Merge pull request #29 from 10up/feature/restrict-editing-to-admin

fix only users that have capability to `manage_options` can change auth settings
10up · Jun 19, 2020 · 8581118 · 8581118
2 parents 02b4dac + 3d2c909
commit 8581118
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 10 deletions.
diff --git a/includes/rest_routes.php b/includes/rest_routes.php
@@ -249,5 +249,5 @@ function update_apple_maps_wordpress_key_id( $request ) {
  * Check wether user can Edit Posts
  */
 function check_permissions() {
-	return current_user_can( 'edit_posts' );
+	return current_user_can( 'manage_options' );
 }
diff --git a/src/Settings/AuthenticationSettings.js b/src/Settings/AuthenticationSettings.js
@@ -2,14 +2,17 @@ import { PanelBody } from '@wordpress/components';
 import { __ } from '@wordpress/i18n';
 
 import EditAuthForm from '../components/EditAuthForm';
+import IsAdmin from '../helper';
 
 export default function AuthenticationSettings() {
 	return (
-		<PanelBody
-			title={ __( 'Authentication', 'apple-maps-wordpress' ) }
-			initialOpen={ false }
-		>
-			<EditAuthForm />
-		</PanelBody>
+		<IsAdmin>
+			<PanelBody
+				title={ __( 'Authentication', 'apple-maps-wordpress' ) }
+				initialOpen={ false }
+			>
+				<EditAuthForm />
+			</PanelBody>
+		</IsAdmin>
 	);
 }
diff --git a/src/edit.js b/src/edit.js
@@ -5,6 +5,7 @@ import { useEffect, useRef, useState } from '@wordpress/element';
 import { AppleMapEdit } from './components/AppleMap';
 import EditAuthForm from './components/EditAuthForm';
 import InspectorSettings from './inspector-settings';
+import IsAdmin from './helper';
 
 export default function AppleMapsWordPressEdit( props ) {
 	const {
@@ -132,7 +133,11 @@ export default function AppleMapsWordPressEdit( props ) {
 					) }
 					icon={ 'location-alt' }
 					instructions={
-						<>
+						<IsAdmin
+							fallback={ __(
+								'Sorry you are not allowed to do that. Please talk to your Administrator'
+							) }
+						>
 							{ __(
 								'In order to use an Apple Map on your website you need to get some credentials from Apple. Here you can find a detailed documentation on how to get these keys: ',
 								'apple-maps-wordpress'
@@ -147,11 +152,13 @@ export default function AppleMapsWordPressEdit( props ) {
 									'apple-maps-wordpress'
 								) }
 							</a>{ ' ' }
-						</>
+						</IsAdmin>
 					}
 					isColumnLayout={ true }
 				>
-					<EditAuthForm />
+					<IsAdmin>
+						<EditAuthForm />
+					</IsAdmin>
 				</Placeholder>
 			</>
 		);

diff --git a/src/helper.js b/src/helper.js
@@ -0,0 +1,17 @@
+import { useSelect } from '@wordpress/data';
+
+export default function IsAdmin( { children, fallback } ) {
+	const canCreateUsers = useSelect( ( select ) =>
+		select( 'core' ).canUser( 'update', 'settings' )
+	);
+
+	if ( canCreateUsers ) {
+		return children;
+	}
+
+	if ( fallback ) {
+		return fallback;
+	}
+
+	return null;
+}