REST API: Use posts endpoint for reusable blocks #10751
Conversation
aduth
added
[Feature] Synced Patterns
aduth
requested review from
danielbachhuber,
youknowriad,
desrosj and
noisysocks
|
This wouldn’t by any chance fix (or be a step in fixing) the issue with preserving nested blocks when converting reusable blocks to regular blocks? (holding thumbs but is pretty sure it has nothing to do with that issue |
|
This is a refactoring change. It should have no impact (for better or worse) on existing UI behavior. |
|
Good thing I searched GitHub before working on literally this! 😛 There's no reason to have the custom endpoint. It stems from a time when it wasn't yet clear that reusable blocks would literally be mini Gutenberg posts that are embedded into a larger Gutenberg post. Will review and test this now. Let's get it in for the API freeze.
Not sure how we'd deprecate this without changing the URL, which isn't ideal. Maybe we could add an |
There was a problem hiding this comment.
This works great! 👏
I left some suggestions for improvements—I'd really like if we kept the test_capabilities integration test so that it's hard to introduce a security regression down the line.
I suggest we wait for 4.2 to merge this and add a warning to 4.1 which logs that the route is changing.
| * | ||
| * @dataProvider data_capabilities | ||
| */ | ||
| public function test_capabilities( $action, $role, $expected_status ) { |
There was a problem hiding this comment.
I'd like to keep this integration test.
Restored in e3b1279.
For what it's worth, it did prove to be a very useful test! I had found we in-fact need the controller for check_read_permission, because the default REST post controller otherwise ignores capabilities if the post is published.
Discussed in Slack:
https://wordpress.slack.com/archives/C02RQC26G/p1539972633000100
| 'supports' => array( | ||
| 'title', | ||
| 'editor', | ||
| ), |
There was a problem hiding this comment.
Because the CPT now supports title and editor, we can go a step further and remove this line from gutenberg.php:267:
unset( $actions['edit'] );This PR would then close #9964.
There was a problem hiding this comment.
Because the CPT now supports
titleandeditor, we can go a step further and remove this line fromgutenberg.php:267:
Updated in c8ad73a
There was a problem hiding this comment.
Sorry, I spoke too soon! 😅
I'm noticing two small regressions:
- When exporting a reusable block as JSON, the saved file name is always
json.jsoninstead of e.g.my-reusable-block.json. - Importing a reusable block from JSON always fails with Invalid Reusable Block JSON file.
| @@ -184,7 +184,10 @@ export const deleteReusableBlocks = async ( action, store ) => { | |||
| ] ) ); | |||
|
|
|||
| try { | |||
| await apiFetch( { path: `/wp/v2/${ postType.rest_base }/${ id }`, method: 'DELETE' } ); | |||
| await apiFetch( { | |||
| path: `/wp/v2/${ postType.rest_base }/${ id }?force=true`, | |||
There was a problem hiding this comment.
Thinking about this some more, I think we should remove the ?force=true so that deleting a reusable block in Gutenberg matches what happens when you delete a reusable block in the Manage Reusable Blocks interface.
There was a problem hiding this comment.
I'm okay with this. As alluded to, seems like it would make sense to have this be controlled at the post-type level, for the sort of consistency you note. In the meantime, letting "Trashed" do its thing seems quite okay with me.
There was a problem hiding this comment.
Related to this one, we'll need to do similar with the forced "Published" status.
| @@ -8,7 +8,7 @@ | |||
| /** | |||
| * Tests for WP_REST_Blocks_Controller. | |||
| */ | |||
| class REST_Blocks_Controller_Test extends WP_Test_REST_Controller_Testcase { | |||
| class REST_Blocks_Controller_Test extends WP_UnitTestCase { | |||
There was a problem hiding this comment.
This change might make someone somewhere upset, but implementing 9 abstract methods when the controller implements only check_read_permission is excessive, and would hint more at unreliability of tests for the extended posts controller.
There was a problem hiding this comment.
implementing 9 abstract methods when the controller implements only
check_read_permissionis excessive, and would hint more at unreliability of tests for the extended posts controller.
Yeah, it's annoying. We can improve upon it at some point.
There was a problem hiding this comment.
I guess another option could be extending WP_Test_REST_Posts_Controller, to inherit the tests implemented there we're assuming for our controller. Still lots of redundancy.
Or another way to signal "this is already tested elsewhere"? Extend WP_Test_REST_Controller_Testcase with the methods implemented as simple $this->skip with a message explaining?
(Not going to let this block merge)
aduth
dismissed
noisysocks’s stale review
Feedback addressed. Separate technical review.
|
Thanks @aduth! Looks great. |
* REST API: Use posts endpoint for reusable blocks * REST: Restore WP_REST_Blocks_Controller for permissions check * Reusable Blocks: Enable post listing edit * Reusable Blocks: Trash on delete action * List Reusable Blocks: Provide context to post request * Reusable Blocks: Verify edit capability on export action * List Reusable Blocks: Import as published
Related: #7453
Related: https://core.trac.wordpress.org/ticket/45098
This pull request seeks to refactor reusable blocks to avoid the need for (and thus enable removal of) the blocks API controller, in favor of the existing posts controller. Edit 2018-10-20: The controller class remains, solely for its custom
check_read_permissionimplementation to avoid public visibility of published reusable blocks.In implementing these changes, the custom controller was found to be used to:
id,title,content)titleandcontentfields (rawstring used, no object ofraw/rendered)My assessment of this is:
wp_blocktype to be able to view it in the editor, or to export the block. This is because the raw content (post.content.raw) is only included when thecontext=editparameter is passedPost type supports
titleandeditorwere required to be added for thetitleandcontentfields to be included in the REST response [1] [2]. See also related discussion in #9964 (the changes here enable a Gutenberg editor for the Reusable Blocks management experience, thereby effectively closing #9964).Open questions:
Should there be / how would there be a deprecation migration period for the controller removal?
Testing Instructions:
Verify no regressions in behavior of reusable blocks: