Fix taxonomy capabilities

[renatho]

Proposed Changes

• We received a report of Contributors (WordPress role) being able to access some taxonomy edit screens (/wp-admin/term.php?taxonomy=module&tag_ID=ID&post_type=course) directly through the edit URL, but not being able to save it.
  • The same applies for module, course-category, lesson-tag, and question-category.
• In order to correct this behavior, updated the taxonomy capabilities and updated the roles to work properly. Notice that the only roles that have the manage_categories capability by default are admin and editor.. So adding the new roles to administrator, editor, and teacher looks a good solution to me.

Alternative approach

See #7613 (comment)

Context

The previous changes for the module taxonomy happened in this PR: #459

• 1b6e21e
• c6dcf32
• 0077aae

The first commit has the following description (the best context I could extract from the history):

give teacher access to modules on the edit course screen

Known issues

• Teacher can't add tags to lessons and categories to courses #7612

Testing Instructions

1. Bump the version on SENSEI_LMS_VERSION, so the new capabilities are properly created.
2. Create a module as admin.
3. Edit the module and copy the URL of the editor.
4. Try to access as a user with the role contributor, and make sure they don't have access to it anymore.

Now let's make sure everything continues working properly:

6. As a teacher, create a course.
7. Add some modules with lessons.
8. Save the course, and make sure the modules were properly created.
9. Add a new course category in the editor sidebar.
10. Refresh the editor.
11. It should create the new category, but don't assign it because of the known issue (Teacher can't add tags to lessons and categories to courses #7612).
12. Add lessons.
13. Open the lesson editor.
14. Add a new lesson tag in the editor sidebar.
15. Refresh the editor.
16. It should create the new tag, but don't assign it because of the known issue (Teacher can't add tags to lessons and categories to courses #7612).
17. Create a question.
18. Add a category in the sidebar.
19. Publish the question, and make sure the category was properly created.
20. Create a new course, and remove all blocks to have a legacy course.
21. Add a new module (sidebar).
22. Create a lesson (meta boxes in the bottom of the editor).
23. Add the module to a lesson and make sure it works properly.
24. Repeat the tests with an admin and make sure it continues working properly.

Pre-Merge Checklist

• PR title and description contain sufficient detail and accurately describe the changes
• Acceptance criteria is met
• Decisions are publicly documented
• Adheres to coding standards (PHP, JavaScript, CSS, HTML)
• All strings are translatable (without concatenation, handles plurals)
• Follows our naming conventions (P6rkRX-4oA-p2)
• Hooks (p6rkRX-1uS-p2) and functions are documented
• New UIs are responsive and use a mobile-first approach
• New UIs match the designs
• Different user privileges (admin, teacher, subscriber) are tested as appropriate
• Legacy courses (course without blocks) are tested
• Code is tested on the minimum supported PHP and WordPress versions
• User interface changes have been tested on the latest versions of Chrome, Firefox and Safari
• "Needs Documentation" label is added if this change requires updates to documentation
• Known issues are created as new GitHub issues

[github-actions]

Test the previous changes of this PR with WordPress Playground.

[github-actions]

Test the previous changes of this PR with WordPress Playground.

[github-actions]

Test the previous changes of this PR with WordPress Playground.

[renatho]

Admin and editor weren't receiving these capabilities previously. I think we didn't notice it before because we weren't explicitly using it, so it didn't cause any issue.

[renatho]

We were already adding it for courses and lessons, but not for questions.

[renatho]

Since we changed capabilities, we need a migration to apply the changes. It only happens on the plugin activation.

[github-actions]

Test the previous changes of this PR with WordPress Playground.

[github-actions]

Test the previous changes of this PR with WordPress Playground.

[renatho]

My first try was to just remove the capabilities to use the default ones. It would use just use the manage_categories for edit_terms.

But since teachers don't have the capability manage_categories, it was hiding the buttons to add the categories through the editor sidebar.

[github-actions]

Test the previous changes of this PR with WordPress Playground.

[renatho]

I started it without a changelog entry because users probably won't notice that, but thinking more I decided to add an entry (bbc71c7), in case someone has special customizations with roles and capabilities.

[github-actions]

Test the previous changes of this PR with WordPress Playground.

[merkushin]

Looks good and works well 👍

I had three observations during the tests.

1. It is related to the test instructions.

It looks like I cannot follow the instruction not to assign the tag:

2. Course Outline in the lesson preview for teacher

I previewed the draft lesson as a teacher and found the course outline was empty. Checked in Safari and Chrome in case it was an issue with styles: same result.
And then tested with an admin account: everything is in its place.

3. Assign module in the lesson for a legacy course

I found that when I first open the lesson in the editor I can't assign the module. It says set the course first, even though it the course is set. But it works fine after saving the draft and refreshing.

[renatho]

Thank you for the review, @merkushin!

It looks like I cannot follow the instruction not to assign the tag

Do you mean you couldn't reproduce the known issue and after the refresh, the lesson tag persisted for you?

And then tested with an admin account: everything is in its place.

I think it's an expected behavior because of this:

sensei/includes/class-sensei-course-structure.php

Line 81 in 179f7e5

$published_lessons_only = 'view' === $context && ! current_user_can( 'read_private_posts' );

But I agree that it could be better, offering the same behavior to teachers. Do you think it's worth an enhancement issue for it?

I found that when I first open the lesson in the editor I can't assign the module. It says set the course first, even though it the course is set. But it works fine after saving the draft and refreshing.

I believe it was aways the behavior. Since it's for the legacy way to do it, I think it's not worth an issue. WDYT?