Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Core Data: Resolve entity collection user permissions #64504

Merged
merged 12 commits into from
Aug 27, 2024
3 changes: 3 additions & 0 deletions backport-changelog/6.7/7139.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
https://github.com/WordPress/wordpress-develop/pull/7139

* https://github.com/WordPress/gutenberg/pull/64504
169 changes: 169 additions & 0 deletions lib/compat/wordpress-6.7/class-gutenberg-rest-server.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,169 @@
<?php
/**
* A custom REST server for Gutenberg.
*
* @package gutenberg
* @since 6.7.0
*/

class Gutenberg_REST_Server extends WP_REST_Server {
/**
* Converts a response to data to send.
*
* @since 4.4.0
* @since 5.4.0 The `$embed` parameter can now contain a list of link relations to include.
*
* @param WP_REST_Response $response Response object.
* @param bool|string[] $embed Whether to embed all links, a filtered list of link relations, or no links.
* @return array {
* Data with sub-requests embedded.
*
* @type array $_links Links.
* @type array $_embedded Embedded objects.
* }
*/
// @core-merge: Do not merge. The method is copied here to fix the inheritance issue.
public function response_to_data( $response, $embed ) {
$data = $response->get_data();
$links = static::get_compact_response_links( $response );

if ( ! empty( $links ) ) {
// Convert links to part of the data.
$data['_links'] = $links;
}

if ( $embed ) {
$this->embed_cache = array();
// Determine if this is a numeric array.
if ( wp_is_numeric_array( $data ) ) {
foreach ( $data as $key => $item ) {
$data[ $key ] = $this->embed_links( $item, $embed );
}
} else {
$data = $this->embed_links( $data, $embed );
}
$this->embed_cache = array();
}

return $data;
}

/**
* Retrieves links from a response.
*
* Extracts the links from a response into a structured hash, suitable for
* direct output.
*
* @since 4.4.0
* @since 6.7.0 The `targetHints` property to the `self` link object was added.
*
* @param WP_REST_Response $response Response to extract links from.
* @return array Map of link relation to list of link hashes.
*/
public static function get_response_links( $response ) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any tests for this? When this should get into core, there need to be tests.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

100%. I would like to do that, though I'm unsure what the best approach is. Maybe @TimothyBJacobs has some suggestions.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I pushed a commit with some tests.

$links = $response->get_links();

if ( empty( $links ) ) {
return array();
}

$server = rest_get_server();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this method is not static, $server can literally be $this, no?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we need an instantiated server here (which rest_get_server provides) and not a reference to the current class.

I copied this from WordPress/wordpress-develop#7139, so I might be bit wrong about reasoning 😅

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, this is not a new method, but an overriede of an existing Core method which is static. So this needs to stay static, hence why we get access to the server via rest_get_server().


// Convert links to part of the data.
$data = array();
foreach ( $links as $rel => $items ) {
$data[ $rel ] = array();

foreach ( $items as $item ) {
$attributes = $item['attributes'];
$attributes['href'] = $item['href'];

if ( 'self' !== $rel ) {
$data[ $rel ][] = $attributes;
continue;
}

// Prefer targetHints that were specifically designated by the developer.
if ( isset( $attributes['targetHints']['allow'] ) ) {
$data[ $rel ][] = $attributes;
continue;
}

$request = WP_REST_Request::from_url( $item['href'] );
if ( ! $request ) {
$data[ $rel ][] = $attributes;
continue;
}

$match = $server->match_request_to_handler( $request );
if ( ! is_wp_error( $match ) ) {
$response = new WP_REST_Response();
$response->set_matched_route( $match[0] );
$response->set_matched_handler( $match[1] );
$headers = rest_send_allow_header( $response, $server, $request )->get_headers();

foreach ( $headers as $name => $value ) {
$name = WP_REST_Request::canonicalize_header_name( $name );
$attributes['targetHints'][ $name ] = array_map( 'trim', explode( ',', $value ) );
}
}

$data[ $rel ][] = $attributes;
}
}

return $data;
}

/**
* Retrieves the CURIEs (compact URIs) used for relations.
*
* Extracts the links from a response into a structured hash, suitable for
* direct output.
*
* @since 4.5.0
*
* @param WP_REST_Response $response Response to extract links from.
* @return array Map of link relation to list of link hashes.
*/
// @core-merge: Do not merge. The method is copied here to fix the inheritance issue.
public static function get_compact_response_links( $response ) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a good reason to keep these methods static?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think they've been static since REST API got merged in the core. They need to remain static; otherwise, we'll break backward compatibility.

