Skip to content

Allow settings to be updated and read. #2985

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
spacedmonkey wants to merge 1 commit into
base: trunk
Choose a base branch
from
Open

Allow settings to be updated and read. #2985

spacedmonkey wants to merge 1 commit into from

Conversation

@spacedmonkey
Copy link
Member

@spacedmonkey spacedmonkey commented Jul 18, 2022

Working on #48885. Decided to go a different direction than the ticket name. Use the existing endpoint but add some new callbacks.

To use this PR, here is the example I use to test.

add_action('init', function(){
	register_setting(
		'general',
		'wibble',
		array(
			'show_in_rest' => array(
				'name' => 'wibble',
				'edit_permission_callback' => '__return_true',
				'read_permission_callback' => '__return_true',
			),
			'type'         => 'string',
			'description'  => __( 'Site title.' ),
		)
	);
});

This make a setting called wibble, that will now be public to read and edit. You never do this, but it gives you an idea of how the code works.

Trac ticket: https://core.trac.wordpress.org/ticket/48885

This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See GitHub Pull Requests for Code Review in the Core Handbook for more details.

@spacedmonkey spacedmonkey self-assigned this Jul 18, 2022
@spacedmonkey spacedmonkey mentioned this pull request Jul 18, 2022
Merged
This was referenced Jul 25, 2022
Open
Merged
@Mamaduka Mamaduka mentioned this pull request Dec 7, 2022
Merged
@Mamaduka Mamaduka mentioned this pull request Nov 5, 2024
Merged
anton-vlasenko
anton-vlasenko reviewed Nov 18, 2024
View reviewed changes
Copy link

@anton-vlasenko anton-vlasenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please find my review notes below. Thank you.

tests/phpunit/tests/rest-api/rest-settings-controller.php
Comment on lines +496 to +498
wp_set_current_user( self::$administrator );
$user = get_user_by( 'id', self::$administrator );
$user->add_cap( 'custom_rest_cap' );
Copy link

@anton-vlasenko anton-vlasenko Nov 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In my testing, this test didn't work because the user's capabilities were cached. Therefore, I had to reorder it like this to make the test work:

Suggested change
wp_set_current_user( self::$administrator );
$user = get_user_by( 'id', self::$administrator );
$user->add_cap( 'custom_rest_cap' );
$user = get_user_by( 'id', self::$administrator );
$user->add_cap( 'custom_rest_cap' );
wp_set_current_user( self::$administrator );

tests/phpunit/tests/rest-api/rest-settings-controller.php
Comment on lines +386 to +388
wp_set_current_user( self::$administrator );
$user = get_user_by( 'id', self::$administrator );
$user->add_cap( 'custom_rest_cap' );
Copy link

@anton-vlasenko anton-vlasenko Nov 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same.

Suggested change
wp_set_current_user( self::$administrator );
$user = get_user_by( 'id', self::$administrator );
$user->add_cap( 'custom_rest_cap' );
$user = get_user_by( 'id', self::$administrator );
$user->add_cap( 'custom_rest_cap' );
wp_set_current_user( self::$administrator );

src/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php
'status' => rest_authorization_required_code(),
)
);
}
Copy link

@anton-vlasenko anton-vlasenko Nov 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The WP_Test_REST_Settings_Controller::test_update_item_with_edit_permission_callbacks() test method implies that the setting can be updated even if the current user lacks the manage_options capability. However, the test fails because the code still checks for that capability.
I'm not sure what the intention is here: should a user be able to update a setting even without the manage_options capability, as long as the permission callback allows it?

Suggested change
}
}
return true;

src/wp-includes/rest-api/endpoints/class-wp-rest-settings-controller.php
* @since 6.1.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise.
Copy link

@anton-vlasenko anton-vlasenko Nov 18, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nitpick:

Suggested change
* @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise.
* @return bool|WP_Error True if the request has access to update the item, WP_Error object otherwise.

@spacedmonkey spacedmonkey mentioned this pull request Jan 28, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adamziel adamziel Awaiting requested review from adamziel

@TimothyBJacobs TimothyBJacobs Awaiting requested review from TimothyBJacobs

1 more reviewer

@anton-vlasenko anton-vlasenko anton-vlasenko left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@spacedmonkey spacedmonkey

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@spacedmonkey @anton-vlasenko