From 6541fb6d7ad8bf9ac2388866147dbb9dfc5ea956 Mon Sep 17 00:00:00 2001 From: Spenser Hale Date: Fri, 4 Oct 2024 12:22:31 -0700 Subject: [PATCH] feat: allow defining of settings capability Introduces const WP_STREAM_SETTINGS_CAPABILITY to allow site owners to set more granular control on who can manage Stream's settings. --- classes/class-admin.php | 4 ++-- classes/class-alerts.php | 2 +- readme.md | 8 ++++++++ stream.php | 7 +++++++ 4 files changed, 18 insertions(+), 3 deletions(-) diff --git a/classes/class-admin.php b/classes/class-admin.php index ec4088c7e..dd685ff84 100644 --- a/classes/class-admin.php +++ b/classes/class-admin.php @@ -110,11 +110,11 @@ class Admin { public $view_cap = 'view_stream'; /** - * Capability name for viewing settings + * Capability name for managing settings * * @var string */ - public $settings_cap = 'manage_options'; + public $settings_cap = WP_STREAM_SETTINGS_CAPABILITY; /** * Total amount of authors to pre-load diff --git a/classes/class-alerts.php b/classes/class-alerts.php index 8d058dc94..ae25e387b 100644 --- a/classes/class-alerts.php +++ b/classes/class-alerts.php @@ -27,7 +27,7 @@ class Alerts { /** * Capability required to access alerts. */ - const CAPABILITY = 'manage_options'; + const CAPABILITY = WP_STREAM_SETTINGS_CAPABILITY; /** * Holds Instance of plugin object diff --git a/readme.md b/readme.md index 1768a0d60..b39bed873 100755 --- a/readme.md +++ b/readme.md @@ -16,6 +16,14 @@ View the [plugin description on WordPress.org](https://wordpress.org/plugins/str A list of the connectors is in [connectors.md](connectors.md). +### Configuration + +To customize who can manage Stream settings, you can define the `WP_STREAM_SETTINGS_CAPABILITY` constant in your `wp-config.php` file. By default, capability will be set to `manage_options`. + +```php +define('WP_STREAM_SETTINGS_CAPABILITY', 'wp_stream_manage_settings'); +``` + ## Known Issues - We have temporarily disabled the data removal feature through plugin uninstallation, starting with version 3.9.3. We identified a few edge cases that did not behave as expected and we decided that a temporary removal is preferable at this time for such an impactful and irreversible operation. Our team is actively working on refining this feature to ensure it performs optimally and securely. We plan to reintroduce it in a future update with enhanced safeguards. diff --git a/stream.php b/stream.php index c39c0bf90..3bc6002dc 100644 --- a/stream.php +++ b/stream.php @@ -31,6 +31,13 @@ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ +/** + * Configuration Constants + */ +if ( ! defined( 'WP_STREAM_SETTINGS_CAPABILITY' ) ) { + define( 'WP_STREAM_SETTINGS_CAPABILITY', 'manage_options' ); +} + const WP_STREAM_MIN_PHP_VERSION = '7.0'; if ( version_compare( PHP_VERSION, WP_STREAM_MIN_PHP_VERSION, '<' ) ) {