Help using the checkout mutation to create orders.

[khuramdogar]

Describe the bug
I am using graphql for create orders from the postman. queries are working fine but I can't run any mutations there is always customer capability error. I am also sending the Bearer token in header to authenticate the customer

To Reproduce
Steps to reproduce the behavior:

1. http://localhost:8888/testsite/graphql or https://woographql.axistaylor.com/graphql
2. Headers
   Content-Type:application/graphql Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczpcL1wvd29vZ3JhcGhxbC5heGlzdGF5bG9yLmNvbSIsImlhdCI6MTU3MDAyMTg1OCwibmJmIjoxNTcwMDIxODU4LCJleHAiOjE1NzAwMjIxNTgsImRhdGEiOnsidXNlciI6eyJpZCI6IjMifX19.7drzb9beicfl-SqbPZvzseBGoY4Cf30eoS0x1wyGQIE
3. run this mutation

mutation MyMutation {
createOrder(input: {clientMutationId: "CreateOrder", customerId: 6, paymentMethod: "bacs", paymentMethodTitle: "Direct Bank Transfer", billing: {address1: "969 Market", city: "San Francisco", address2: "", company: "", country: US, email: "john.doe@example.com", firstName: "John", lastName: "Doe", phone: "12903402832", postcode: "94103", state: "CA"}, shippingLines: {methodId: "flat_rate", methodTitle: "flat_rate", total: "10"}, shipping: {address1: "969 Market", address2: "", city: "San Francisco", country: US, email: "john.doe@example.com", firstName: "JOhn", lastName: "Doe", phone: "180923843204", postcode: "94103", state: "CA"}, isPaid: true, lineItems: {productId: 30, quantity: 1}}) {
  clientMutationId
  order {
    cartHash
    currency
  }
}
}

Expected behavior
The order should be created

Screenshots
Request Screenshot

Screenshot 2

Screenshot 3

[kidunot89]

createOrder by default requires that current user have edit-order capability. A capability only found on users with admin or shop manager roles. For public applications it's recommended that the checkout mutation be used instead, however the checkout mutation is still in a experimental phase in my opinion and if you still wish to use the createOrder mutation instead, there is a filter you can use to modify the cap check. Here is a basic example.

function authorized( $authorized ) {
	$authorized = true;
	return $authorized;
}
add_filter( 'authorized_to_create_orders', 'authorized' );

I recommend doing query validation of some kind and not just returning true like in the example.

[khuramdogar]

Thanks @kidunot89 for your reply but when I query on checkout I got this.

I am sending right authorize header

[khuramdogar]

I have been stuck on this for 2 days. I am experienced JS person and it is my first time interacting with wordpress

[kidunot89]

Also, I haven't done much in the way of documentation, but I create detailed PR summaries. Here a list of a the major ones. Click the link at the end of bullet point to be taken to any sub PR with example and more details

• Release v0.1.0 - Cart mutations
• Release v0.1.2 - Cart Session Handling
• Release v0.2.0 - Order/Checkout mutations
• Release v0.2.1 - New Product connection filters and checkout mutation bugfixes

[umairraza101]

Hi @khuramdogar & @kidunot89 , I'm facing same issue, Please let me know if you find any solution.

[ali-se-ror]

@khuramdogar, have you found anything? I am facing some similar issues. Please post if you find anything.

[kidunot89]

@khuramdogar @umairraza101 @AliHussainciit the woocommerce-session HTTP header is needed for use of the cart and checkout mutation to work properly. You can find out more info and example of how to implement it using React and Apollo here

[khuramdogar]

@kidunot89 Thank you very much. Is there any way I can test this with Postman or any other rest client.

[kidunot89]

Hmm, I don't believe so. The header value is sent in GraphQL response of any mutations that change that data, this current includes addToCart and login. I'm not sure how you would retrieve this value in Postman.

[Raja0sama]

createOrder by default requires that current user have edit-order capability. A capability only found on users with admin or shop manager roles. For public applications it's recommended that the checkout mutation be used instead, however the checkout mutation is still in a experimental phase in my opinion and if you still wish to use the createOrder mutation instead, there is a filter you can use to modify the cap check. Here is a basic example.

function authorized( $authorized ) {
	$authorized = true;
	return $authorized;
}
add_filter( 'authorized_to_create_orders', 'authorized' );

I recommend doing query validation of some kind and not just returning true like in the example.

