-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updating and reorganizing CAP tweaks #3238
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like how this improves what's proposed in #3233 and the blocking of the account deletion request. The login blocking and role name changes are not needed here.
|
||
\add_role( // phpcs:ignore WordPressVIPMinimum.Functions.RestrictedFunctions.custom_role_add_role | ||
self::CONTRIBUTOR_NO_EDIT_ROLE_NAME, | ||
__( 'Guest Author', 'newspack-plugin' ), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This role is called "Non-Editing Contributor" now, it was already communicated as such to our publishers. It's intentionally different than "Guest Authors" to underline that it's something else than CoAuthors-Plus' Guest Authors. Someone used to creating Guest Authors should be directed to use this new feature instead, not confused by the familiar label cropping up in a different place.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand that, and the change here was also intentional.
The new overridden Guest Authors page point the user to use the Guest Authors role instead, so this change makes it consistent.
We are actually moving a feature the user knows from one place to another. Guest Authors used to live here, and now it lives there, but it's the same thing.
What could/should be called "Non-Editing Contributors" are users that have another "non editor" role but are cherry picked to be able to assigned as co authors (get the custom capability). Maybe we could add a section in their user profile to allow admins to grand this capability without the need of third-party plugins.
But these are just names. If you want we can keep the name and discuss it further. We just need to also change it in the new Guest Authors page replacement
} | ||
|
||
if ( in_array( self::CONTRIBUTOR_NO_EDIT_ROLE_NAME, $user->roles, true ) ) { | ||
return new WP_Error( 'guest_authors_cannot_login', __( 'Guest authors cannot login.', 'newspack-plugin' ) ); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why shouldn't these users be allowed to log in? The goal of the original implementation, in line with the requirements, was to allow any user to become assignable to posts. Many sites have users who are subscribers (should be able to manage their subscriptions), but they've contributed to an article and are listed as authors. They should still be able to log in and manage their subscriptions. The only thing they should not be able to do is editing posts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We are blocking the users with this role from logging in, just as we are not event allowing a password to be set.
User with the custom capability that allows them to be assigned as co authors can still login. They are not affected.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
User with the custom capability that allows them to be assigned as co authors can still login.
But users with multiple roles (e.g. subscriber,contributor_no_edit
) won't be able to log in, and should.
Co-authored-by: Adam Cassis <adam.cassis@automattic.com>
Should have asked earlier – the testing instructions state:
How to do it in WP Admin UI, as a "non-technical user"? |
Using a plugin that manages roles and capabilities. But as I said I think we should add an option in the edit user screen. |
I'm using Another issue with this approach is that it makes it impossible for the publisher to see which users are assignable to posts in the WP Admin Users view. It can be filtered by roles, but not by capabilities. |
closed in favor of #3277 See pemhSX-Sz-p2 |
All Submissions:
Changes proposed in this Pull Request:
Improves our implementation of an alternative to CAP Guest Authors.
How to test the changes in this Pull Request:
define( 'NEWSPACK_DISABLE_CAP_GUEST_AUTHORS', true );
to wp-config-- test author cap ---
Add the edit_cap_posts capability to a subscribe user and confirm you can assign them as coauthors. Remove the capability and make sure you no longer can.
Make sure all other roles that can edit posts still can be assigned as coauthors.
-- test user account deletion --
Login as subscriber with the special cap and try to delete its account. Confirm you get a message saying you can't
Other information: