Skip to content

Internal: Improve access control for floating buttons configuration [ED-21422]#33489

Merged
nicoladj77 merged 3 commits intomainfrom
TMZ-ED-21422-floating-buttons
Nov 17, 2025
Merged

Internal: Improve access control for floating buttons configuration [ED-21422]#33489
nicoladj77 merged 3 commits intomainfrom
TMZ-ED-21422-floating-buttons

Conversation

@nicoladj77
Copy link
Copy Markdown
Contributor

@nicoladj77 nicoladj77 commented Nov 17, 2025
edited by gitstream-cm bot
Loading

PR Checklist

PR Type

What kind of change does this PR introduce?

  • Bugfix
  • Feature
  • Code style update (formatting, local variables)
  • Refactoring (no functional changes, no api changes)
  • Build related changes
  • CI related changes
  • Documentation content changes
  • Other... Please describe:

Summary

This PR can be summarized in the following changelog entry:

  • Improve access control for floating buttons configuration

Description

An explanation of what is done in this PR

Test instructions

This PR can be tested by following these steps:

Quality assurance

  • I have tested this code to the best of my abilities
  • I have added unittests to verify the code works as intended
  • Docs have been added / updated (for bug fixes / features)

Fixes #

✨ PR Description

Purpose: Enhance security by restricting floating buttons configuration access to administrator users only.
Main changes:

  • Replaced 'capability_type' with detailed 'capabilities' array requiring 'manage_options' permission
  • Set all post management operations to require administrator-level privileges

Generated by LinearB AI and added by gitStream.
AI-generated content may contain inaccuracies. Please verify before using.
💡 Tip: You can customize your AI Description using Guidelines Learn how

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Nov 17, 2025
edited
Loading

Elementor Build

Last updated at: 20251117.0643
Version: 3.34.0-20251117.0643

✅ Elementor build is ready for download.

You can download the latest build from the link below:

🔗 elementor-3.34.0-20251117.0643.zip

The build is available for 3 days.

@nicoladj77 nicoladj77 added this pull request to the merge queue Nov 17, 2025
Merged via the queue into main with commit 104007d Nov 17, 2025
53 checks passed
@nicoladj77 nicoladj77 deleted the TMZ-ED-21422-floating-buttons branch November 17, 2025 07:17
github-actions bot pushed a commit that referenced this pull request Nov 17, 2025
@nicoladj77 @github-actions
Internal: Improve access control for floating buttons configuration […
30e8bfb 
…ED-21422] (#33489)

## PR Checklist
<!-- 
Please check if your PR fulfills the following requirements:
**Filling out the template is required.** Any pull request that does not
include enough information to be reviewed in a timely manner may be
closed at the maintainers' discretion.
 -->
- [x] The commit message follows our guidelines:
https://github.com/elementor/elementor/blob/master/.github/CONTRIBUTING.md


## PR Type
What kind of change does this PR introduce?
<!-- Please check the one that applies to this PR using "x" with no
spaces eg: [x]. -->
- [x] Bugfix
- [ ] Feature
- [ ] Code style update (formatting, local variables)
- [ ] Refactoring (no functional changes, no api changes)
- [ ] Build related changes
- [ ] CI related changes
- [ ] Documentation content changes
- [ ] Other... Please describe:

## Summary

This PR can be summarized in the following changelog entry:

* Improve access control for floating buttons configuration

## Description
An explanation of what is done in this PR

*

## Test instructions
This PR can be tested by following these steps:

*

## Quality assurance

- [ ] I have tested this code to the best of my abilities
- [ ] I have added unittests to verify the code works as intended
- [ ] Docs have been added / updated (for bug fixes / features)

Fixes #

<!--start_gitstream_placeholder-->
### ✨ PR Description
Purpose: Enhance security by restricting floating buttons configuration
access to administrator users only.
Main changes:
- Replaced 'capability_type' with detailed 'capabilities' array
requiring 'manage_options' permission
- Set all post management operations to require administrator-level
privileges

_Generated by LinearB AI and added by gitStream._
<sub>AI-generated content may contain inaccuracies. Please verify before
using.
💡 **Tip:** You can customize your AI Description using **Guidelines**
[Learn
how](https://docs.gitstream.cm/automation-actions/#describe-changes)</sub>
<!--end_gitstream_placeholder-->
@github-actions github-actions bot mentioned this pull request Nov 17, 2025
Merged
nicoladj77 added a commit that referenced this pull request Nov 17, 2025
@github-actions @nicoladj77
Internal: Cherry-pick PR 33489 to 3.33 Improve access control for flo…
9769842 
…ating buttons configuration [ED-21422] (#33491)

Automatic cherry-pick of
[#33489](#33489) to `3.33`
branch.

      **Source:** elementor/elementor
      **Original Author:** @nicoladj77

Co-authored-by: Nicola Peluchetti <nicola.peluchetti@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@louiswol94 louiswol94 louiswol94 approved these changes

@davseve davseve davseve approved these changes

Assignees

No one assigned

Labels

1 min review cp_3.33

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nicoladj77 @louiswol94 @davseve