woocommerce icon indicating copy to clipboard operation
woocommerce copied to clipboard

Published 20 hours ago verified publisher icon woocommerce

Plugins connect-jetpack endpoint permissions check too restrictive

Open rjchow opened this issue 3 years ago • 6 comments

Prerequisites (mark completed items with an [x]):

  • [x] I have checked that my issue type is not listed here https://github.com/woocommerce/woocommerce/issues/new/choose
  • [x] My issue is not a security issue, support request, bug report, enhancement or feature request (Please use the link above if it is).

Issue Description:

Jetpack connection API /wc-admin/plugins/connect-jetpack requires install_plugins capability when it doesn't seem to really require that permission on Jetpack's end. We should consider adjusting this permissions check to be more permissive so that shop managers can connect their WordPress.com account and be able to use the mobile app.

rjchow avatar Oct 31 '22 07:10 rjchow

@rjchow Do you think this is still relevant? In order to connect to Jetpack during the core profiler, users must install Jetpack first. I think that's the reason why we require install_plugins.

moon0326 avatar Mar 13 '24 20:03 moon0326

This issue was originally written for the Woo Mobile App onboarding task flow actually, not for the core profiler.

For that flow there's a case of multiple Jetpack connections on the same site, after Jetpack has already been installed by the site admin. This use-case allows non-admins to use the mobile app to manage store tasks such as managing orders etc.

At that point in time Jetpack connection was a mandatory requirement for Woo Mobile App usage, I'm not up to date with the latest but I'm peripherally aware that there's an alternative flow now which does not involve Jetpack.

rjchow avatar Mar 14 '24 07:03 rjchow

@rjchow Thanks for the explanation. I'll put this on hold for now in that case.

moon0326 avatar Mar 14 '24 19:03 moon0326

@rjchow My sense is it's better to limit the connection to full admins, but arguably shop managers should be able to connect the site too. Here's how we describe shop managers:

Shop Manager is a role you can give someone to manage the shop without making them an Admin. They have all the rights a customer has, and are granted these main capabilities:

manage_woocommerce: Gives shop managers the option to manage all settings within WooCommerce, and create/edit products. view_woocommerce_reports: Gives them access to all WooCommerce reports. The Shop Manager role has all the capabilities listed at our WooCommerce GitHub repo.

They also have general WordPress editor capabilities.

https://woocommerce.com/document/roles-capabilities/

Where I think it could be troublesome is if shop managers leave (i.e. are no longer employed by the store), does the connection get lost when their account is removed? The same is true of admin accounts of course but perhaps less likely to occur 🤔 What do you think?

adrianduffell avatar Apr 30 '24 17:04 adrianduffell

We do have a broader goal of providing this endpoint for other Woo services to use, so it may still be worth making this change even if mobile app no longer needs it.

adrianduffell avatar Apr 30 '24 17:04 adrianduffell

I think this endpoint just makes it easier to do things the shop manager already has permissions to do since they have manage_woocommerce capability but it might be worth double checking

rjchow avatar May 01 '24 07:05 rjchow