Even after having those rights, its showing me the error having no rights to make that change :/

[kidunot89]

@Dksami sorry, about the trouble. I found a bug related to user capabilities, it been patched on the develop branch and will be included in the upcoming release. Try downloading or pulling the develop branch and trying again.

[topheroes]

createOrder by default requires that current user have edit-order capability. A capability only found on users with admin or shop manager roles. For public applications it's recommended that the checkout mutation be used instead, however the checkout mutation is still in a experimental phase in my opinion and if you still wish to use the createOrder mutation instead, there is a filter you can use to modify the cap check. Here is a basic example.

function authorized( $authorized ) {
	$authorized = true;
	return $authorized;
}
add_filter( 'authorized_to_create_orders', 'authorized' );

I recommend doing query validation of some kind and not just returning true like in the example.

It looks like it works on the older versions and doesn't work on the recent one. Is there an alternative?

[jonlovera]

@Dksami @topheroes the filter name changed on the newer versions. Now it's called graphql_woocommerce_authorized_to_create_orders as you can see in line 32.

So it would end up looking like this:

// functions.php
function authorized( $authorized ) {
	$authorized = true;
	return $authorized;
}
add_filter( 'graphql_woocommerce_authorized_to_create_orders', 'authorized' );

Hope that helps :)

UPDATE

Here is how I force the logged user to create orders with their customerID, only if they are logged in.

// functions.php
function authorized($authorized, $order_id = null, $input) {
	if (!$authorized) {
		$user = wp_get_current_user();

		if (!empty($user)) {
			$user_id = $user->data->ID;
			$customer_id = $input['customerId'];

			if (!isset($customer_id) || $customer_id === $user_id) {
				return true;
			}
		}
	}

	return $authorized;
}
add_filter('graphql_woocommerce_authorized_to_create_orders', 'authorized', 1, 3);

function assign_customer_id_to_current_user($order){
	$user = wp_get_current_user();

	if (!empty($user)) {
		$user_id = $user->data->ID;
		$customer_id = $order->get_customer_id();

		if (!$customer_id) {
			$order->set_customer_id($user_id);
			$order->save();
		}
	}

	return $order;
}
add_filter('graphql_woocommerce_after_order_create', 'assign_customer_id_to_current_user');

[kidunot89]

@jonlovera Thanks so much for catching that i should have made some notes on the hook name changes in the release summary. 😅
@Dksami @topheroes My bad 🤷‍♂️

[felipepxavier]

Hi @jonlovera , does this solution of yours solve the problem of orders being linked only to a guest account?
I entered your code in function.php but orders are still linking guest accounts only ..

[jonlovera]

Hi @felipepxavier, are you using wp-graphql-jwt-authentication?

Might be worth checking what does wp_get_current_user() prints out

[felipepxavier]

@jonlovera, thanks for the feedback!
Yes, I am using wp-graphql-jwt-authentication, but it was badly configured, solved! ;)

[muhaimincs]

Hello,

I have a specific rule if customer wants to checkout. My current WP settings require Delivery date as well as the time to place the order. But I couldn't find any docs related to these fields. Any help?

Thanks in advance

[diamondigital]

Hello, in our case, we were using the createOrder mutation, which is meant for internal order creation. For a standard checkout process, you should use the checkout mutation.

[jakubmas]

Is there a way to specify currency in checkout mutation? I see that this is an option in createOrder but I'm getting User does not have the capabilities necessary to create an order. error.

[diamondigital]

Is there a way to specify currency in checkout mutation? I see that this is an option in createOrder but I'm getting User does not have the capabilities necessary to create an order. error.

Have you specified the currency in the WooCommerce settings?

[jakubmas]

Yes I did, default currency for my WC is USD but I need to allow also EUR.

[erikdemarco]

Hi @felipepxavier, are you using wp-graphql-jwt-authentication?

Might be worth checking what does wp_get_current_user() prints out

@jonlovera I'm new to wpgraphql. And confuse how to usecreateOrder for guest checkout. do we also need jwt for this? do you mind to explain how to do it step by step? Because currently the documentation from @kidunot89 on this matter just give a clue it can be done without relying on WooCommerce's session management but doesnt explain how: https://github.com/wp-graphql/wp-graphql-woocommerce/blob/develop/docs/using-checkout-mutation-and-order-mutations.md#using-the-createorder-mutation