Volunteer Opportunities on WordPress permissions error

[kelizoliva]

Since the most recent CiviCRM Security Release (5.40.3), though possibly earlier, we have been experiencing the follownig error for a Civi-WordPress implementation:

Sep 09 13:30:00  [error]
$Fatal Error Details = array:3 [
  "message" => "You do not have permission to access this page."
  "code" => null
  "exception" => CRM_Core_Exception {#4059
    -errorData: array:1 [
      "error_code" => 0
    ]
    #cause: null
    -_trace: null
    #message: "You do not have permission to access this page."
    #code: 0
    #file: "/var/www/test/web/wp-content/plugins/civicrm/civicrm/CRM/Utils/System/WordPress.php"
    #line: 605
    trace: {
      /var/www/test/web/wp-content/plugins/civicrm/civicrm/CRM/Utils/System/WordPress.php:605 {
        ›   status_header(403);
        ›   throw new CRM_Core_Exception(ts('You do not have permission to access this page.'));
        › }
      }
      /var/www/test/web/wp-content/plugins/civicrm/civicrm/CRM/Utils/System.php:60 { …}
      /var/www/test/web/wp-content/plugins/civicrm/civicrm/CRM/Core/Invoke.php:233 { …}
      /var/www/test/web/wp-content/plugins/civicrm/civicrm/CRM/Core/Invoke.php:69 { …}
      /var/www/test/web/wp-content/plugins/civicrm/civicrm/CRM/Core/Invoke.php:36 { …}
      /var/www/test/web/wp-content/plugins/civicrm/civicrm.php:1178 { …}
      /var/www/test/web/wp-includes/class-wp-hook.php:303 { …}
      /var/www/test/web/wp-includes/class-wp-hook.php:327 { …}
      /var/www/test/web/wp-includes/plugin.php:518 { …}
      /var/www/test/web/wp-includes/class-wp.php:763 { …}
      /var/www/test/web/wp-includes/functions.php:1291 { …}
      /var/www/test/web/wp-blog-header.php:16 { …}
      /var/www/test/web/index.php:17 { …}
    }
  }
]

This is when attempting to, as an anonymous user, access crm/?page=CiviCRM&q=civicrm/vol/#/volunteer/opportunities

We/the client have not made any changes to permissions since this was last working. We have AJAX API and CiviVolunteer: register to volunteer permissions are granted on anonymous users.

Is anyone else using a WP implementation experiencing this, and if so, does this seem like a bug in CiviVolunteer, or a configuration issue that needs to be addressed?

[shaneonabike]

We ran into the link redirecting to the backend URL (WP) instead of the frontend...

https://www.myorg.org/?civiwp=CiviCRM&q=civicrm%2Fvolunteer%2Fsignup&reset=1&needs%5B%5D=191&dest=list

and it should be

https://www.myorg.org/civicrm/volunteer/signup/?reset=1&needs%5B%5D=192&dest=list

The problem is on this line. Essentially, CRM_Utils_System::url is using the defaults rather than indicating the link is a frontend link.

A fix would be to change it to:

        $url = CRM_Utils_System::url('civicrm/volunteer/signup', 
           "reset=1&needs[]={$need['id']}&dest=event", // query string
           FALSE, // absolute
           NULL, // fragment
           TRUE, // FrontEnd
           FALSE); //Backend

I'll try my best to post a merge request when I get a chance although it's a pretty quick fix to change. Fairly major problem for WP integrators.

cc @ginkgomzd