Skip to content

CRM: Restrict some contact functions to admins#48358

Merged
tbradsha merged 7 commits into
trunkfrom
fix/crm/portal_pw_reset_guard
Apr 30, 2026
Merged

CRM: Restrict some contact functions to admins#48358
tbradsha merged 7 commits into
trunkfrom
fix/crm/portal_pw_reset_guard

Conversation

@tbradsha
Copy link
Copy Markdown
Contributor

@tbradsha tbradsha commented Apr 28, 2026

Proposed changes

This restricts some contact functions to admins.

Related product discussion/links

  • pgvhYc-BV-p2#comment-663

Does this pull request change what data or activity we track or use?

Testing instructions

  • Go to '..'

@tbradsha tbradsha requested a review from a team April 28, 2026 17:43
@tbradsha tbradsha self-assigned this Apr 28, 2026
@tbradsha tbradsha added [Status] Needs Review This PR is ready for review. [Plugin] CRM Issues about the Jetpack CRM plugin labels Apr 28, 2026
@github-actions github-actions Bot added the Admin Page React-powered dashboard under the Jetpack menu label Apr 28, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 28, 2026

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

  • ✅ Include a description of your PR changes.
  • ✅ Add a "[Status]" label (In Progress, Needs Review, ...).
  • ✅ Add testing instructions.
  • ✅ Specify whether this PR includes any changes to data or privacy.
  • ✅ Add changelog entries to affected projects

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖

Follow this PR Review Process:

  1. Ensure all required checks appearing at the bottom of this PR are passing.
  2. Make sure to test your changes on all platforms that it applies to. You're responsible for the quality of the code you ship.
  3. You can use GitHub's Reviewers functionality to request a review.
  4. When it's reviewed and merged, you will be pinged in Slack to deploy the changes to WordPress.com simple once the build is done.

If you have questions about anything, reach out in #jetpack-developers for guidance!

@jp-launch-control
Copy link
Copy Markdown

jp-launch-control Bot commented Apr 28, 2026
edited
Loading

Code Coverage Summary

Coverage changed in 1 file.

File Coverage Δ% Δ Uncovered
projects/plugins/crm/admin/contact/contact.ajax.php 0/91 (0.00%) 0.00% -3 💚

Full summary · PHP report

anomiex
anomiex reviewed Apr 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@anomiex anomiex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like it'll do what it intends. Haven't tested, or tried to verify that what it intends is the right thing.

Linter seems unhappy though.

Comment thread projects/plugins/crm/admin/contact/contact.ajax.php Outdated

// Perms check
if ( zeroBSCRM_permsCustomers() ) {
if ( current_user_can( 'admin_zerobs_manage_options' ) ) {
Copy link
Copy Markdown
Contributor

@anomiex anomiex Apr 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As with the other PR, I wonder whether a zeroBSCRM_permsManageOptions function would better match how things seem to be done.

Copy link
Copy Markdown
Contributor Author

@tbradsha tbradsha Apr 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

235c555

@tbradsha tbradsha mentioned this pull request Apr 29, 2026
Merged
tbradsha added 5 commits April 29, 2026 11:27
@tbradsha
Fix role check
ed49bb7 
get_userdata() expects an int, but we passed a string (email), which broke the jpcrm_role_check() (which in turn was incorrectly inverted).
@tbradsha
No need to show password
b959235
@tbradsha
Restrict contact functions to admins
61d3def
@tbradsha
Add changelog
6e18a02
@tbradsha
Update messaging
8beba54
@tbradsha tbradsha force-pushed the fix/crm/portal_pw_reset_guard branch from 664624f to 8beba54 Compare April 29, 2026 17:27
@tbradsha tbradsha requested a review from anomiex April 29, 2026 17:39
anomiex
anomiex approved these changes Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@anomiex anomiex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like it'll do what it intends. Haven't tested, or tried to verify that what it intends is the right thing.

@tbradsha tbradsha merged commit b30a42e into trunk Apr 30, 2026
70 checks passed
@tbradsha tbradsha deleted the fix/crm/portal_pw_reset_guard branch April 30, 2026 18:45
@github-actions github-actions Bot removed the [Status] Needs Review This PR is ready for review. label Apr 30, 2026
Copilot AI pushed a commit to dognose24/jetpack that referenced this pull request May 4, 2026
@tbradsha
CRM: Restrict some contact functions to admins (Automattic#48358)
7dde408 
Co-authored-by: dognose24 <6869813+dognose24@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anomiex anomiex anomiex approved these changes

Assignees

@tbradsha tbradsha

Labels

Admin Page React-powered dashboard under the Jetpack menu [Plugin] CRM Issues about the Jetpack CRM plugin

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tbradsha @anomiex