add settings for user role selection #76

dhanendran · 2022-08-22T08:49:29Z

Description of the Change

Added a settings section to select user roles who can upload SVG images. Based on the role section, a new capability safe_svg_upload_svg will be added to those roles. By default, super admins on a network site will have all the capabilities, so they can upload SVG files.

Closes #69

How to test the Change

Go to /wp-admin/uploads.php page
Try to upload an SVG file and it should not be uploaded and get an error message
Enable the plugin and go to /wp-admin/options-media.php page
All the available roles on the site should be listed with the checkbox
Admin should be able to select the user roles who can upload the SVG files
Select Administrator role and submit the form
Go to /wp-admin/uploads.php page
Try to upload an SVG file and it should be uploaded successfully

Changelog Entry

Feature - Add a new option to select which user roles can upload SVG files.

Credits

Props @dhanendran, @csloisel, @faisal-alvi

Checklist:

I agree to follow this project's Code of Conduct.
I have updated the documentation accordingly.
I have added tests to cover my change.
All new and existing tests pass.

README.md

readme.txt

includes/safe-svg-settings.php

…formatting tweaks

dkotter · 2022-09-02T21:20:26Z

includes/safe-svg-settings.php

+	 * User role field callback function.
+	 */
+	public function safe_svg_roles_cb() {
+		$user_roles   = get_editable_roles();


This will show all roles, even those that can't do anything with media currently. Feels like we should trim this list down to only roles that currently have media upload capabilities to begin with, otherwise I could see confusion when someone sees Subscriber on this list, even though they can't upload any types of media

I've updated this in the latest push, it will be filtered to roles that have the upload_files permission. I've also added a filter for these roles.

includes/safe-svg-settings.php

…first

jeffpaul · 2022-12-22T19:59:03Z

@dkotter looking for an update code review from you here, thanks!

jeffpaul · 2023-02-13T16:39:52Z

@faisal-alvi if you're able to review during your OSS week that'll help move this along, thanks!

includes/safe-svg-settings.php

dkotter · 2023-02-13T16:47:40Z

@faisal-alvi if you're able to review during your OSS week that'll help move this along, thanks!

I've reviewed the code here a few times and things are looking good from my perspective. Could use help in actually testing this out, want to ensure this works as expected and doesn't introduce any regressions. The main thing I'm concerned about is ensuring that anyone that can currently upload an SVG should still be able to upload an SVG after this update, at least until this new setting has been modified from the default.

Edit: looks like also a merge conflict that we can clean up here

faisal-alvi

@dhanendran & @csloisel thank you for the great work here!

Note: this is a report of testing only, as the Code Review is already been done by @dkotter.

✅ A settings section to select user roles who can upload SVG images is displayed correctly.

✅ I have tested and confirmed the functionality is working fine.
✅ Only the user roles allowed in settings can upload the SVG.
✅ If a user with a specific role is not allowed to upload, the following error is displayed and the SVG image does not upload.

jeffpaul · 2023-05-08T19:12:37Z

Resolved the merge commit, but seeing PHPUnit failure that we'll want to resolve before merging

jeffpaul · 2023-07-03T17:15:08Z

@10up/open-source-practice would be good to get a final code review pass on this before merging in... thanks!

dhanendran added 4 commits August 22, 2022 13:32

add settings for user role selection

64f1bda

add and fix phpunit

a5b9daa

cypress: enable admin user role

161dcc6

Update readme

7ce4165

dhanendran requested a review from dkotter August 22, 2022 08:49

dhanendran self-assigned this Aug 22, 2022

jeffpaul added this to the 2.1.0 milestone Sep 2, 2022

Merge branch 'develop' into feature/69

7618761