-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ability to preview template in post editor for non administrators #58301
Conversation
This pull request changed or added PHP files in previous commits, but none have been detected in the latest commit. Thank you! ❤️ |
Size Change: +241 B (0%) Total Size: 1.71 MB
ℹ️ View Unchanged
|
This comment was marked as outdated.
This comment was marked as outdated.
|
||
/** | ||
* Checks if a given request has access to read templates. | ||
* | ||
* @since 6.5 | ||
* | ||
* @param WP_REST_Request $request Full details about the request. | ||
* @return true|WP_Error True if the request has read access, WP_Error object otherwise. | ||
*/ | ||
public function get_items_permissions_check( $request ) { | ||
/* | ||
* Allow access to anyone who can edit posts. | ||
*/ | ||
if ( ! current_user_can( 'edit_posts' ) ) { | ||
return new WP_Error( | ||
'rest_cannot_manage_templates', | ||
__( 'Sorry, you are not allowed to access the templates on this site.' ), | ||
array( | ||
'status' => rest_authorization_required_code(), | ||
) | ||
); | ||
} | ||
|
||
return true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm aware this isn't the right spot for this. Though since the template controler was already extended I'm not sure where else to put it
This comment was marked as outdated.
This comment was marked as outdated.
@@ -67,11 +69,52 @@ function ReplaceButton( { | |||
); | |||
} | |||
|
|||
function NonEditableTemplatePartPreview( { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This preview component does not handle the case where a template part is missing
Flaky tests detected in 1c49cb7. 🔍 Workflow run URL: https://github.com/WordPress/gutenberg/actions/runs/7905740385
|
It would be great if someone could test whether this patch solves #51886 as well. It regards a similar permissions error when the user can edit templates but not create them. |
Just noting here that in testing there are a few more todos: The following data api requests still seem to require updating so that they use context view & are allowed for non admins:
I assume some of these will require additional updates to blocks such as I have already started implementing for the template block to essentially create a view only version of the block. |
bf754e7
to
ed09b21
Compare
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message.
To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
96427ae
to
3d32767
Compare
export function useEntityBlockEditor( | ||
kind, | ||
name, | ||
{ id: _id, context = 'edit' } = {} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't like the context prop too much here. It's also weird to pass context: view
to getEditedEntityRecord
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I actually think this hook is probably not for "previewing" but should only be used for "editing".
@@ -123,6 +166,23 @@ export default function TemplatePartEdit( { | |||
const isEntityAvailable = ! isPlaceholder && ! isMissing && isResolved; | |||
const TagName = tagName || areaObject.tagName; | |||
|
|||
if ( ! canEditTemplatePart && canViewTemplatePart ) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What happens if you can't view or edit, is there even a world where you can't view a template part? Aren't these public?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Curretly Template parts have the same rest restrictions as templates. They are both locked down so only admins can view them.
With my update template parts and templates can now be viewed by any user that has the capability to edit_posts
. Which is every user that also can open the editor in the first place. So there will never be a cicrumstance where someone cannot view the template
const [ defaultLayout ] = useSettings( 'layout' ); | ||
const usedLayout = layout?.inherit ? defaultLayout || {} : layout; | ||
|
||
const [ blocks ] = useEntityBlockEditor( 'postType', 'wp_template_part', { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can't we just retrieve the "blocks" property from the entity without using this hook.
@@ -72,4 +72,54 @@ protected function prepare_revision_links( $template ) { | |||
|
|||
return $links; | |||
} | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What are these changes about. Also we can't make edits to files in old compat folders. If we want to make updates to this controller, we'd have to create a new class on top of this one in the wordpress-6.6
folder.
After speaking with @youknowriad for a moment I agree that the scope of this fix is too large to get into 6.5 in the beta period. Therefore I'm removig it from the 6.5 Project board. |
…h `edit_posts` capability to view templates
…hen user can view template
…view but not edit them
The variable needs to be accepted in order to not run into the fatal error: Fatal error: Declaration of Gutenberg_REST_Templates_Controller_6_4::get_items_permissions_check() must be compatible with WP_REST_Templates_Controller::get_items_permissions_check($request) in /var/www/html/wp-content/plugins/gutenberg/lib/compat/wordpress-6.4/class-gutenberg-rest-templates-controller-6-4.php on line 83
1c49cb7
to
dd22cab
Compare
Hey @youknowriad 👋 Now that we are past the crunch mode that was getting all the things into 6.5 I'd love to get back to moving this issue here forward. But I'm at a point where I need some additional help/insights on how to best move this forward. This is touching quite a few different areas and so I want to make sure we have time to test this in the shortend release cycle for 6.6. Thanks in advance for any guidance / help :) |
Sounds good to me @fabiankaegy The way I'd approach it is to consider the current PR as POC and extract smaller bits from it. The first one seems to be the update to the REST API controller. Let's consider splitting this one into its own PR to get eyes from REST API and/or Core folks. Once that change is approved, the rest can either land in a single PR or a couple (maybe template part "preview" mode can be done in its own PR as well) |
What?
Since we found an alternative solution to fix the issue that editors were not able to select a template in the post editor anymore, this PR now is focused on bringing the ability to preview a post to non administrator roles also.
Closing: #58037
Why?
wp_template
post type rest API permissions to allow anyone with theedit_posts
role to view it.template part
block to have a new preview only mode for anyone that doesn't have permission to edit the templateTesting Instructions
Testing Instructions for Keyboard
Screenshots or screencast