From 0dd7c7af70b7dc4b5fa776a57f551aae13ab297b Mon Sep 17 00:00:00 2001
From: Dwindi Ramadhana <dwindown@DwMacMiniM4.local>
Date: Wed, 31 Dec 2025 22:01:06 +0700
Subject: [PATCH] fix: make module settings GET endpoint public

- Shop page and other customer pages need to read module settings
- Settings are non-sensitive configuration values (e.g. wishlist display)
- POST endpoint remains admin-only for security
- Fixes 401 errors on shop page for /modules/wishlist/settings
---
 includes/Api/ModuleSettingsController.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/includes/Api/ModuleSettingsController.php b/includes/Api/ModuleSettingsController.php
index b375578..84236a4 100644
--- a/includes/Api/ModuleSettingsController.php
+++ b/includes/Api/ModuleSettingsController.php
@@ -32,12 +32,12 @@ class ModuleSettingsController extends WP_REST_Controller {
      * Register routes
      */
     public function register_routes() {
-        // GET /woonoow/v1/modules/{module_id}/settings
+        // GET /woonoow/v1/modules/{module_id}/settings (public - needed by frontend)
         register_rest_route($this->namespace, '/' . $this->rest_base . '/(?P<module_id>[a-zA-Z0-9_-]+)/settings', [
             [
                 'methods' => WP_REST_Server::READABLE,
                 'callback' => [$this, 'get_settings'],
-                'permission_callback' => [$this, 'check_permission'],
+                'permission_callback' => '__return_true', // Public: settings are non-sensitive, needed by customer pages
                 'args' => [
                     'module_id' => [
                         'required' => true,