Support » Plugin: WooCommerce » User with role Shop Manager getting error 403 – forbidden

  • Resolved Dominik Lacković

    (@domba_bomba007)


    Hi,
    I see a lot of errors 403 and 401 and have narrowed down the issue to the shop_manager user role.
    When user have this role, any WC page will cause non critical errors but since I am using very strict firewall, my shop managers are getting blocked because of this error after opening few WC pages.

    Error:
    {"code":"woocommerce_rest_cannot_view","message":"Sorry, you cannot view these options.","data":{"status":401}}

    I have successfully replicated error on fresh local WP environment so here are the basic steps to reproduce the bug:
    – install WooCommerce and skip onboarding
    – assign user with shop manager role
    – log in as that user
    – visit any WC page
    – view errors in console

    Error I am getting are from there URI paths:

    
    /wp-json/wc-admin/options?options=woocommerce_task_list_hidden%2Cwoocommerce_extended_task_list_hidden%2Cwoocommerce_task_list_dismissed_tasks%2Cwoocommerce_task_list_complete%2Cwoocommerce_task_list_tracked_completed_tasks&_locale=user
    
    /wp-json/wc-admin/options?options=woocommerce_task_list_tracked_completed_actions%2Cwoocommerce_task_list_remind_me_later_tasks%2Cwoocommerce_extended_task_list_complete&_locale=user
    
    /wp-json/wc-admin/options?options=woocommerce_welcome_from_calypso_modal_dismissed%2Cwoocommerce_task_list_welcome_modal_dismissed&_locale=user
    
    /wp-json/wc-admin/onboarding/free-extensions?_locale=user ERROR 500
    

    I also tried installing WooCommerce Admin plugin but it seems that latest version is already included in latest WooCommerce package.

    In WC logs I see only 1 fatal error and this one is on local environment and not sure if this is even related:

    2021-10-14T23:29:24+00:00 CRITICAL Uncaught TypeError: array_column(): Argument #1 ($array) must be of type array, string given in C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\RemoteInboxNotifications\Transformers\ArrayColumn.php:27
    Stack trace:
    #0 C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\RemoteInboxNotifications\Transformers\ArrayColumn.php(27): array_column('', 'slug')
    #1 C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\RemoteInboxNotifications\TransformerService.php(59): Automattic\WooCommerce\Admin\RemoteInboxNotifications\Transformers\ArrayColumn->transform('', Object(stdClass), '')
    #2 C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\RemoteInboxNotifications\OptionRuleProcessor.php(45): Automattic\WooCommerce\Admin\RemoteInboxNotifications\TransformerService::apply('', Array, '')
    #3 C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\RemoteInboxNotifications\RuleEvaluator.php(62): Automattic\WooCommerce\Admin\RemoteInboxNotifications\OptionRuleProcessor->process(Object(stdClass), NULL)
    #4 C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\Features\RemoteFreeExtensions\EvaluateExtension.php(27): Automattic\WooCommerce\Admin\RemoteInboxNotifications\RuleEvaluator->evaluate(Array)
    #5 C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\Features\RemoteFreeExtensions\Init.php(48): Automattic\WooCommerce\Admin\Features\RemoteFreeExtensions\EvaluateExtension::evaluate(Object(stdClass))
    #6 C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\API\OnboardingFreeExtensions.php(75): Automattic\WooCommerce\Admin\Features\RemoteFreeExtensions\Init::get_extensions()
    #7 C:\laragon\www\wc\wp-includes\rest-api\class-wp-rest-server.php(1140): Automattic\WooCommerce\Admin\API\OnboardingFreeExtensions->get_available_extensions(Object(WP_REST_Request))
    #8 C:\laragon\www\wc\wp-includes\rest-api\class-wp-rest-server.php(987): WP_REST_Server->respond_to_request(Object(WP_REST_Request), '/wc-admin/onboa...', Array, NULL)
    #9 C:\laragon\www\wc\wp-includes\rest-api\class-wp-rest-server.php(414): WP_REST_Server->dispatch(Object(WP_REST_Request))
    #10 C:\laragon\www\wc\wp-includes\rest-api.php(370): WP_REST_Server->serve_request('/wc-admin/onboa...')
    #11 C:\laragon\www\wc\wp-includes\class-wp-hook.php(303): rest_api_loaded(Object(WP))
    #12 C:\laragon\www\wc\wp-includes\class-wp-hook.php(327): WP_Hook->apply_filters(NULL, Array)
    #13 C:\laragon\www\wc\wp-includes\plugin.php(518): WP_Hook->do_action(Array)
    #14 C:\laragon\www\wc\wp-includes\class-wp.php(388): do_action_ref_array('parse_request', Array)
    #15 C:\laragon\www\wc\wp-includes\class-wp.php(750): WP->parse_request('')
    #16 C:\laragon\www\wc\wp-includes\functions.php(1291): WP->main('')
    #17 C:\laragon\www\wc\wp-blog-header.php(16): wp()
    #18 C:\laragon\www\wc\index.php(17): require('C:\\laragon\\www\\...')
    #19 {main}
      thrown in C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\RemoteInboxNotifications\Transformers\ArrayColumn.php on line 27
    
    2021-10-14T23:30:27+00:00 CRITICAL Uncaught TypeError: array_column(): Argument #1 ($array) must be of type array, string given in C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\RemoteInboxNotifications\Transformers\ArrayColumn.php:27
    Stack trace:
    #0 C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\RemoteInboxNotifications\Transformers\ArrayColumn.php(27): array_column('', 'slug')
    #1 C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\RemoteInboxNotifications\TransformerService.php(59): Automattic\WooCommerce\Admin\RemoteInboxNotifications\Transformers\ArrayColumn->transform('', Object(stdClass), '')
    #2 C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\RemoteInboxNotifications\OptionRuleProcessor.php(45): Automattic\WooCommerce\Admin\RemoteInboxNotifications\TransformerService::apply('', Array, '')
    #3 C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\RemoteInboxNotifications\RuleEvaluator.php(62): Automattic\WooCommerce\Admin\RemoteInboxNotifications\OptionRuleProcessor->process(Object(stdClass), NULL)
    #4 C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\Features\RemoteFreeExtensions\EvaluateExtension.php(27): Automattic\WooCommerce\Admin\RemoteInboxNotifications\RuleEvaluator->evaluate(Array)
    #5 C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\Features\RemoteFreeExtensions\Init.php(48): Automattic\WooCommerce\Admin\Features\RemoteFreeExtensions\EvaluateExtension::evaluate(Object(stdClass))
    #6 C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\API\OnboardingFreeExtensions.php(75): Automattic\WooCommerce\Admin\Features\RemoteFreeExtensions\Init::get_extensions()
    #7 C:\laragon\www\wc\wp-includes\rest-api\class-wp-rest-server.php(1140): Automattic\WooCommerce\Admin\API\OnboardingFreeExtensions->get_available_extensions(Object(WP_REST_Request))
    #8 C:\laragon\www\wc\wp-includes\rest-api\class-wp-rest-server.php(987): WP_REST_Server->respond_to_request(Object(WP_REST_Request), '/wc-admin/onboa...', Array, NULL)
    #9 C:\laragon\www\wc\wp-includes\rest-api\class-wp-rest-server.php(414): WP_REST_Server->dispatch(Object(WP_REST_Request))
    #10 C:\laragon\www\wc\wp-includes\rest-api.php(370): WP_REST_Server->serve_request('/wc-admin/onboa...')
    #11 C:\laragon\www\wc\wp-includes\class-wp-hook.php(303): rest_api_loaded(Object(WP))
    #12 C:\laragon\www\wc\wp-includes\class-wp-hook.php(327): WP_Hook->apply_filters(NULL, Array)
    #13 C:\laragon\www\wc\wp-includes\plugin.php(518): WP_Hook->do_action(Array)
    #14 C:\laragon\www\wc\wp-includes\class-wp.php(388): do_action_ref_array('parse_request', Array)
    #15 C:\laragon\www\wc\wp-includes\class-wp.php(750): WP->parse_request('')
    #16 C:\laragon\www\wc\wp-includes\functions.php(1291): WP->main('')
    #17 C:\laragon\www\wc\wp-blog-header.php(16): wp()
    #18 C:\laragon\www\wc\index.php(17): require('C:\\laragon\\www\\...')
    #19 {main}
      thrown in C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\RemoteInboxNotifications\Transformers\ArrayColumn.php on line 27
    