P.S. I had to copy two extra methods because of how the inheritance of self vs static keywords works. See: https://www.php.net/manual/en/language.oop5.late-static-bindings.php.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, exactly that.

$links = static::get_response_links( $response );

if ( empty( $links ) ) {
return array();
}

$curies = $response->get_curies();
$used_curies = array();

foreach ( $links as $rel => $items ) {

// Convert $rel URIs to their compact versions if they exist.
foreach ( $curies as $curie ) {
$href_prefix = substr( $curie['href'], 0, strpos( $curie['href'], '{rel}' ) );
if ( ! str_starts_with( $rel, $href_prefix ) ) {
continue;
}

// Relation now changes from '$uri' to '$curie:$relation'.
$rel_regex = str_replace( '\{rel\}', '(.+)', preg_quote( $curie['href'], '!' ) );
preg_match( '!' . $rel_regex . '!', $rel, $matches );
if ( $matches ) {
$new_rel = $curie['name'] . ':' . $matches[1];
$used_curies[ $curie['name'] ] = $curie;
$links[ $new_rel ] = $items;
unset( $links[ $rel ] );
break;
}
}
}

// Push the curies onto the start of the links array.
if ( $used_curies ) {
$links['curies'] = array_values( $used_curies );
}

return $links;
}
}
10 changes: 10 additions & 0 deletions lib/compat/wordpress-6.7/rest-api.php
Original file line number Diff line number Diff line change
Expand Up @@ -98,3 +98,13 @@ function gutenberg_register_wp_rest_templates_controller_plugin_field() {
);
}
add_action( 'rest_api_init', 'gutenberg_register_wp_rest_templates_controller_plugin_field' );

/**
* Overrides the default 'WP_REST_Server' class.
*
* @return string The name of the custom server class.
*/
function gutenberg_override_default_rest_server() {
return 'Gutenberg_REST_Server';
}
add_filter( 'wp_rest_server_class', 'gutenberg_override_default_rest_server' );
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Won't this break any pre-existing code that declares their own custom WP_REST_Server?

Example usage in existing plugin directory: https://wpdirectory.net/search/01J5R1B8MEEW01RJ3WZDC2XPY8

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The same is true for every REST API override in the Gutenberg plugin. Come with the project that builds a new WP in a plugin.

We can use a low-priority filter here (0 or 1) and prioritize other integrations, but this would mean not shipping enhancement for those plugins.

As far as I know, server overrides should be rare in plugins unless they're shipping their custom server.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A low priority sounds like a good compromise. Hopefully, there will be little to no overlap.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I updated the hook priority. I also checked most of the plugins from the directory results, and none of them actually override the server class. But there will be some cases that aren't part of the plugin directory.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Better be safe than sorry. Nice to see that most of these plugin directory instances were actually tests.

1 change: 1 addition & 0 deletions lib/load.php
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ function gutenberg_is_experiment_enabled( $name ) {

// WordPress 6.7 compat.
require __DIR__ . '/compat/wordpress-6.7/class-gutenberg-rest-templates-controller-6-7.php';
require __DIR__ . '/compat/wordpress-6.7/class-gutenberg-rest-server.php';
require __DIR__ . '/compat/wordpress-6.7/rest-api.php';

// Plugin specific code.
Expand Down
50 changes: 45 additions & 5 deletions packages/core-data/src/resolvers.js
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ import {
forwardResolver,
getNormalizedCommaSeparable,
getUserPermissionCacheKey,
getUserPermissionsFromResponse,
getUserPermissionsFromAllowHeader,
ALLOWED_RESOURCE_ACTIONS,
} from './utils';
import { getSyncProvider } from './sync';
Expand Down Expand Up @@ -173,7 +173,9 @@ export const getEntityRecord =

const response = await apiFetch( { path, parse: false } );
const record = await response.json();
const permissions = getUserPermissionsFromResponse( response );
const permissions = getUserPermissionsFromAllowHeader(
response.headers?.get( 'allow' )
);

registry.batch( () => {
dispatch.receiveEntityRecords( kind, name, record, query );
Expand Down Expand Up @@ -299,19 +301,52 @@ export const getEntityRecords =
meta
);

