: ✔ Multibyte String: ✔ Remote Post: ✔ Remote Get: ✔

Database

WC Database Version: 7.2.2 WC Database Prefix: wp_ Datenbank-Gesamtgröße: 397.08MB Datenbank-Datengröße: 244.49MB Datenbank-Indexgröße: 152.59MB wp_woocommerce_sessions: Daten: 5.02MB + Index: 0.08MB + Engine InnoDB wp_woocommerce_api_keys: Daten: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_attribute_taxonomies: Daten: 0.02MB + Index: 0.02MB + Engine InnoDB wp_woocommerce_downloadable_product_permissions: Daten: 0.02MB + Index: 0.06MB + Engine InnoDB wp_woocommerce_order_items: Daten: 2.52MB + Index: 1.52MB + Engine InnoDB wp_woocommerce_order_itemmeta: Daten: 41.58MB + Index: 21.06MB + Engine InnoDB wp_woocommerce_tax_rates: Daten: 0.02MB + Index: 0.06MB + Engine InnoDB wp_woocommerce_tax_rate_locations: Daten: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_shipping_zones: Daten: 0.02MB + Index: 0.00MB + Engine InnoDB wp_woocommerce_shipping_zone_locations: Daten: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_shipping_zone_methods: Daten: 0.02MB + Index: 0.00MB + Engine InnoDB wp_woocommerce_payment_tokens: Daten: 0.02MB + Index: 0.02MB + Engine InnoDB wp_woocommerce_payment_tokenmeta: Daten: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_log: Daten: 0.02MB + Index: 0.02MB + Engine InnoDB wp_actionscheduler_actions: Daten: 1.05MB + Index: 0.52MB + Engine InnoDB wp_actionscheduler_claims: Daten: 0.02MB + Index: 0.02MB + Engine InnoDB wp_actionscheduler_groups: Daten: 0.02MB + Index: 0.02MB + Engine InnoDB wp_actionscheduler_logs: Daten: 1.03MB + Index: 1.13MB + Engine InnoDB wp_asre_sales_report: Daten: 0.02MB + Index: 0.00MB + Engine InnoDB wp_commentmeta: Daten: 0.02MB + Index: 0.03MB + Engine InnoDB wp_comments: Daten: 5.52MB + Index: 7.02MB + Engine InnoDB wp_e_events: Daten: 0.02MB + Index: 0.02MB + Engine InnoDB wp_e_notes: Daten: 0.02MB + Index: 0.17MB + Engine InnoDB wp_e_notes_users_relations: Daten: 0.02MB + Index: 0.05MB + Engine InnoDB wp_e_submissions: Daten: 0.02MB + Index: 0.27MB + Engine InnoDB wp_e_submissions_actions_log: Daten: 0.02MB + Index: 0.11MB + Engine InnoDB wp_e_submissions_values: Daten: 0.08MB + Index: 0.03MB + Engine InnoDB wp_gdpr_consent: Daten: 2.52MB + Index: 0.00MB + Engine InnoDB wp_gdpr_userlogs: Daten: 0.08MB + Index: 0.00MB + Engine InnoDB wp_jet_post_types: Daten: 0.02MB + Index: 0.00MB + Engine InnoDB wp_jet_taxonomies: Daten: 0.02MB + Index: 0.00MB + Engine InnoDB wp_links: Daten: 0.02MB + Index: 0.02MB + Engine InnoDB wp_ms_snippets: Daten: 0.02MB + Index: 0.00MB + Engine InnoDB wp_options: Daten: 10.06MB + Index: 0.39MB + Engine InnoDB wp_podsrel: Daten: 0.02MB + Index: 0.06MB + Engine InnoDB wp_postmeta: Daten: 73.58MB + Index: 47.16MB + Engine InnoDB wp_posts: Daten: 9.52MB + Index: 3.72MB + Engine InnoDB wp_snippets: Daten: 0.02MB + Index: 0.03MB + Engine InnoDB wp_statistics_visit: Daten: 0.02MB + Index: 0.02MB + Engine InnoDB wp_statistics_visitor_relationships: Daten: 0.02MB + Index: 0.03MB + Engine InnoDB wp_storeabill_documentmeta: Daten: 24.56MB + Index: 22.06MB + Engine InnoDB wp_storeabill_documents: Daten: 2.52MB + Index: 1.08MB + Engine InnoDB wp_storeabill_document_itemmeta: Daten: 34.56MB + Index: 24.06MB + Engine InnoDB wp_storeabill_document_items: Daten: 3.52MB + Index: 4.55MB + Engine InnoDB wp_storeabill_document_noticemeta: Daten: 0.02MB + Index: 0.03MB + Engine InnoDB