Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow view access of template rest endpoint to anyone with the edit_post capability #60317

Merged
merged 1 commit into from Mar 30, 2024
Merged

Allow view access of template rest endpoint to anyone with the edit_post capability #60317

merged 1 commit into from Mar 30, 2024

Conversation

fabiankaegy
Copy link
Member

@fabiankaegy fabiankaegy commented Mar 29, 2024
edited

What?

Part of #60316 as requested in #58301 (comment)

Modify the template / template part rest endpoint to allow any user role with the edit_post capability to view entities.

Why?

In order to render the block template in the locked template preview inside the post editor we need to be able to fetch the contents of any block templates / template parts for any user role that can edit a post.

How?

Overwriting the get_items_permissions_check and get_item_permissions_check methods of the rest_controller_class of the wp_template post type to check whether the current user can edit_posts.

Testing Instructions

Try making an authenticated rest request to the template rest endpoint with any user role that has the edit_post capability. -> The template should get returned
Try making an unauthenticated request and still get an unauthorized error

@fabiankaegy fabiankaegy added [Type] Enhancement A suggestion for improvement. REST API Interaction Related to REST API labels Mar 29, 2024
@fabiankaegy fabiankaegy self-assigned this Mar 29, 2024
@fabiankaegy fabiankaegy changed the title allow view access of template rest endpoint to anyone with the edit_post capability Allow view access of template rest endpoint to anyone with the edit_post capability Mar 29, 2024
@fabiankaegy fabiankaegy mentioned this pull request Mar 29, 2024
Closed
4 tasks
@fabiankaegy fabiankaegy force-pushed the feature/change-template-rest-controller-to-allow-view-access branch from 2f032ee to 6836921 Compare March 29, 2024 22:52
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 29, 2024
edited

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message.

Co-authored-by: fabiankaegy <fabiankaegy@git.wordpress.org>
Co-authored-by: TimothyBJacobs <timothyblynjacobs@git.wordpress.org>

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

@TimothyBJacobs
Copy link
Member

You need to make a more thorough check here, right now this won't account for users who have the ability not to edit posts, but other CPTs that use the block editor. See WP_REST_Block_Types_Controller::check_read_permission for an example.

@fabiankaegy fabiankaegy force-pushed the feature/change-template-rest-controller-to-allow-view-access branch from 6836921 to b1efbfa Compare March 30, 2024 14:07
@fabiankaegy
Copy link
Member Author

@TimothyBJacobs Thanks for much for your review :) I've updated the code to essentially match the example you've provided.

@fabiankaegy fabiankaegy enabled auto-merge (squash) March 30, 2024 14:28
@fabiankaegy fabiankaegy merged commit 5e8a210 into trunk Mar 30, 2024
58 checks passed
@fabiankaegy fabiankaegy deleted the feature/change-template-rest-controller-to-allow-view-access branch March 30, 2024 14:40
@github-actions github-actions bot added this to the Gutenberg 18.1 milestone Mar 30, 2024
This was referenced Mar 30, 2024
Closed
Merged
Merged
@fabiankaegy fabiankaegy linked an issue Apr 3, 2024 that may be closed by this pull request
Add ability to preview template in post editor for non administrators #60316
Closed
4 tasks
cbravobernal pushed a commit to garridinsi/gutenberg that referenced this pull request Apr 9, 2024
@fabiankaegy @TimothyBJacobs @cbravobernal
allow view access of template rest endpoint to anyone with the edit_p…
a322538 
…ost capability (WordPress#60317)

Co-authored-by: fabiankaegy <fabiankaegy@git.wordpress.org>
Co-authored-by: TimothyBJacobs <timothyblynjacobs@git.wordpress.org>
@ellatrix ellatrix mentioned this pull request Apr 30, 2024
Open
73 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TimothyBJacobs TimothyBJacobs TimothyBJacobs approved these changes

@Mamaduka Mamaduka Awaiting requested review from Mamaduka

@youknowriad youknowriad Awaiting requested review from youknowriad

@gziolo gziolo Awaiting requested review from gziolo

@spacedmonkey spacedmonkey Awaiting requested review from spacedmonkey spacedmonkey is a code owner

Assignees

@fabiankaegy fabiankaegy

Labels
REST API Interaction Related to REST API [Type] Enhancement A suggestion for improvement.
Projects
None yet
Milestone
Gutenberg 18.1
Development

Successfully merging this pull request may close these issues.

Add ability to preview template in post editor for non administrators
2 participants
@fabiankaegy @TimothyBJacobs