    2021-10-14T23:45:15+00:00 CRITICAL Uncaught TypeError: array_column(): Argument #1 ($array) must be of type array, string given in C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\RemoteInboxNotifications\Transformers\ArrayColumn.php:27
    Stack trace:
    #0 C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\RemoteInboxNotifications\Transformers\ArrayColumn.php(27): array_column('', 'slug')
    #1 C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\RemoteInboxNotifications\TransformerService.php(59): Automattic\WooCommerce\Admin\RemoteInboxNotifications\Transformers\ArrayColumn->transform('', Object(stdClass), '')
    #2 C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\RemoteInboxNotifications\OptionRuleProcessor.php(45): Automattic\WooCommerce\Admin\RemoteInboxNotifications\TransformerService::apply('', Array, '')
    #3 C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\RemoteInboxNotifications\RuleEvaluator.php(62): Automattic\WooCommerce\Admin\RemoteInboxNotifications\OptionRuleProcessor->process(Object(stdClass), NULL)
    #4 C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\Features\RemoteFreeExtensions\EvaluateExtension.php(27): Automattic\WooCommerce\Admin\RemoteInboxNotifications\RuleEvaluator->evaluate(Array)
    #5 C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\Features\RemoteFreeExtensions\Init.php(48): Automattic\WooCommerce\Admin\Features\RemoteFreeExtensions\EvaluateExtension::evaluate(Object(stdClass))
    #6 C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\API\OnboardingFreeExtensions.php(75): Automattic\WooCommerce\Admin\Features\RemoteFreeExtensions\Init::get_extensions()
    #7 C:\laragon\www\wc\wp-includes\rest-api\class-wp-rest-server.php(1140): Automattic\WooCommerce\Admin\API\OnboardingFreeExtensions->get_available_extensions(Object(WP_REST_Request))
    #8 C:\laragon\www\wc\wp-includes\rest-api\class-wp-rest-server.php(987): WP_REST_Server->respond_to_request(Object(WP_REST_Request), '/wc-admin/onboa...', Array, NULL)
    #9 C:\laragon\www\wc\wp-includes\rest-api\class-wp-rest-server.php(414): WP_REST_Server->dispatch(Object(WP_REST_Request))
    #10 C:\laragon\www\wc\wp-includes\rest-api.php(370): WP_REST_Server->serve_request('/wc-admin/onboa...')
    #11 C:\laragon\www\wc\wp-includes\class-wp-hook.php(303): rest_api_loaded(Object(WP))
    #12 C:\laragon\www\wc\wp-includes\class-wp-hook.php(327): WP_Hook->apply_filters(NULL, Array)
    #13 C:\laragon\www\wc\wp-includes\plugin.php(518): WP_Hook->do_action(Array)
    #14 C:\laragon\www\wc\wp-includes\class-wp.php(388): do_action_ref_array('parse_request', Array)
    #15 C:\laragon\www\wc\wp-includes\class-wp.php(750): WP->parse_request('')
    #16 C:\laragon\www\wc\wp-includes\functions.php(1291): WP->main('')
    #17 C:\laragon\www\wc\wp-blog-header.php(16): wp()
    #18 C:\laragon\www\wc\index.php(17): require('C:\\laragon\\www\\...')
    #19 {main}
      thrown in C:\laragon\www\wc\wp-content\plugins\woocommerce\packages\woocommerce-admin\src\RemoteInboxNotifications\Transformers\ArrayColumn.php on line 27

