Giters

mnelson4 / printmyblog

WordPress Plugin that simplifies printing your entire blog

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Getting rest_cannot_view error as a logged in subscriber user

simonlerpard opened this issue · comments

commented

Hi there,

If you are logged in as a subscriber user, you are getting an error when trying to print a page. This error seems to be the reason:

{"code":"rest_cannot_view","message":"Du har inte beh\u00f6righet att hantera termer i denna taxonomi.","data":{"status":403}}

The message is in swedish, but it basically says "You don't have permission to manage taxonomies".

Which makes sense, since the user actually don't have that access, since it's only a subscriber. If I understand the code correctly you're only checking if a user is logged in, and not if they have the permission to edit taxonomies. So the error when requesting the REST API/wp-json/wp/v2/taxonomies?context=edit is not handled correctly.

Thanks for a nice plugin anyway though. I hope to see a fix in the near future, keep on rocking.

commented

Hi @simonlerpard, thanks for reporting this issue. I’ll investigate and probably check permissions more thoroughly. I’ll let you know when the issue is resolved.

commented

Hi @simonlerpard, I've had a chance to look into the issue. The code currently always tries to get taxonomies using the "edit" context, and if that fails because of a permissions issue, it retries again in the public reading context. Here's the lines of relevant code:

this.preloadTaxonomies = function () {
        var alltaxonomiesCollection = new wp.api.collections.Taxonomies();
        alltaxonomiesCollection.fetch(
            {
                data: this.getCollectionQueryData(),
            }
        ).then(
            (taxonomies) => {
                this.working = true;
                this.taxonomies = taxonomies;
                // ok we have everything we need to start. So let's get it started!
                this.beginLoading();
            },
            (jqxhr, textStatus, errorThrown) => {
                if (errorThrown === 'Forbidden') {
                    // They might be logged-in but not have permission to
                    // edit the post. So try again but in read context.
                    this.can_view_sensitive_data = false;
                    this.preloadTaxonomies();
                } else {
                    this.stopAndShowError(errorThrown);
                }

            });
    }

So while I do see that error being logged in the console, the print page still works.

Do you mind sharing with me the URL of the site where you're getting this error so I can investigate further? You might be getting another error as well.