Add ability to preview template in post editor for non administrators #58301
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
fabiankaegy
added
the
[Type] Bug
|
This pull request changed or added PHP files in previous commits, but none have been detected in the latest commit. Thank you! ❤️ |
|
Size Change: +241 B (0%) Total Size: 1.71 MB
ℹ️ View Unchanged
|
This comment was marked as outdated.
This comment was marked as outdated.
fabiankaegy
commented
Jan 26, 2024
Comment on lines
75
to
97
|
|
||
| /** | ||
| * Checks if a given request has access to read templates. | ||
| * | ||
| * @since 6.5 | ||
| * | ||
| * @param WP_REST_Request $request Full details about the request. | ||
| * @return true|WP_Error True if the request has read access, WP_Error object otherwise. | ||
| */ | ||
| public function get_items_permissions_check( $request ) { | ||
| /* | ||
| * Allow access to anyone who can edit posts. | ||
| */ | ||
| if ( ! current_user_can( 'edit_posts' ) ) { | ||
| return new WP_Error( | ||
| 'rest_cannot_manage_templates', | ||
| __( 'Sorry, you are not allowed to access the templates on this site.' ), | ||
| array( | ||
| 'status' => rest_authorization_required_code(), | ||
| ) | ||
| ); | ||
| } | ||
|
|
||
| return true; |
There was a problem hiding this comment.
I'm aware this isn't the right spot for this. Though since the template controler was already extended I'm not sure where else to put it
This comment was marked as outdated.
This comment was marked as outdated.
fabiankaegy
requested review from
spacedmonkey,
ajitbohra and
nerrad
as code owners
fabiankaegy
commented
Jan 26, 2024
| @@ -67,11 +69,52 @@ function ReplaceButton( { | |||
| ); | |||
| } | |||
|
|
|||
| function NonEditableTemplatePartPreview( { | |||
There was a problem hiding this comment.
This preview component does not handle the case where a template part is missing
|
Flaky tests detected in 1c49cb7. 🔍 Workflow run URL: https://github.com/WordPress/gutenberg/actions/runs/7905740385
|
|
It would be great if someone could test whether this patch solves #51886 as well. It regards a similar permissions error when the user can edit templates but not create them. |
|
Just noting here that in testing there are a few more todos:
The following data api requests still seem to require updating so that they use context view & are allowed for non admins:
I assume some of these will require additional updates to blocks such as I have already started implementing for the template block to essentially create a view only version of the block. |
fabiankaegy
changed the title
fabiankaegy
added
[Type] Enhancement
fabiankaegy
requested review from
draganescu,
Mamaduka,
getdave,
glendaviesnz and
ntsekouras
fabiankaegy
force-pushed
the
fix/template-selection-for-non-administrators
branch
2 times, most recently
from
bf754e7
to
ed09b21
Compare
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message. To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
fabiankaegy
force-pushed
the
fix/template-selection-for-non-administrators
branch
2 times, most recently
from
96427ae
to
3d32767
Compare
fabiankaegy
added
[Type] Bug
youknowriad
reviewed
Feb 14, 2024
| export function useEntityBlockEditor( | ||
| kind, | ||
| name, | ||
| { id: _id, context = 'edit' } = {} |
There was a problem hiding this comment.
I don't like the context prop too much here. It's also weird to pass context: view to getEditedEntityRecord.
There was a problem hiding this comment.
I actually think this hook is probably not for "previewing" but should only be used for "editing".
| @@ -123,6 +166,23 @@ export default function TemplatePartEdit( { | |||
| const isEntityAvailable = ! isPlaceholder && ! isMissing && isResolved; | |||
| const TagName = tagName || areaObject.tagName; | |||
|
|
|||
| if ( ! canEditTemplatePart && canViewTemplatePart ) { | |||
There was a problem hiding this comment.
What happens if you can't view or edit, is there even a world where you can't view a template part? Aren't these public?
There was a problem hiding this comment.
Curretly Template parts have the same rest restrictions as templates. They are both locked down so only admins can view them.
With my update template parts and templates can now be viewed by any user that has the capability to edit_posts. Which is every user that also can open the editor in the first place. So there will never be a cicrumstance where someone cannot view the template
| const [ defaultLayout ] = useSettings( 'layout' ); | ||
| const usedLayout = layout?.inherit ? defaultLayout || {} : layout; | ||
|
|
||
| const [ blocks ] = useEntityBlockEditor( 'postType', 'wp_template_part', { |
There was a problem hiding this comment.
Can't we just retrieve the "blocks" property from the entity without using this hook.
| @@ -72,4 +72,54 @@ protected function prepare_revision_links( $template ) { | |||
|
|
|||
| return $links; | |||
| } | |||
|
|
|||
There was a problem hiding this comment.
What are these changes about. Also we can't make edits to files in old compat folders. If we want to make updates to this controller, we'd have to create a new class on top of this one in the wordpress-6.6 folder.
|
After speaking with @youknowriad for a moment I agree that the scope of this fix is too large to get into 6.5 in the beta period. Therefore I'm removig it from the 6.5 Project board. |
…h `edit_posts` capability to view templates
…hen user can view template
…view but not edit them
The variable needs to be accepted in order to not run into the fatal error: Fatal error: Declaration of Gutenberg_REST_Templates_Controller_6_4::get_items_permissions_check() must be compatible with WP_REST_Templates_Controller::get_items_permissions_check($request) in /var/www/html/wp-content/plugins/gutenberg/lib/compat/wordpress-6.4/class-gutenberg-rest-templates-controller-6-4.php on line 83
fabiankaegy
force-pushed
the
fix/template-selection-for-non-administrators
branch
from
1c49cb7
to
dd22cab
Compare
|
Hey @youknowriad 👋 Now that we are past the crunch mode that was getting all the things into 6.5 I'd love to get back to moving this issue here forward. But I'm at a point where I need some additional help/insights on how to best move this forward. This is touching quite a few different areas and so I want to make sure we have time to test this in the shortend release cycle for 6.6. Thanks in advance for any guidance / help :) |
|
Sounds good to me @fabiankaegy The way I'd approach it is to consider the current PR as POC and extract smaller bits from it. The first one seems to be the update to the REST API controller. Let's consider splitting this one into its own PR to get eyes from REST API and/or Core folks. Once that change is approved, the rest can either land in a single PR or a couple (maybe template part "preview" mode can be done in its own PR as well) |
This was referenced Mar 29, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What?
Since we found an alternative solution to fix the issue that editors were not able to select a template in the post editor anymore, this PR now is focused on bringing the ability to preview a post to non administrator roles also.
Closing: #58037
Why?
wp_templatepost type rest API permissions to allow anyone with theedit_postsrole to view it.template partblock to have a new preview only mode for anyone that doesn't have permission to edit the templateTesting Instructions
Testing Instructions for Keyboard
Screenshots or screencast