Updating and reorganizing CAP tweaks #3238
Conversation
leogermani
added
the
[Status] Needs Review
|
|
||
| \add_role( // phpcs:ignore WordPressVIPMinimum.Functions.RestrictedFunctions.custom_role_add_role | ||
| self::CONTRIBUTOR_NO_EDIT_ROLE_NAME, | ||
| __( 'Guest Author', 'newspack-plugin' ), |
There was a problem hiding this comment.
This role is called "Non-Editing Contributor" now, it was already communicated as such to our publishers. It's intentionally different than "Guest Authors" to underline that it's something else than CoAuthors-Plus' Guest Authors. Someone used to creating Guest Authors should be directed to use this new feature instead, not confused by the familiar label cropping up in a different place.
There was a problem hiding this comment.
I understand that, and the change here was also intentional.
The new overridden Guest Authors page point the user to use the Guest Authors role instead, so this change makes it consistent.
We are actually moving a feature the user knows from one place to another. Guest Authors used to live here, and now it lives there, but it's the same thing.
What could/should be called "Non-Editing Contributors" are users that have another "non editor" role but are cherry picked to be able to assigned as co authors (get the custom capability). Maybe we could add a section in their user profile to allow admins to grand this capability without the need of third-party plugins.
But these are just names. If you want we can keep the name and discuss it further. We just need to also change it in the new Guest Authors page replacement
| } | ||
|
|
||
| if ( in_array( self::CONTRIBUTOR_NO_EDIT_ROLE_NAME, $user->roles, true ) ) { | ||
| return new WP_Error( 'guest_authors_cannot_login', __( 'Guest authors cannot login.', 'newspack-plugin' ) ); |
There was a problem hiding this comment.
Why shouldn't these users be allowed to log in? The goal of the original implementation, in line with the requirements, was to allow any user to become assignable to posts. Many sites have users who are subscribers (should be able to manage their subscriptions), but they've contributed to an article and are listed as authors. They should still be able to log in and manage their subscriptions. The only thing they should not be able to do is editing posts.
There was a problem hiding this comment.
We are blocking the users with this role from logging in, just as we are not event allowing a password to be set.
User with the custom capability that allows them to be assigned as co authors can still login. They are not affected.
There was a problem hiding this comment.
User with the custom capability that allows them to be assigned as co authors can still login.
But users with multiple roles (e.g. subscriber,contributor_no_edit) won't be able to log in, and should.
Co-authored-by: Adam Cassis <adam.cassis@automattic.com>
|
Should have asked earlier – the testing instructions state:
How to do it in WP Admin UI, as a "non-technical user"? |
Using a plugin that manages roles and capabilities. But as I said I think we should add an option in the edit user screen. |
I'm using Another issue with this approach is that it makes it impossible for the publisher to see which users are assignable to posts in the WP Admin Users view. It can be filtered by roles, but not by capabilities. |
|
closed in favor of #3277 See pemhSX-Sz-p2 |
All Submissions:
Changes proposed in this Pull Request:
Improves our implementation of an alternative to CAP Guest Authors.
How to test the changes in this Pull Request:
define( 'NEWSPACK_DISABLE_CAP_GUEST_AUTHORS', true );to wp-config-- test author cap ---
Add the edit_cap_posts capability to a subscribe user and confirm you can assign them as coauthors. Remove the capability and make sure you no longer can.
Make sure all other roles that can edit posts still can be assigned as coauthors.
-- test user account deletion --
Login as subscriber with the special cap and try to delete its account. Confirm you get a message saying you can't
Other information: