Site Editor: Add user capability check for the Export feature #69107
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Mamaduka
commented
Feb 8, 2025
Comment on lines
+520
to
+525
| // Allows checking permissions for non-default (`/wp/v2`) namespaces | ||
| // such as `/wp-block-editor/v1`. | ||
| const isCustomNamespace = !! resource?.startsWith( '/' ); | ||
| resourcePath = | ||
| ( isCustomNamespace ? resource : `/wp/v2/${ resource }` ) + | ||
| ( id ? '/' + id : '' ); |
There was a problem hiding this comment.
This was resolved mainly by entity resource object support, but a couple of REST APIs that use custom namespaces remain in the core. While not ideal, using an entity registry for the export endpoint doesn't make sense.
@youknowriad, @tyxla, @jsnajdr I would love to hear your thoughts on this. Should I extract it into a separate PR?
There was a problem hiding this comment.
I might not understand correctly, but similar to getNAvigationFallbackId, what do you think of the approach of creating something like canExport as a private API and accessing the v1 endpoints through that?
There was a problem hiding this comment.
That's one option. Another is to use the rel link in the theme endpoint - https://core.trac.wordpress.org/ticket/57379#comment:10.
There was a problem hiding this comment.
Sorry that my understanding is insufficient and I can't provide appropriate feedback, but if changing the endpoint itself is required to achieve the approach using rel, I would lean towards either the current approach or adding a private API.
Or, I think it can be solved by executing apiFetch directly, but would that be redundant?
|
Size Change: +49 B (0%) Total Size: 1.84 MB
ℹ️ View Unchanged
|
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the Unlinked AccountsThe following contributors have not linked their GitHub and WordPress.org accounts: @unsalkorkmaz. Contributors, please read how to link your accounts to ensure your work is properly credited in WordPress releases. If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message. To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
3282043 to
e331a9b
Compare
|
I'd like to commit the PR located in Trac ticket 57379 early in the beta cycle, and if possible before beta 1. AFAIK, the Trac ticket is quite independent from this PR, @Mamaduka what do you think? Should we wait for this to be committed on Gutenberg first or should I go ahead and commit? |
|
@audrasjb, it makes sense to commit the Trac ticket. This bug fix can ship later in the cycle. |
|
Punting this to the next major release. |
|
Closing in favor of #69971. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What?
Closes #46661.
Related https://core.trac.wordpress.org/ticket/57379.
PR adds a user capability check for the Export feature in the Site Editor. Users without export capabilities will not be able to use this feature.
How
canUserresolve to support custom REST namespaces, such as/wp-block-editor/v1. The logic is very basic and should be used only internally.SiteExportcomponent.Testing Instructions
wp-envto run the latest WP alpha.exportcap for Administrators -wp cap remove administrator export.wp role reset administratorTesting Instructions for Keyboard
Same.
Screenshots or screencast