wp_storeabill_document_notices: Daten: 2.52MB + Index: 1.52MB + Engine InnoDB wp_storeabill_journals: Daten: 0.02MB + Index: 0.02MB + Engine InnoDB wp_termmeta: Daten: 0.06MB + Index: 0.03MB + Engine InnoDB wp_terms: Daten: 0.05MB + Index: 0.03MB + Engine InnoDB wp_term_relationships: Daten: 0.23MB + Index: 0.17MB + Engine InnoDB wp_term_taxonomy: Daten: 0.05MB + Index: 0.03MB + Engine InnoDB wp_tm_taskmeta: Daten: 0.02MB + Index: 0.03MB + Engine InnoDB wp_tm_tasks: Daten: 0.02MB + Index: 0.02MB + Engine InnoDB wp_usermeta: Daten: 0.06MB + Index: 0.03MB + Engine InnoDB wp_users: Daten: 0.02MB + Index: 0.05MB + Engine InnoDB wp_wcpdf_credit_note_number: Daten: 0.02MB + Index: 0.00MB + Engine InnoDB wp_wcpdf_invoice_number: Daten: 0.06MB + Index: 0.00MB + Engine InnoDB wp_wcpdf_packing_slip_number: Daten: 0.06MB + Index: 0.00MB + Engine InnoDB wp_wc_admin_notes: Daten: 0.08MB + Index: 0.00MB + Engine InnoDB wp_wc_admin_note_actions: Daten: 0.06MB + Index: 0.02MB + Engine InnoDB wp_wc_category_lookup: Daten: 0.02MB + Index: 0.00MB + Engine InnoDB wp_wc_customer_lookup: Daten: 0.28MB + Index: 0.22MB + Engine InnoDB wp_wc_download_log: Daten: 0.02MB + Index: 0.03MB + Engine InnoDB wp_wc_order_coupon_lookup: Daten: 0.02MB + Index: 0.03MB + Engine InnoDB wp_wc_order_product_lookup: Daten: 1.52MB + Index: 1.34MB + Engine InnoDB wp_wc_order_stats: Daten: 1.52MB + Index: 0.66MB + Engine InnoDB wp_wc_order_tax_lookup: Daten: 0.36MB + Index: 0.30MB + Engine InnoDB wp_wc_product_attributes_lookup: Daten: 0.45MB + Index: 1.47MB + Engine InnoDB wp_wc_product_download_directories: Daten: 0.02MB + Index: 0.02MB + Engine InnoDB wp_wc_product_meta_lookup: Daten: 0.17MB + Index: 0.34MB + Engine InnoDB wp_wc_rate_limits: Daten: 0.02MB + Index: 0.02MB + Engine InnoDB wp_wc_reserved_stock: Daten: 0.02MB + Index: 0.00MB + Engine InnoDB wp_wc_tax_rate_classes: Daten: 0.02MB + Index: 0.02MB + Engine InnoDB wp_wc_webhooks: Daten: 0.02MB + Index: 0.02MB + Engine InnoDB wp_woocommerce_gzd_dhl_im_products: Daten: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_gzd_dhl_im_product_services: Daten: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_gzd_dhl_labelmeta: Daten: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_gzd_dhl_labels: Daten: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_gzd_packaging: Daten: 0.02MB + Index: 0.00MB + Engine InnoDB wp_woocommerce_gzd_packagingmeta: Daten: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_gzd_shipmentmeta: Daten: 8.52MB + Index: 5.03MB + Engine InnoDB wp_woocommerce_gzd_shipments: Daten: 2.52MB + Index: 0.75MB + Engine InnoDB wp_woocommerce_gzd_shipment_itemmeta: Daten: 5.52MB + Index: 3.03MB + Engine InnoDB wp_woocommerce_gzd_shipment_items: Daten: 1.52MB + Index: 1.52MB + Engine InnoDB wp_woocommerce_gzd_shipment_labelmeta: Daten: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_gzd_shipment_labels: Daten: 0.02MB + Index: 0.03MB + Engine InnoDB wp_woocommerce_gzd_shipping_provider: Daten: 0.02MB + Index: 0.02MB + Engine InnoDB wp_woocommerce_gzd_shipping_providermeta: Daten: 0.02MB + Index: 0.03MB + Engine InnoDB wp_wpforms_tasks_meta: Daten: 0.02MB + Index: 0.00MB + Engine InnoDB wp_wpmailsmtp_debug_events: Daten: 0.06MB + Index: 0.00MB + Engine InnoDB wp_wpmailsmtp_tasks_meta: Daten: 0.02MB + Index: 0.00MB + Engine InnoDB wp_wpvivid_options: Daten: 0.02MB + Index: 0.02MB + Engine InnoDB

Post Type Counts

_pods_field: 11 _pods_pod: 2 attachment: 2326 br_sale_report: 3 cool_timeline: 1 custom_css: 1 document_template: 4 elementor_library: 548 jet-engine: 1 modula-gallery: 1 nav_menu_item: 70 oceanwp_library: 1 organisation: 2 page: 35 post: 1 product: 336 product_variation: 798 revision: 503 schule: 73 shop_coupon: 3 shop_order: 10475 shop_order_refund: 194 wp_global_styles: 1 wpforms: 1 wppb-roles-editor: 9

Security

Secure connection (HTTPS): ✔ Hide errors from visitors: ✔

Active Plugins (33)

The SEO Framework: von Das SEO Framework Team – 4.2.7.1 Borlabs Font Blocker: von Borlabs GmbH – 1.0.5 Code Snippets: von Code Snippets Pro – 3.2.2 DynamicConditions: von RTO GmbH – 1.6.0 Ele Custom Skin: von Dudaster.com – 3.1.7 Elementor Pro: von Elementor.com – 3.10.2 Elementor: von Elementor.com – 3.10.1 The GDPR Framework: von Data443 – 2.0.4 Modula: von WPChill – 2.7.1 Ocean Custom Sidebar: von OceanWP – 1.0.9 Ocean Extra: von OceanWP – 2.1.1 Ocean Product Sharing: von OceanWP – 2.0.4 Ocean Social Sharing: von OceanWP – 2.0.2 Ocean Stick Anything: von OceanWP – 2.0.4 One Stop Shop für WooCommerce: von vendidero – 1.3.4 Pods - Custom Content Types and Fields: von Pods Framework Team – 2.9.11 Product Input Fields for WooCommerce: von Tyche Softwares – 1.4.0 Profile Builder: von Cozmoslabs – 3.8.8 reSmush.it Image Optimizer: von reSmush.it – 0.4.11 Send email to customer on cancelled order in WooCommerce: von Laura Díaz – 1.1 WooCommerce - Show only lowest prices in variable products: von Fernando Tellado – 1.0.2 UpdraftPlus – Sichern/Wiederherstellen: von UpdraftPlus.Com DavidAnderson – 1.22.24

vendidero Helper: von vendidero – 2.1.6 Sales Report Email for WooCommerce: von zorem – 2.8 Advanced Order Export For WooCommerce: von AlgolPlus – 3.3.3 WooCommerce Checkout Manager: von QuadLayers – 6.4.1 WooCommerce Stripe-Gateway: von WooCommerce – 7.0.2 Germanized für WooCommerce Pro: von vendidero – 3.6.3 Germanized für WooCommerce: von vendidero – 3.11.3 WooCommerce PayPal Payments: von WooCommerce – 2.0.1 WooCommerce: von Automattic – 7.2.2 (Update auf Version 7.3.0 ist verfügbar) WP Mail SMTP: von WPForms – 3.7.0 WPForms Lite: von WPForms – 1.7.9.1

Inactive Plugins (2)

Enable Media Replace: von ShortPixel – 4.0.2 Slim Maintenance Mode: von Johannes Ries – 1.4.3

Dropin Plugins (1)

maintenance.php: maintenance.php

Settings

API Enabled: – Force SSL: – Currency: EUR (€) Currency Position: right_space Thousand Separator: . Decimal Separator: , Number of Decimals: 2 Taxonomies: Product Types: external (external) grouped (grouped) simple (simple) variable (variable)

Taxonomies: Product Visibility: exclude-from-catalog (exclude-from-catalog) exclude-from-search (exclude-from-search) featured (featured) outofstock (outofstock) rated-1 (rated-1) rated-2 (rated-2) rated-3 (rated-3) rated-4 (rated-4) rated-5 (rated-5)

Connected to WooCommerce.com: – Enforce Approved Product Download Directories: – Order datastore: WC_Order_Data_Store_CPT

WC Pages

Shop-Basis: #7 - /shop/ Warenkorb: #8 - /cart/ Kasse: #9 - /checkout/ Mein Konto: #10 - /my-account/ Allgemeine Geschäftsbedingungen: #743 - /agb/

Theme

Name: OceanWP Version: 3.4.1 Author URL: https://oceanwp.org/about-oceanwp/ Child Theme: ❌ – Wenn du WooCommerce mit einem Theme das du nicht selbst entwickelt hast an eigene Bedürfnisse anpasst dann empfehlen wir die Verwendung eines Child-Themes. Siehe Wie du ein Child-Theme erstellst (engl.)

