mattorou

Forum Replies Created

Viewing 3 replies - 1 through 3 (of 3 total)
  • Forum: Plugins
    In reply to: [Event Tickets and Registration] Unable to create order from admin page
    Thread Starter mattorou

    (@mattorou)

    1 year, 3 months ago

    Hi @d0153, apologies for the delay in response!

    Yes, I believe it should test for capabilities if the plugin is not supposed to have the functionality for users to create and edit orders. I’ve narrowed the issue down to these arguments passed when the orders post type is registererd:

    // from src/Tickets/Commerce/Order.php plugin version 5.19.0

    'capability_type' => 'order',
    'map_meta_cap'    => true,
    'capabilities'    => [
    	// Meta capabilities.
    	'edit_post'          => 'edit_post',
    	'read_post'          => 'read_post',
    	'delete_post'        => 'delete_post',
    	// Primitive capabilities used outside of map_meta_cap().
    	'edit_posts'         => 'edit_posts',
    	'create_posts'       => 'edit_tc-orders',
    	'edit_others_posts'  => 'edit_others_posts',
    	'delete_posts'       => 'delete_posts',
    	'publish_posts'      => 'publish_tc-orders', // 'publish_posts',
    	'read_private_posts' => 'read_private_posts',
    ],

    But I can’t establish what it is exactly that is allowing the capabilities manager plugin to change this. I was able to create another, more simple, post type passing 'do_not_allow' for all the capabilities values and I didn’t not experience the same behaviour.

    Forum: Plugins
    In reply to: [Event Tickets and Registration] Unable to create order from admin page
    Thread Starter mattorou

    (@mattorou)

    1 year, 3 months ago

    Hi @tristan083, I’m opening this thread again because I’ve found the cause of the problem isn’t with the third party plugin; it’s to do with the way the post type is registered in the Event Tickets plugin.

    I have fixed the problem with the following filter:

    add_filter( 'map_meta_cap', function( $caps, $cap ) {
        if ( $cap === 'edit_tc-orders' || $cap === 'publish_tc-orders' ) {
            $caps[] = 'do_not_allow';
        }

        return $caps;
    }, 10, 2 );

    I have added this to a mu plugin as a patch, but ideally this would be fixed within your plugin as I don’t believe the capability to add posts is correctly removed.

    Forum: Plugins
    In reply to: [Event Tickets and Registration] Unable to create order from admin page
    Thread Starter mattorou

    (@mattorou)

    1 year, 3 months ago

    Thanks for confirming the plugin isn’t supposed to do this!

    We have the PublishPress Capabilities plugin installed which I’ve confirmed to be adding the “Add New Order” button to the edit.php?post_type=tec_tc_order page, in the admin head next to the title. We haven’t enabled any settings in that plugin that would’ve allowed any users to create orders in this manner.

    Is this something I should raise with PublishPress?

Viewing 3 replies - 1 through 3 (of 3 total)