Permissions

Permissions allow Shopify store owners to control which settings WordPress administrators can modify. This is useful for agencies managing multiple WordPress sites or when you want to enforce specific configurations.

How Permissions Work

The permission system works in one direction:

Shopify App (Master)
        ↓
Controls what WordPress can edit
        ↓
WordPress Plugin (Restricted)

Key points:

• Permissions are set in the Shopify App
• WordPress plugin reads permissions via API
• Locked settings show a yellow warning banner
• Changes to locked fields are silently ignored

Available Permissions

Permission	Controls	Default
Sync Settings	Auto-sync, image sync, metafield sync, post types	Enabled
Blogs	Blog routing rules and mappings	Enabled
Hreflangs	Multilingual hreflang configuration	Enabled
Meta Fields	WordPress Core, Yoast, Rank Math, ACF sync	Enabled
Authors	Author mapping and display names	Enabled
Files & Media	File uploads, WebP conversion, allowed types	Enabled
Content Processing	URL rewriting, custom HTML tags	Enabled
Redirections	Smart redirections management	Enabled
Advanced	Robots.txt, Gutenberg blocks settings	Enabled

Setting Permissions in Shopify

Step 1: Open Connection Settings

1. Go to Shopify Admin → Apps → Wash
2. Click on your WordPress connection
3. Navigate to Settings tab
4. Select Permissions sub-tab

Step 2: Configure Permissions

Toggle each permission on or off:

• On (enabled) — WordPress can modify these settings
• Off (disabled) — Settings are locked in WordPress

Step 3: Save Changes

Click Save Changes. WordPress will receive updated permissions on next page load (cached for 5 minutes).

WordPress Plugin Behavior

Locked Tab Indicators

When a permission is disabled:

• Tab shows a lock icon 🔒
• Hovering shows "Locked by Shopify Admin"
• Yellow banner appears at the top of the tab
• All form inputs are disabled
• Save button is hidden

Permission Cache

WordPress caches permissions for 5 minutes to reduce API calls. To force refresh:

1. Go to Wash Settings in WordPress
2. Click the refresh icon next to your plan name
3. This clears both plan info and permissions cache

Use Cases

Agency Managing Multiple Sites

Lock critical settings to prevent clients from breaking sync:

• Disable: Sync Settings, Advanced
• Enable: Authors, Content Processing

Enforcing SEO Standards

Prevent changes to SEO-related settings:

• Disable: Meta Fields, Hreflangs
• Enable: Everything else

Content Team Access

Allow content editing but lock technical settings:

• Disable: Sync Settings, Advanced, Redirections
• Enable: Authors, Content Processing

API Details

Permission Endpoint

WordPress fetches permissions from:

GET /api/settings-permissions
Headers:
  X-Wash-Key: {api_key}
  X-Wash-Timestamp: {unix_timestamp}

Response:
{
  "success": true,
  "permissions": {
    "canEditSync": true,
    "canEditBlogs": false,
    "canEditHreflangs": true,
    "canEditMeta": true,
    "canEditAuthors": true,
    "canEditFiles": true,
    "canEditContent": false,
    "canEditRedirections": true,
    "canEditAdvanced": false
  }
}

Permission Field Mapping

API Field	Database Field	WordPress Tab
canEditSync	canWpEditSync	Sync Settings
canEditBlogs	canWpEditBlogs	Blogs
canEditHreflangs	canWpEditHreflangs	Hreflangs
canEditMeta	canWpEditMeta	Meta Fields
canEditAuthors	canWpEditAuthors	Authors
canEditFiles	canWpEditFiles	Files & Media
canEditContent	canWpEditContent	Content Processing
canEditRedirections	canWpEditRedirections	Redirections
canEditAdvanced	canWpEditAdvanced	Advanced

Permissions vs Plan Features

Permissions are different from plan-based feature locks:

Aspect	Permissions	Plan Features
Controlled by	Shopify Admin	Subscription plan
Purpose	Access control	Feature availability
Banner color	Yellow	Green
Can be changed	Anytime	By upgrading plan

Priority: If both are locked, permission lock takes precedence (shows yellow banner).

Troubleshooting

Settings Not Locking

• Check permission is disabled in Shopify App
• Click refresh button in WordPress to clear cache
• Wait 5 minutes for cache to expire automatically
• Verify API connection is working

Can't Save Settings

• Check for yellow "Locked by Shopify Admin" banner
• Ask Shopify admin to enable permission
• Verify you're editing the correct tab

Permission Changes Not Reflecting

• Clear WordPress transient cache
• Use refresh button next to plan badge
• Check Shopify App saved successfully

---

Related Documentation

• Connection Settings
• Choosing a Plan
• Installation