Changing “user role” after having generated API keys

  • Resolved maps1990

    (@maps1990)


    4 years, 10 months ago

    Hi,

    Say you went to WooCommerce > Settings > Advanced > REST API and created API keys for a user called Tom, who had the user role “Shop manager” at the moment of API keys creation.

    Later, you change Tom’ status to “Admin” (or any other user role : Editor, Customer, …): will the rights associated to API keys update automatically to match the new user role, or will Tom still have only Shop Manager rights with his API keys?

    Thanks!
    M

Viewing 11 replies - 1 through 11 (of 11 total)
  • con

    (@conschneider)

    Engineer

    4 years, 10 months ago

    Hi there,

    I took a quick peek at the code: https://github.com/woocommerce/woocommerce/blob/b19500728b4b292562afb65eb3a0c0f50d5859de/includes/class-wc-rest-authentication.php#L532 and it looks to me that the key pair always gets the user and then gets the user capabilities. There is no extra dataset saved which would have to be updated when the user is updated.

    will the rights associated to API keys update automatically to match the new user role,

    I think so, yes. But I would do a quick test nonetheless ;).

    Kind regards,

    Thread Starter maps1990

    (@maps1990)

    4 years, 10 months ago

    Hi,

    Thanks for your reply!

    About doing a test: unfortunately I know absolutely nothing about APIs, and as much as I would enjoy gaining enough knowledge to be able to make the test, I can’t afford it right now time-wise.

    Let’s see if somebody can confirm!

    Thread Starter maps1990

    (@maps1990)

    4 years, 10 months ago

    Dear Woocommerce devs

    A related question pops to my mind : can the Woocommerce Rest API system handle non-standard users roles created by third party plugins?
    Say you create a new user profile that only allows to change product prices, nothing more, nothing less. Would the Woocommerce API keys created for this non-standard user role reflect the permissions that have been granted?

    Thread Starter maps1990

    (@maps1990)

    4 years, 9 months ago

    Hi there,

    Any clue?

    Thanks!
    M

    Plugin Support Cara

    (@dcka)

    4 years, 9 months ago

    Hi M @maps1990,

    Sorry for the delayed response here!

    Do you still need help with this?

    If so, I’m going to leave this thread open for a bit to see if anyone is able to chime in to help you out.

    The WooCommerce developers don’t often visit here, but I can recommend you check out the WooCommerce Developer Resources Portal, in case that has the answers you’re looking for.

    You may also want to ask your questions in the WooCommerce Facebook group or the #developers channel of the WooCommerce Community Slack. We’re lucky to have a great community of open-source developers for WooCommerce, and many of our developers hang out there, as well.

    Thread Starter maps1990

    (@maps1990)

    4 years, 9 months ago

    Hi Cara,

    Yes I’m still looking for an answer, thanks a lot for the options you provided! I joined the Fb group & Slack.

    Have a nice day,

    M

    3 Sons Development

    (@3sonsdevelopment)

    4 years, 8 months ago

    Hey @maps1990,

    It should work with other roles added to WordPress. I set up a new role on my test site, assigned a user to it and then created an API key pair for this user. If you run into any trouble, let us know.

    Thread Starter maps1990

    (@maps1990)

    4 years, 8 months ago

    Thank you!

    Mirko P.

    (@rainfallnixfig)

    4 years, 8 months ago

    You’re most welcome!

    Feel free to write back if you have any more questions.

    Thanks.

    Thread Starter maps1990

    (@maps1990)

    4 years, 8 months ago

    That’s all for me with the API but I have one unrelated Woocommerce question in this forum that has not been answered, titled “Show only Full Price Products (as opposed to only Sale products)”, if you’re curious feel free to check it! (I’m not sure I’m allowed to put links here). Thanks again, M

    Plugin Support abwaita a11n

    (@abwaita)

    4 years, 8 months ago

    Hi @maps1990,

    Well, I’ll go ahead and mark this one as resolved.

    I seem to have found the other thread, will leave a reply there as well.

    If you have any other questions, please feel free to create a new thread.

    Thanks.

Viewing 11 replies - 1 through 11 (of 11 total)

The topic ‘Changing “user role” after having generated API keys’ is closed to new replies.