// When requesting all fields, the list of results can be used to
// resolve the `getEntityRecord` selector in addition to `getEntityRecords`.
// When requesting all fields, the list of results can be used to resolve
// the `getEntityRecord` and `canUser` selectors in addition to `getEntityRecords`.
// See https://github.com/WordPress/gutenberg/pull/26575
// See https://github.com/WordPress/gutenberg/pull/64504
if ( ! query?._fields && ! query.context ) {
const key = entityConfig.key || DEFAULT_ENTITY_KEY;
const resolutionsArgs = records
.filter( ( record ) => record?.[ key ] )
.map( ( record ) => [ kind, name, record[ key ] ] );

const targetHints = records
.filter( ( record ) => record?.[ key ] )
.map( ( record ) => ( {
id: record[ key ],
permissions: getUserPermissionsFromAllowHeader(
record?._links?.self?.[ 0 ].targetHints.allow
),
} ) );

const canUserResolutionsArgs = [];
for ( const targetHint of targetHints ) {
for ( const action of ALLOWED_RESOURCE_ACTIONS ) {
canUserResolutionsArgs.push( [
action,
{ kind, name, id: targetHint.id },
] );

dispatch.receiveUserPermission(
getUserPermissionCacheKey( action, {
kind,
name,
id: targetHint.id,
} ),
targetHint.permissions[ action ]
);
}
}

dispatch.finishResolutions(
'getEntityRecord',
resolutionsArgs
);
dispatch.finishResolutions(
'canUser',
canUserResolutionsArgs
);
}

dispatch.__unstableReleaseStoreLock( lock );
Expand Down Expand Up @@ -440,7 +475,12 @@ export const canUser =
return;
}

const permissions = getUserPermissionsFromResponse( response );
// Optional chaining operator is used here because the API requests don't
// return the expected result in the React native version. Instead, API requests
// only return the result, without including response properties like the headers.
const permissions = getUserPermissionsFromAllowHeader(
response.headers?.get( 'allow' )
);
registry.batch( () => {
for ( const action of ALLOWED_RESOURCE_ACTIONS ) {
const key = getUserPermissionCacheKey( action, resource, id );
Expand Down
1 change: 1 addition & 0 deletions packages/core-data/src/test/resolvers.js
Original file line number Diff line number Diff line change
Expand Up @@ -219,6 +219,7 @@ describe( 'getEntityRecords', () => {
const finishResolutions = jest.fn();
const dispatch = Object.assign( jest.fn(), {
receiveEntityRecords: jest.fn(),
receiveUserPermission: jest.fn(),
__unstableAcquireStoreLock: jest.fn(),
__unstableReleaseStoreLock: jest.fn(),
finishResolutions,
Expand Down
2 changes: 1 addition & 1 deletion packages/core-data/src/utils/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,6 @@ export { default as getNestedValue } from './get-nested-value';
export { default as isNumericID } from './is-numeric-id';
export {
getUserPermissionCacheKey,
getUserPermissionsFromResponse,
getUserPermissionsFromAllowHeader,
ALLOWED_RESOURCE_ACTIONS,
} from './user-permissions';
10 changes: 4 additions & 6 deletions packages/core-data/src/utils/user-permissions.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,11 @@ export const ALLOWED_RESOURCE_ACTIONS = [
'delete',
];

export function getUserPermissionsFromResponse( response ) {
export function getUserPermissionsFromAllowHeader( allowedMethods ) {
const permissions = {};

// Optional chaining operator is used here because the API requests don't
// return the expected result in the React native version. Instead, API requests
// only return the result, without including response properties like the headers.
const allowedMethods = response.headers?.get( 'allow' ) || '';
if ( ! allowedMethods ) {
return permissions;
}

const methods = {
create: 'POST',
Expand Down
Loading