    And here is the system report from local environment:

    
    ### WordPress Environment ###
    
    WordPress address (URL): http://wc.test
    Site address (URL): http://wc.test
    WC Version: 5.8.0
    REST API Version: ✔ 5.8.0
    WC Blocks Version: ✔ 5.9.1
    Action Scheduler Version: ✔ 3.3.0
    WC Admin Version: ✔ 2.7.2
    Log Directory Writable: ✔
    WP Version: 5.8.1
    WP Multisite: –
    WP Memory Limit: 512 MB
    WP Debug Mode: –
    WP Cron: ✔
    Language: en_US
    External object cache: –
    
    ### Server Environment ###
    
    Server Info: Apache/2.4.47 (Win64) OpenSSL/1.1.1k mod_fcgid/2.3.10-dev
    PHP Version: 8.0.10
    PHP Post Max Size: 2 GB
    PHP Time Limit: 36000
    PHP Max Input Vars: 1000
    cURL Version: 7.76.1
    OpenSSL/1.1.1l
    
    SUHOSIN Installed: –
    MySQL Version: 8.0.26
    Max Upload Size: 2 GB
    Default Timezone is UTC: ✔
    fsockopen/cURL: ✔
    SoapClient: ❌ Your server does not have the SoapClient class enabled - some gateway plugins which use SOAP may not work as expected.
    DOMDocument: ✔
    GZip: ✔
    Multibyte String: ✔
    Remote Post: ✔
    Remote Get: ✔
    
    ### Database ###
    
    WC Database Version: 5.8.0
    WC Database Prefix: wp_
    Total Database Size: 4.74MB
    Database Data Size: 3.35MB
    Database Index Size: 1.39MB
    wp_woocommerce_sessions: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
    wp_woocommerce_api_keys: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
    wp_woocommerce_attribute_taxonomies: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
    wp_woocommerce_downloadable_product_permissions: Data: 0.02MB + Index: 0.06MB + Engine InnoDB
    wp_woocommerce_order_items: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
    wp_woocommerce_order_itemmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
    wp_woocommerce_tax_rates: Data: 0.02MB + Index: 0.06MB + Engine InnoDB
    wp_woocommerce_tax_rate_locations: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
    wp_woocommerce_shipping_zones: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
    wp_woocommerce_shipping_zone_locations: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
    wp_woocommerce_shipping_zone_methods: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
    wp_woocommerce_payment_tokens: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
    wp_woocommerce_payment_tokenmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
    wp_woocommerce_log: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
    wp_actionscheduler_actions: Data: 0.02MB + Index: 0.13MB + Engine InnoDB
    wp_actionscheduler_claims: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
    wp_actionscheduler_groups: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
    wp_actionscheduler_logs: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
    wp_commentmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
    wp_comments: Data: 0.02MB + Index: 0.08MB + Engine InnoDB
    wp_links: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
    wp_options: Data: 2.48MB + Index: 0.03MB + Engine InnoDB
    wp_postmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
    wp_posts: Data: 0.02MB + Index: 0.06MB + Engine InnoDB
    wp_term_relationships: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
    wp_term_taxonomy: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
    wp_termmeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
    wp_terms: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
    wp_usermeta: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
    wp_users: Data: 0.02MB + Index: 0.05MB + Engine InnoDB
    wp_wc_admin_note_actions: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
    wp_wc_admin_notes: Data: 0.05MB + Index: 0.00MB + Engine InnoDB
    wp_wc_category_lookup: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
    wp_wc_customer_lookup: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
    wp_wc_download_log: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
    wp_wc_order_coupon_lookup: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
    wp_wc_order_product_lookup: Data: 0.02MB + Index: 0.06MB + Engine InnoDB
    wp_wc_order_stats: Data: 0.02MB + Index: 0.05MB + Engine InnoDB
    wp_wc_order_tax_lookup: Data: 0.02MB + Index: 0.03MB + Engine InnoDB
    wp_wc_product_meta_lookup: Data: 0.02MB + Index: 0.09MB + Engine InnoDB
    wp_wc_reserved_stock: Data: 0.02MB + Index: 0.00MB + Engine InnoDB
    wp_wc_tax_rate_classes: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
    wp_wc_webhooks: Data: 0.02MB + Index: 0.02MB + Engine InnoDB
    
