Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Connection: User without permissions is prompted to connect #8066

Closed
mjangda opened this issue Oct 27, 2017 · 0 comments
Closed

Connection: User without permissions is prompted to connect #8066

mjangda opened this issue Oct 27, 2017 · 0 comments
Assignees
@dereksmart
Labels
Admin Page React-powered dashboard under the Jetpack menu Connect Flow Connection banners, buttons, ... [Focus] FixTheFlows [Pri] Low [Type] Bug When a feature is broken and / or not performing as intended [Type] Janitorial

Comments

@mjangda
Copy link
Member

mjangda commented Oct 27, 2017

Users without the jetpack_connect cap but the ability to manage modules are prompted to connect Jetpack.

Steps to reproduce the issue

  • Start with a site that's not connected
  • Add the following snippet to remove the jetpack_connect cap from all users:
add_filter( 'map_meta_cap', function( $caps, $cap, $user_id, $args ) {
    if ( 'jetpack_connect' === $cap ) {
        return [ 'do_not_allow' ];
    }
    return $caps;
}, 10, 4 );
  • Go to the Jetpack page in the Dashboard
  • The prompts to connect Jetpack should not be visible but they are.

Looks like we need to add a cap check here (https://github.com/Automattic/jetpack/blob/master/_inc/client/main.jsx#L167-L173) to make sure that the user has the connect permissions.
@jeherve jeherve added Admin Page React-powered dashboard under the Jetpack menu [Pri] Low [Type] Bug When a feature is broken and / or not performing as intended [Type] Janitorial labels Oct 30, 2017
@mjangda mjangda mentioned this issue Jan 11, 2018
Closed
4 tasks
@jeherve jeherve added the Connect Flow Connection banners, buttons, ... label Feb 23, 2018
zinigor added a commit that referenced this issue Mar 20, 2018
@zinigor
Not showing connection view if the user cannot connect.
faea43e 
Fixes #8066.

This PR adds a check to the connection view condition. Before we would not show anything to the user if they could not manage modules. Now we add the connect privilege check here as well, so the same thing happens if a user does not have the 'jetpack_connect' cap.
@zinigor zinigor mentioned this issue Mar 20, 2018
Merged
dereksmart pushed a commit that referenced this issue Mar 26, 2018
@zinigor @dereksmart
Not showing connection view if the user cannot connect. (#9102)
69e7a4d 
* Not showing connection view if the user cannot connect.

Fixes #8066.

This PR adds a check to the connection view condition. Before we would not show anything to the user if they could not manage modules. Now we add the connect privilege check here as well, so the same thing happens if a user does not have the 'jetpack_connect' cap.

* Modified the privilege to check for connect cap instead of module management.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dereksmart dereksmart

Labels
Admin Page React-powered dashboard under the Jetpack menu Connect Flow Connection banners, buttons, ... [Focus] FixTheFlows [Pri] Low [Type] Bug When a feature is broken and / or not performing as intended [Type] Janitorial
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mjangda @jeherve @dereksmart