WooCommerce Support: ✔

Templates

Overrides: oceanwp/woocommerce/cart/mini-cart.php oceanwp/woocommerce/content-single-product.php oceanwp/woocommerce/loop/loop-start.php oceanwp/woocommerce/single-product/title.php

WooCommerce PayPal Payments

Onboarded: ✔ Shop country code: AT WooCommerce currency supported: ✔ Advanced Card Processing available in country: – Pay Later messaging available in country: – Webhook status: ✔ Vault enabled: ✔ Logging enabled: – Reference Transactions: – Used PayPal Checkout plugin: ✔ Tracking enabled: –

Admin

Enabled Features: activity-panels analytics coupons customer-effort-score-tracks experimental-products-task experimental-import-products-task experimental-fashion-sample-products shipping-smart-defaults shipping-setting-tour homescreen marketing multichannel-marketing mobile-app-banner navigation onboarding onboarding-tasks remote-inbox-notifications remote-free-extensions payment-gateway-suggestions shipping-label-banner subscriptions store-alerts transient-notices woo-mobile-welcome wc-pay-promotion wc-pay-welcome-page

Disabled Features: minified-js new-product-management-experience settings

Daily Cron: ✔ Next scheduled: 2023-01-24 13:24:55 +00:00 Options: ✔ Notes: 119 Onboarding: completed

Action Scheduler

Abgeschlossen: 1.131 Oldest: 2022-12-24 14:48:02 +0000 Newest: 2023-01-23 15:19:49 +0000

Fehlgeschlagen: 53 Oldest: – Newest: –

Ausstehend: 10 Oldest: 2023-01-23 15:48:53 +0000 Newest: 2023-01-30 11:42:47 +0000

Status report information

Generated at: 2023-01-23 15:23:07 +00:00 `

Isolating the problem

github-actions[bot] commented 1 year ago

Hi @FireRedDev,

Thank you for opening the issue! It requires further feedback from the WooCommerce Core team.

We are adding the needs developer feedback label to this issue so that the Core team could take a look.

Please note it may take a few days for them to get to this issue. Thank you for your patience.

barryhughes commented 1 year ago

@FireRedDev to clarify—are you interested in providing your custom user role with access to the 'legacy' reports found at WooCommerce ▸ Reports or to the newer analytical reports found under the Analytics menu? Certainly in the former case, that amount of attention we can provide is likely to be limited (given the availability of the new Analytics area).

FireRedDev commented 1 year ago

Hey, i mean the new analytics feature, not the old reports

Barry Hughes @.***> schrieb am Mo., 27. Feb. 2023, 20:00:

@FireRedDev https://github.com/FireRedDev to clarify—are you interested in providing your custom user role with access to the 'legacy' reports found at WooCommerce ▸ Reports or to the newer analytical reports found under the Analytics menu? Certainly in the former case, that amount of attention we can provide is likely to be limited (given the availability of the new Analytics area).

— Reply to this email directly, view it on GitHub https://github.com/woocommerce/woocommerce/issues/36558#issuecomment-1446887640, or unsubscribe https://github.com/notifications/unsubscribe-auth/AI5HAWJDIL3R45H4LEK7J33WZT2TDANCNFSM6AAAAAAUD7ECOQ . You are receiving this because you were mentioned.Message ID: @.***>

barryhughes commented 1 year ago

Thanks for confirming :+1:

rrennick commented 1 year ago

EDIT/Update: even when adding edit,manage and assign_categories capabilities it doesnt load the categories, the request for loading them in analytics just returns woocommerce_rest_cannot_view 403

@FireRedDev I apologize for the delay in following up here. The *_categories capabilities are for post categories. The product category, tag, attribute, and shipping class capabilities are *_product_terms.

I'll close this issue but if you grant the product term capabilities to your user role and still have the issue, please let us know so we can investigate further.

FireRedDev commented 1 year ago

Hey! image All of these permissions seem to go further than a simple read. I just want the user to be able to view the data for statistical analysis, not change actual stuff in the shop. Thank you

rrennick commented 1 year ago

I just want the user to be able to view the data for statistical analysis, not change actual stuff in the shop.

@FireRedDev I created a new issue as your issue is different than the original report.