Coming back to Groups, Woo and Foosales

Hi

I am coming back to this topic (https://www.itthinx.com/topic/groups-woo-and-foosales/) – the topic appears to be locked for further comment.

To summarize that prior thread:
– A WordPress install with WooCommerce, Groups and Foosales
– Foosales has an API side (plugin installed on WordPress) and a UI side (an app)
– The UI side first asks for user credentials and passes those to the WordPress plugin.
– The plugin validates that this is a valid user with a valid password and appropriate capabilities.
– The UI side then pulls a list of all products by asking the API side for a list of all products.

In the past, all products were displayed in Foosales. Sometime in the last 6 – 9 months, suddenly only products with no Groups restrictions are shown – i.e. publicly accessible products.
– Group-protected products are not shown regardless of whether the user has Group permission to that product
– Group-protected products are also not shown even if the user is an Administrator

I looked into the code of foosales — the code that validates the user and the code that pulls a list of products has not changed in over 2 years. This strongly suggests a code change on the Groups side has caused the noted behaviour.

Here is the code that checks whether the user is valid:


public function fsfwc_is_valid_user( $headers ) {
if ( array_key_exists( 'username', $headers ) && array_key_exists( 'password', $headers ) ) {
$username = trim( $headers['username'][0] );
$password = trim( $headers['password'][0] );

if ( empty( $username ) || empty( $password ) ) {
return false;
}

$user = get_user_by( ‘login’, $username );

if ( ! $user || is_wp_error( $user ) ) {
$user = get_user_by( ’email’, $username );

if ( ! $user || is_wp_error( $user ) ) {
return false;
}
}

return wp_check_password( $password, $user->user_pass, $user->ID );
} elseif ( array_key_exists( ‘x_wp_nonce’, $headers ) || array_key_exists( ‘x-wp-nonce’, $headers ) ) {
return is_user_logged_in();
}

return false;
}

 

Here is the code that pulls the list of products:


$args = array(
'post_type' => 'product',
'posts_per_page' => $max_products,
'offset' => $offset * $max_products,
'fields' => 'ids',
'no_found_rows' => true,
'orderby' => 'title',
'order' => 'ASC',
'post_status' => $product_statuses,
);

$args[’meta_query’] = array(); // phpcs:ignore WordPress.DB.SlowDBQuery

if ( ‘yes’ === (string) get_option( ‘globalFooSalesProductsOnlyInStock’, ” ) ) {
$args[’meta_query’] = array( // phpcs:ignore WordPress.DB.SlowDBQuery
array(
‘key’ => ‘_stock_status’,
‘value’ => ‘instock’,
),
array(
‘key’ => ‘_backorders’,
‘value’ => ‘no’,
),
);
}

$query = new WP_Query( $args );

 

My suspicion here is that Groups is intercepting this WP_Query to get all products, does not see a logged in user, and that is why it is only showing non-protected products.

My question is — what do I need to change in this code to make it work with Groups? OR how do I tell Groups not to filter product requests coming from this specific plugin?

Thank you

Thank you