43251 add a check for editable roles #6808
Open
+71
−0
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…blog in a multisite
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the Core Committers: Use this line as a base for the props when committing in SVN: To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
Test using WordPress PlaygroundThe changes in this pull request can previewed and tested using a WordPress Playground instance. WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser. Some things to be aware of
For more details about these limitations and more, check out the Limitations page in the WordPress Playground documentation. |
There was a problem hiding this comment.
I've added a few suggestions inline.
My one other thought is that it might be preferable to move the new function to be available on single sites and use it in src/wp-admin/users.php too. (@spacedmonkey may have some thoughts here)
Comment on lines
+1189
to
+1193
| wp_die( | ||
| '<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' . | ||
| '<p>' . __( 'Sorry, you are not allowed to assign users to this role.' ) . '</p>', | ||
| 403 | ||
| ); |
There was a problem hiding this comment.
As the filter prevents users from adding the role, the level of permission heading is misleading.
I've modified the message to match the one for single sites. WordPress aims to reuse strings where possible to avoid the need for similar strings to be translated.
Suggested change
| wp_die( | |
| '<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' . | |
| '<p>' . __( 'Sorry, you are not allowed to assign users to this role.' ) . '</p>', | |
| 403 | |
| ); | |
| wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 ); |
Comment on lines
+1177
to
+1186
| /** | ||
| * Makes sure the passed $role is part of editable_roles | ||
| * | ||
| * @since 6.7.0 | ||
| * | ||
| * @param string $role - name of the role | ||
| * @return void | ||
| */ | ||
|
|
||
| function ensure_editable_role( $role ) { |
There was a problem hiding this comment.
The main change is to rename the function to use the wp_ prefix
Suggested change
| /** | |
| * Makes sure the passed $role is part of editable_roles | |
| * | |
| * @since 6.7.0 | |
| * | |
| * @param string $role - name of the role | |
| * @return void | |
| */ | |
| function ensure_editable_role( $role ) { | |
| /** | |
| * Stop execution if the role can not be assigned by the current user. | |
| * | |
| * @since 6.7.0 | |
| * | |
| * @param string $role Role the user is attempting to assign. | |
| */ | |
| function wp_ensure_editable_role( $role ) { |
| @@ -67,6 +67,9 @@ | |||
| $redirect = add_query_arg( array( 'update' => 'addexisting' ), 'user-new.php' ); | |||
| } else { | |||
| if ( isset( $_POST['noconfirmation'] ) && current_user_can( 'manage_network_users' ) ) { | |||
|
|
|||
| ensure_editable_role( $_REQUEST['role'] ); | |||
There was a problem hiding this comment.
Suggested change
| ensure_editable_role( $_REQUEST['role'] ); | |
| wp_ensure_editable_role( $_REQUEST['role'] ); |
| @@ -218,6 +221,9 @@ | |||
| add_filter( 'wpmu_signup_user_notification', '__return_false' ); // Disable confirmation email. | |||
| add_filter( 'wpmu_welcome_user_notification', '__return_false' ); // Disable welcome email. | |||
| } | |||
|
|
|||
| ensure_editable_role( $_REQUEST['role'] ); | |||
There was a problem hiding this comment.
Suggested change
| ensure_editable_role( $_REQUEST['role'] ); | |
| wp_ensure_editable_role( $_REQUEST['role'] ); |
Comment on lines
+224
to
+266
| public function test_ensure_editable_role() { | ||
| $exception = null; | ||
| try { | ||
| ensure_editable_role( 'editor' ); | ||
| } catch ( WPDieException $e ) { | ||
| $exception = $e; | ||
| } | ||
| $this->assertNull( $exception ); | ||
|
|
||
| $exception = null; | ||
| try { | ||
| ensure_editable_role( 'non-existant' ); | ||
| } catch ( WPDieException $e ) { | ||
| $exception = $e; | ||
| } | ||
| $this->assertNotNull( $exception ); | ||
| $this->assertStringContainsString( 'Sorry, you are not allowed to assign users to this role.', $exception->getMessage() ); | ||
|
|
||
| $exception = null; | ||
| try { | ||
| add_filter( | ||
| 'editable_roles', | ||
| function ( $roles ) { | ||
| unset( $roles['administrator'] ); | ||
| return $roles; | ||
| } | ||
| ); | ||
|
|
||
| ensure_editable_role( 'administrator' ); | ||
|
|
||
| remove_filter( | ||
| 'editable_roles', | ||
| function ( $roles ) { | ||
| unset( $roles['administrator'] ); | ||
| return $roles; | ||
| } | ||
| ); | ||
| } catch ( WPDieException $e ) { | ||
| $exception = $e; | ||
| } | ||
| $this->assertNotNull( $exception ); | ||
| $this->assertStringContainsString( 'Sorry, you are not allowed to assign users to this role.', $exception->getMessage() ); | ||
| } |
There was a problem hiding this comment.
