When impersonating a user with permissions to add items to a cart, a message is seen in the UI, which says: “Danger: [object Object]” and the items do not get added to the cart.

This behavior can be seen by following these steps:

1. Create two users, one as User One (user1@liferay.com) Screen name: user1 and the second as User Two (user2@liferay.com) Screen name:  user2
2. Create two Accounts (1 and 2)
3. Assign User One and User Two respectively to Account 1 and 2
4. Assign both users from within each account to the Buyer role
5. Create a new site with the Minium template
6. Go to Control Panel > Users and Organizations
7. Click on each user and then go to Memberships
8. Associate each user with the Minium site previously created (Remember to save the changes, otherwise the membership won’t be applied)
9. Go to the Minium site as the Admin user still (Test Test)
10. Add some items to the cart (This test I added the first two items)
11. Check the cart to confirm if the items were added
12. Go back to Go to Control Panel > Users and Organizations and impersonate either User One or Two
13. Go to the Minium site as the impersonated user
14. Try to add the items to the cart (it can be any)

The cause of the issue is that the admin is impersonating a user that hasn’t verified their email yet.

If this property company.security.strangers.verify is set to true (the default value), the new users aren’t verified and so they don’t have permission to use headless APIs. That causes issues when browsing the catalog and fetching the cart/order.

This is an intended behavior of Liferay and therefore not considered a bug. The issue won’t occur if the admin impersonates a verified user, or if they verify the email of the users created in the reproduction steps.