Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: add post_lock check on edit/delete mutation #2643

Merged
merged 19 commits into from Feb 7, 2023
Merged

fix: add post_lock check on edit/delete mutation #2643

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
af2eb11
Add post_lock check on edit/delete mutation
markkelnar Dec 1, 2022
69d4e96
Move lock check to own function
markkelnar Dec 1, 2022
7fb3bb9
Update src/Mutation/PostObjectUpdate.php
markkelnar Dec 1, 2022
9655c9c
Update src/Mutation/PostObjectDelete.php
markkelnar Dec 1, 2022
c7d8cad
Tests for post edit lock
markkelnar Dec 1, 2022
3651e18
merge flicks
markkelnar Dec 1, 2022
f57e845
fix lint checks
markkelnar Dec 1, 2022
f902ddf
codeclimate noise
markkelnar Dec 1, 2022
38f704b
syntax
markkelnar Dec 1, 2022
c33665d
Rollback composer.lock because phpstan upgrade
markkelnar Dec 2, 2022
cebf078
Merge remote-tracking branch 'origin/develop' into check-post-lock-on…
markkelnar Dec 8, 2022
91f3ec4
Merge remote-tracking branch 'origin/develop' into check-post-lock-on…
markkelnar Dec 8, 2022
20b36f8
Merge remote-tracking branch 'origin/master' into check-post-lock-on-…
markkelnar Dec 27, 2022
b3f29c0
- add bugfix for query analyzer
jasonbahl Feb 6, 2023
b234455
- update release versions, changelog
jasonbahl Feb 6, 2023
99f1f8e
Merge pull request #2713 from wp-graphql/release/v1.13.8
jasonbahl Feb 6, 2023
19e6ba6
Merge commit '99f1f8e45244826329b9a32a5362eb5a819f3729' into check-po…
jasonbahl Feb 7, 2023
5bebf7a
Merge branch 'develop' into check-post-lock-on-edit
jasonbahl Feb 7, 2023
37efad5
- update to play nice with newer phpcs rules
jasonbahl Feb 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
16 changes: 16 additions & 0 deletions src/Mutation/PostObjectDelete.php
View file
Open in desktop
Expand Up @@ -51,6 +51,10 @@ public static function get_input_fields( $post_type_object ) {
'type' => 'Boolean',
'description' => __( 'Whether the object should be force deleted instead of being moved to the trash', 'wp-graphql' ),
],
'ignoreEditLock' => [
'type' => 'Boolean',
'description' => __( 'Override the edit lock when another user is editting the post', 'wp-graphq' ),
markkelnar marked this conversation as resolved.
Show resolved Hide resolved
],
];
}

Expand Down Expand Up @@ -132,6 +136,18 @@ public static function mutate_and_get_payload( WP_Post_Type $post_type_object, s
throw new UserError( sprintf( __( 'The %1$s with id %2$s is already in the trash. To remove from the trash, use the forceDelete input', 'wp-graphql' ), $post_type_object->graphql_single_name, $post_id ) );
}

require_once ABSPATH . 'wp-admin/includes/post.php';

if ( function_exists( 'wp_check_post_lock' ) ) {
markkelnar marked this conversation as resolved.
Show resolved Hide resolved
$user_id = wp_check_post_lock( $post_id );
// If post is locked and the override is not specified, do not allow the edit
if ( $user_id && true !== $input['ignoreEditLock'] ) {
$user = get_userdata( $user_id );
/* translators: %s: User's display name. */
throw new UserError( sprintf( __( 'You cannot delete this item. %s is currently editing.', 'wp-graphql' ), esc_html( $user->display_name ) ) );
jasonbahl marked this conversation as resolved.
Show resolved Hide resolved
}
}

/**
* Delete the post
*/
Expand Down
18 changes: 17 additions & 1 deletion src/Mutation/PostObjectUpdate.php
View file
Open in desktop
Expand Up @@ -50,7 +50,11 @@ public static function get_input_fields( $post_type_object ) {
// translators: the placeholder is the name of the type of post object being updated
'description' => sprintf( __( 'The ID of the %1$s object', 'wp-graphql' ), $post_type_object->graphql_single_name ),
],
]
'ignoreEditLock' => [
'type' => 'Boolean',
'description' => __( 'Override the edit lock when another user is editting the post', 'wp-graphq' ),
markkelnar marked this conversation as resolved.
Show resolved Hide resolved
],
]
);
}

Expand Down Expand Up @@ -130,6 +134,18 @@ public static function mutate_and_get_payload( $post_type_object, $mutation_name
throw new UserError( sprintf( __( 'Sorry, you are not allowed to update %1$s as this user.', 'wp-graphql' ), $post_type_object->graphql_plural_name ) );
}

require_once ABSPATH . 'wp-admin/includes/post.php';

if ( function_exists( 'wp_check_post_lock' ) ) {
markkelnar marked this conversation as resolved.
Show resolved Hide resolved
$user_id = wp_check_post_lock( $post_id );
// If post is locked and the override is not specified, do not allow the edit
if ( $user_id && true !== $input['ignoreEditLock'] ) {
$user = get_userdata( $user_id );
/* translators: %s: User's display name. */
throw new UserError( sprintf( __( '%s is currently editing this post.', 'wp-graphql' ), esc_html( $user->display_name ) ) );
}
}

/**
* @todo: when we add support for making posts sticky, we should check permissions to make sure users can make posts sticky
* @see : https://github.com/WordPress/WordPress/blob/e357195ce303017d517aff944644a7a1232926f7/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php#L640-L642
Expand Down