There's a few things happening here:
- I've added docblocks and the ticket number to the tests so they can be run as their own group
- I've split the tests up in to the three cases: editable role, unknown role, excluded role
- I've used
$this->expectException( 'WPDieException' );to test for thewp_die()call to remove the need fortry...catch - I've used the name change suggested above.
- The WordPress test suite resets filters between tests so the
remove_filter()isn't needed.
Suggested change
| public function test_ensure_editable_role() { | |
| $exception = null; | |
| try { | |
| ensure_editable_role( 'editor' ); | |
| } catch ( WPDieException $e ) { | |
| $exception = $e; | |
| } | |
| $this->assertNull( $exception ); | |
| $exception = null; | |
| try { | |
| ensure_editable_role( 'non-existant' ); | |
| } catch ( WPDieException $e ) { | |
| $exception = $e; | |
| } | |
| $this->assertNotNull( $exception ); | |
| $this->assertStringContainsString( 'Sorry, you are not allowed to assign users to this role.', $exception->getMessage() ); | |
| $exception = null; | |
| try { | |
| add_filter( | |
| 'editable_roles', | |
| function ( $roles ) { | |
| unset( $roles['administrator'] ); | |
| return $roles; | |
| } | |
| ); | |
| ensure_editable_role( 'administrator' ); | |
| remove_filter( | |
| 'editable_roles', | |
| function ( $roles ) { | |
| unset( $roles['administrator'] ); | |
| return $roles; | |
| } | |
| ); | |
| } catch ( WPDieException $e ) { | |
| $exception = $e; | |
| } | |
| $this->assertNotNull( $exception ); | |
| $this->assertStringContainsString( 'Sorry, you are not allowed to assign users to this role.', $exception->getMessage() ); | |
| } | |
| /** | |
| * Ensure that wp_ensure_editable_role does not throw an exception when the role is editable. | |
| * | |
| * @ticket 43251 | |
| * | |
| * @covers ::wp_ensure_editable_role | |
| */ | |
| public function test_wp_ensure_editable_role_allows_editable_roles() { | |
| $role = get_role( 'editor' ); | |
| $this->assertInstanceOf( 'WP_Role', $role, 'The editor role should exist.' ); | |
| $this->assertNull( wp_ensure_editable_role( 'editor' ), 'The editor role should be editable.' ); | |
| } | |
| /** | |
| * Ensure that wp_ensure_editable_role throws an exception for non-existent roles. | |
| * | |
| * @ticket 43251 | |
| * | |
| * @covers ::wp_ensure_editable_role | |
| */ | |
| public function test_wp_ensure_editable_role_does_not_allow_non_existent_role() { | |
| $this->expectException( 'WPDieException' ); | |
| $role = get_role( 'non-existent-role' ); | |
| $this->assertNotInstanceOf( 'WP_Role', $role, 'The non-existent-role role should not exist.' ); | |
| wp_ensure_editable_role( 'non-existent-role' ); | |
| } | |
| /** | |
| * Ensure that wp_ensure_editable_role throws an exception for roles that are not editable. | |
| * | |
| * @ticket 43251 | |
| * | |
| * @covers ::wp_ensure_editable_role | |
| */ | |
| public function test_wp_ensure_editable_role_does_not_allow_uneditable_roles() { | |
| add_filter( | |
| 'editable_roles', | |
| function ( $roles ) { | |
| unset( $roles['editor'] ); | |
| return $roles; | |
| } | |
| ); | |
| $this->expectException( 'WPDieException' ); | |
| $role = get_role( 'editor' ); | |
| $this->assertInstanceOf( 'WP_Role', $role, 'The editor role should exist.' ); | |
| wp_ensure_editable_role( 'editor' ); | |
| } |
Comment on lines
1174
to
+1175
| } | ||
|
|
There was a problem hiding this comment.
Removes an additional line break.
Suggested change
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds a check to the create/add user to blog screen to match and allow only the roles that are displayed in the UI.
Trac ticket: https://core.trac.wordpress.org/ticket/43251