    ### Post Type Counts ###
    
    attachment: 1
    page: 7
    post: 3
    
    ### Security ###
    
    Secure connection (HTTPS): ❌
    					Your store is not using HTTPS. Learn more about HTTPS and SSL Certificates.
    Hide errors from visitors: ✔
    
    ### Active Plugins (1) ###
    
    WooCommerce: by Automattic – 5.8.0
    
    ### Inactive Plugins (2) ###
    
    Akismet Anti-Spam: by Automattic – 4.1.12
    Hello Dolly: by Matt Mullenweg – 1.7.2
    
    ### Settings ###
    
    API Enabled: –
    Force SSL: –
    Currency: USD ($)
    Currency Position: left
    Thousand Separator: ,
    Decimal Separator: .
    Number of Decimals: 2
    Taxonomies: Product Types: external (external)
    grouped (grouped)
    simple (simple)
    variable (variable)
    
    Taxonomies: Product Visibility: exclude-from-catalog (exclude-from-catalog)
    exclude-from-search (exclude-from-search)
    featured (featured)
    outofstock (outofstock)
    rated-1 (rated-1)
    rated-2 (rated-2)
    rated-3 (rated-3)
    rated-4 (rated-4)
    rated-5 (rated-5)
    
    Connected to WooCommerce.com: –
    
    ### WC Pages ###
    
    Shop base: #6 - /shop/
    Cart: #7 - /cart/
    Checkout: #8 - /checkout/
    My account: #9 - /my-account/
    Terms and conditions: ❌ Page not set
    
    ### Theme ###
    
    Name: Twenty Twenty-One
    Version: 1.4
    Author URL: https://wordpress.org/
    Child Theme: ❌ – If you are modifying WooCommerce on a parent theme that you did not build personally we recommend using a child theme. See: How to create a child theme
    WooCommerce Support: ✔
    
    ### Templates ###
    
    Overrides: –
    
    ### Action Scheduler ###
    
    Complete: 1
    Oldest: 2021-10-14 23:25:38 +0000
    Newest: 2021-10-14 23:25:38 +0000
    
    ### Status report information ###
    
    Generated at: 2021-10-15 00:15:46 +00:00
    
Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support Mirko P. woo-hc

    (@rainfallnixfig)

    Hi @domba_bomba007,

    Thanks for reaching out!

    I have successfully replicated error on fresh local WP environment so here are the basic steps to reproduce the bug

    I followed the exact steps you mentioned on my local test site installation thinking to be able to replicate the issue but was unable to. There are no errors in the browser console as you can see here: https://snipboard.io/xL4qKJ.jpg. Also, I do not see any error logs under WooCommerce > Status > Logs – https://snipboard.io/j6gvOh.jpg. This is the sample page when logged in as Shop Manager → https://snipboard.io/qLe6RG.jpg.

    Since we’re both on a basic configuration with only WooCommerce active and the default theme, but with different server settings, this could be an issue related to your server setup that you’d want to bring to your host’s attention.

    Feel free to use the Jurassic Ninja site and run a new installation checking if you can replicate the issue there:

    https://jurassic.ninja/create/

    Note that this website is meant to create WordPress trashable sites for testing purposes.

    Cheers.

