Make WordPress Core

Changeset 59122


Ignore:
Timestamp:
09/30/2024 06:47:20 AM (2 weeks ago)
Author:
cbravobernal
Message:

Block bindings: Add canUpdateBlockBindings editor setting.

Adds a canUpdateBlockBindings editor setting that allows to decide if the user is able to create and modify bindings through the UI. By default, only admin users can do it, but it can be overridden with block_editor_settings_all filter.

Props santosguillamot, gziolo, jorbin, noisysocks, matveb, cbravobernal, youknowriad, mamaduka, timothyblynjacobs, peterwilsoncc, drivingralle.
Fixes #61945.

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/block-editor.php

    r58798 r59122  
    665665        }
    666666    }
     667
     668    $editor_settings['canUpdateBlockBindings'] = current_user_can( 'edit_block_binding', $block_editor_context );
    667669
    668670    /**
  • trunk/src/wp-includes/capabilities.php

    r58998 r59122  
    802802            $caps = map_meta_cap( 'edit_user', $user_id, $args[0] );
    803803            break;
     804        case 'edit_block_binding':
     805            $block_editor_context = $args[0];
     806            if ( isset( $block_editor_context->post ) ) {
     807                $object_id = $block_editor_context->post->ID;
     808            }
     809            /*
     810             * If the post ID is null, check if the context is the site editor.
     811             * Fall back to the edit_theme_options in that case.
     812             */
     813            if ( ! isset( $object_id ) ) {
     814                if ( ! isset( $block_editor_context->name ) || 'core/edit-site' !== $block_editor_context->name ) {
     815                    $caps[] = 'do_not_allow';
     816                    break;
     817                }
     818                $caps = map_meta_cap( 'edit_theme_options', $user_id );
     819                break;
     820            }
     821
     822            $object_subtype = get_object_subtype( 'post', (int) $object_id );
     823            if ( empty( $object_subtype ) ) {
     824                $caps[] = 'do_not_allow';
     825                break;
     826            }
     827
     828            $caps = map_meta_cap( "edit_{$object_subtype}", $user_id, $object_id );
     829            break;
    804830        default:
    805831            // Handle meta capabilities for custom post types.
  • trunk/tests/phpunit/tests/user/capabilities.php

    r58073 r59122  
    571571            $expected['edit_app_password'],
    572572            $expected['delete_app_passwords'],
    573             $expected['delete_app_password']
     573            $expected['delete_app_password'],
     574            $expected['edit_block_binding']
    574575        );
    575576
     
    23772378        return $data;
    23782379    }
     2380
     2381    /**
     2382     * Test `edit_block_binding` meta capability is properly mapped.
     2383     *
     2384     * @ticket 61945
     2385     */
     2386    public function test_edit_block_binding_caps_are_mapped_correctly() {
     2387        $author = self::$users['administrator'];
     2388        $post   = self::factory()->post->create_and_get(
     2389            array(
     2390                'post_author' => $author->ID,
     2391                'post_type'   => 'post',
     2392            )
     2393        );
     2394
     2395        foreach ( self::$users as $role => $user ) {
     2396            // It should map to `edit_{post_type}` if editing a post.
     2397            $this->assertSame(
     2398                user_can( $user->ID, 'edit_post', $post->ID ),
     2399                user_can(
     2400                    $user->ID,
     2401                    'edit_block_binding',
     2402                    new WP_Block_Editor_Context(
     2403                        array(
     2404                            'post' => $post,
     2405                            'name' => 'core/edit-post',
     2406                        )
     2407                    )
     2408                ),
     2409                "Role: {$role} in post editing"
     2410            );
     2411            // It should map to `edit_theme_options` if editing a template.
     2412            $this->assertSame(
     2413                user_can( $user->ID, 'edit_theme_options' ),
     2414                user_can(
     2415                    $user->ID,
     2416                    'edit_block_binding',
     2417                    new WP_Block_Editor_Context(
     2418                        array(
     2419                            'post' => null,
     2420                            'name' => 'core/edit-site',
     2421                        )
     2422                    )
     2423                ),
     2424                "Role: {$role} in template editing"
     2425            );
     2426        }
     2427    }
    23792428}
Note: See TracChangeset for help on using the changeset viewer.