Merge pull request #670 from equalizedigital/william/669/allow-fronte…

…nd-highlighter-to-be-shown-to-logged-out-visitors Add filter to allow frontend highlighter to be shown to other users
equalizedigital · Jun 24, 2024 · fc29bc7 · fc29bc7
2 parents b6e53a5 + 17821e2
commit fc29bc7
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 4 deletions.
diff --git a/admin/class-frontend-highlight.php b/admin/class-frontend-highlight.php
@@ -27,6 +27,23 @@ public function __construct() {
 	 */
 	public function init_hooks() {
 		add_action( 'wp_ajax_edac_frontend_highlight_ajax', [ $this, 'ajax' ] );
+
+		/**
+		 * Filter the visibility of the frontend highlighter.
+		 *
+		 * 'edac_filter_frontend_highlighter_visibility' is a filter that can be used
+		 * to allow users without edit permissions on the post to see the frontend
+		 * highlighter. You can use the filter to perform additional permission checks
+		 * on who can see it.
+		 *
+		 * @since 1.14.0
+		 *
+		 * @param bool $visibility The visibility of the frontend highlighter. Default is false, return true to show the frontend highlighter.
+		 */
+		if ( apply_filters( 'edac_filter_frontend_highlighter_visibility', false ) ) {
+			// A nopriv endpoint allows logged-out users to access the endpoint.
+			add_action( 'wp_ajax_nopriv_edac_frontend_highlight_ajax', [ $this, 'ajax' ] );
+		}
 	}
 
 	/**

diff --git a/includes/classes/class-enqueue-frontend.php b/includes/classes/class-enqueue-frontend.php
@@ -37,7 +37,7 @@ public static function maybe_enqueue_frontend_highlighter() {
 		// This loads on all pages, so bail as early as possible. Do checks that don't require DB calls first.
 
 
-		// Don't load on admin pages in iframe that is running a pageScan.
+		// Don't load on admin pages or in an iframe that is running a pageScan.
 		if (
 			is_admin() ||
 			(
@@ -48,16 +48,35 @@ public static function maybe_enqueue_frontend_highlighter() {
 			return;
 		}
 
-		// Don't load on customizer pages or if the user is not able to edit this page.
+		// Don't load on the frontend if we don't have a post to work with.
 		global $post;
 		$post_id = is_object( $post ) ? $post->ID : null;
 
 		if ( null === $post_id ) {
 			return;
 		}
 
-		// Dont load if the user is not able to edit this page or if we are in a customizer preview.
-		if ( is_customize_preview() || ! ( $post_id && current_user_can( 'edit_post', $post_id ) ) ) {
+		// Don't load in a customizer preview or user can't edit the page. A filter
+		// can override the edit requirement to allow anyone to see it.
+		if (
+			is_customize_preview() ||
+			(
+				/**
+				 * Filter the visibility of the frontend highlighter.
+				 *
+				 * 'edac_filter_frontend_highlighter_visibility' is a filter that can be used
+				 * to allow users without edit permissions on the post to see the frontend
+				 * highlighter. You can use the filter to perform additional permission checks
+				 * on who can see it.
+				 *
+				 * @since 1.14.0
+				 *
+				 * @param bool $visibility The visibility of the frontend highlighter. Default is false, return true to show the frontend highlighter.
+				 */
+				! apply_filters( 'edac_filter_frontend_highlighter_visibility', false ) &&
+				! ( $post_id && current_user_can( 'edit_post', $post_id ) )
+			)
+		) {
 			return;
 		}