    Thread Starter Dominik Lacković

    (@domba_bomba007)

    Hi,
    Thanks for reaching out.

    Maybe I wasn’t clear enough. Errors I am getting are on dashboard/backend side.
    I mean in WooCommerce dashboard, orders, coupons…
    Not on frontend as I see you were testing.

    I will certainly try to replicate the issue using tool you mentioned above and let you know the results soon.

    Best regards

    Thread Starter Dominik Lacković

    (@domba_bomba007)

    Hi again @rainfallnixfig,
    I tested on a fresh install using fantastic tool you provided (jurassic.ninja) and I replicated the error, so I will try to be more precise this time with steps:

    1. Install WooCommerce
    2. Activate plugin, skip onboarding and when asked about data collection or something like that also skipping that (NOT clicking on count me in)
    3. Add new user and assign shop manager role to that user
    4. Log in as new user with shop manager role
    5. Visit in dashboard any WooCommerce page like
      WooCommerce > Home (…/wp-admin/admin.php?page=wc-admin)
      WooCommerce > Orders (…/wp-admin/edit.php?post_type=shop_order)
      Products > All Products (…/wp-admin/edit.php?post_type=product)
      and so on…

    Literally every WC dashboard page is producing error 403 with that user on API call on endpoint …/wp-json/wc-admin/options?options=woocommerce_task_list_hidden%2Cwoocommerce_extended_task_list_hidden%2Cwoocommerce_task_list_dismissed_tasks%2Cwoocommerce_task_list_complete%2Cwoocommerce_task_list_tracked_completed_tasks&_locale=user

    Error I am getting:
    {"code":"woocommerce_rest_cannot_view","message":"Sorry, you cannot view these options.","data":{"status":403}}

    https://snipboard.io/5EQLkD.jpg

    So I can assume it’s some bug in code not giving users with role shop manager enough permission and not and server side issue.

    Best regards

    Plugin Support Mirko P. woo-hc

    (@rainfallnixfig)

    Hi again,

    Errors I am getting are on dashboard/backend side.

    Thanks for clarifying that for me. Indeed, checking the browser console in the backend resulted in the same warnings on my test site. This is probably related to REST API authentication. You should make sure to correctly connect over HTTPS or using HTTP as there are two different methods of authentication:

    https://woocommerce.github.io/woocommerce-rest-api-docs/#authentication-over-https

    If you’re still running into troubles, please go through the troubleshooting steps mentioned here: https://github.com/woocommerce/woocommerce/wiki/Getting-started-with-the-REST-API#401-unauthorized

    Hope this helps.

    Thread Starter Dominik Lacković

    (@domba_bomba007)

    Hi,
    thanks for troubleshooter link, but it does not help much because I am not using API nor API keys in any special way.
    I’m just using plain WooCommerce in WP backend which is producing those errors out of the box while it shouldn’t.
    Shop manager role should be able to do anything like WordPress admin but now that is not possible because for example, WooCommerce home page won’t load properly because of this errors.
    Only way currently to get rid of that error is to give users an admin permission which I really don’t like because there is no need for such high permission level for only managing WooCommerce.

    Also, on local environment I was using HTTP protocol but on jurassic.ninja there is HTTPS protocol and the error was still the same and you basically confirmed that so, there is obviously some bug in code with shop manager role and his permission.

    Best regards

    Plugin Support Mirko P. woo-hc

    (@rainfallnixfig)

    Hi @domba_bomba007,

    Thanks for the additional details.

    Upon further checking, it seems there is already a bug report on WooCommerce Admin Github for this issue:

    https://github.com/woocommerce/woocommerce-admin/issues/5745

    The bug report is still open and WooCommerce developers are aware of it but there is not yet a date for resolution.

    You may want to subscribe for updates and add your comments to the Github thread to get feedback directly from developers.

    I’m going to close this thread now as you can follow up in Github.

    Thanks.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘User with role Shop Manager getting error 403 – forbidden’ is closed to new replies.