Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow settings to be updated and read. #2985

Open
wants to merge 1 commit into
base: trunk
Choose a base branch
from
Open

Allow settings to be updated and read. #2985

wants to merge 1 commit into from

Conversation

spacedmonkey
Copy link
Member

Working on #48885. Decided to go a different direction than the ticket name. Use the existing endpoint but add some new callbacks.

To use this PR, here is the example I use to test.

add_action('init', function(){
	register_setting(
		'general',
		'wibble',
		array(
			'show_in_rest' => array(
				'name' => 'wibble',
				'edit_permission_callback' => '__return_true',
				'read_permission_callback' => '__return_true',
			),
			'type'         => 'string',
			'description'  => __( 'Site title.' ),
		)
	);
});

This make a setting called wibble, that will now be public to read and edit. You never do this, but it gives you an idea of how the code works.

Trac ticket: https://core.trac.wordpress.org/ticket/48885

This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See GitHub Pull Requests for Code Review in the Core Handbook for more details.

@spacedmonkey spacedmonkey self-assigned this Jul 18, 2022
@spacedmonkey spacedmonkey mentioned this pull request Jul 18, 2022
Merged
This was referenced Jul 25, 2022
Open
Merged
@Mamaduka Mamaduka mentioned this pull request Dec 7, 2022
Merged
@Mamaduka Mamaduka mentioned this pull request Nov 5, 2024
Merged
anton-vlasenko
anton-vlasenko reviewed Nov 18, 2024
View reviewed changes
Copy link

@anton-vlasenko anton-vlasenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please find my review notes below. Thank you.

tests/phpunit/tests/rest-api/rest-settings-controller.php
Comment on lines +496 to +498
wp_set_current_user( self::$administrator );
$user = get_user_by( 'id', self::$administrator );
$user->add_cap( 'custom_rest_cap' );
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In my testing, this test didn't work because the user's capabilities were cached. Therefore, I had to reorder it like this to make the test work:

Suggested change
wp_set_current_user( self::$administrator );
$user = get_user_by( 'id', self::$administrator );
$user->add_cap( 'custom_rest_cap' );
$user = get_user_by( 'id', self::$administrator );
$user->add_cap( 'custom_rest_cap' );
wp_set_current_user( self::$administrator );

tests/phpunit/tests/rest-api/rest-settings-controller.php
Comment on lines +386 to +388
wp_set_current_user( self::$administrator );
$user = get_user_by( 'id', self::$administrator );
$user->add_cap( 'custom_rest_cap' );
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same.

Suggested change
wp_set_current_user( self::$administrator );
$user = get_user_by( 'id', self::$administrator );
$user->add_cap( 'custom_rest_cap' );
$user = get_user_by( 'id', self::$administrator );
$user->add_cap( 'custom_rest_cap' );
wp_set_current_user( self::$administrator );

src/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php
'status' => rest_authorization_required_code(),
)
);
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The WP_Test_REST_Settings_Controller::test_update_item_with_edit_permission_callbacks() test method implies that the setting can be updated even if the current user lacks the manage_options capability. However, the test fails because the code still checks for that capability.
I'm not sure what the intention is here: should a user be able to update a setting even without the manage_options capability, as long as the permission callback allows it?

Suggested change
}
}
return true;

src/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php
* @since 6.1.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise.
Copy link

@anton-vlasenko anton-vlasenko Nov 18, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nitpick:

Suggested change
* @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise.
* @return bool|WP_Error True if the request has access to update the item, WP_Error object otherwise.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anton-vlasenko anton-vlasenko anton-vlasenko left review comments

@adamziel adamziel Awaiting requested review from adamziel

@TimothyBJacobs TimothyBJacobs Awaiting requested review from TimothyBJacobs

At least 10 approving reviews are required to merge this pull request.

Assignees

@spacedmonkey spacedmonkey

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@spacedmonkey @anton-vlasenko