Changes between Version 3 and Version 4 of Ticket #44176, comment 22
- Timestamp:
- 12/19/2019 06:11:21 PM (6 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #44176, comment 22
v3 v4 1 1 Hey all, 2 2 3 I wanted to take a different approach to this as I'm pretty sure that we had been discussing a "built-in" DPO since the start but as everything was new at that time we didn't move that forwards and we ended up "forcing" the privacy caps to Admins only basically.3 Please ignore the first attachment:44176.diff, I was a bit confused with the primitive/add_cap as I wasn't fully aware of how it's working and it seems that I did double work :D. 4 4 5 Let me explain what this patch does and where I'm facing some issues to see if we can figure out something either with or without the role (I'm not leaning into keeping the role but it's easy this way to simply apply the patch and do a `wp role reset --all` so the DPO can be created to check it out for the time being). 5 The attachment:44176.2.diff : 6 6 7 First of all, it splits the caps into manage_privacy_options, export_others_personal_data & erase_others_personal_data on their own.7 Creates a new schema as `populate_roles_540()` that adds the 3 privacy caps to the administrator role by default. 8 8 9 1] Changes the `erasure` procedures to not need the `delete_user` cap as these can be specifically applied to users now.9 The 'Tools' is already opening for this role as-is, but I had to adjust the Settings so the Privacy setting could be accessed if someone only had the `manage_privacy_options`. I would love feedback on how to tackle the menu problem as I don't like much the if statement there and not really sure if it's ok to do it that way. 10 10 11 2] Creates a new schema as `populate_roles_540()` that adds the new caps to the administrator role as well as creates a new DPO role and gives that all the necessary caps.11 The caps after this are accessible from plugins like the "Member" ( see screenshot ) that was mentioned here and they can be assigned to different roles also. 12 12 13 To break down the DPO role what it would need:13 As an example I created a custom_dpo for testing everything & to break down all of the capabilities that I eventually added are these: 14 14 15 15 {{{ 16 16 // These are the privacy-related caps so the role can have access to the Exporter/Eraser. 17 17 18 $role->add_cap( 'export_others_personal_data' ); 19 $role->add_cap( 'erase_others_personal_data' ); 20 $role->add_cap( 'manage_privacy_options' ); 18 export_others_personal_data 19 erase_others_personal_data 20 manage_privacy_options 21 21 22 22 23 // These are the caps to allow access to Dashboard 24 // (the lowest caps possible on this aspect). 25 26 $role->add_cap( 'read' ); 27 $role->add_cap( 'level_0' ); 28 29 // Page caps are needed to edit/delete/create 30 // (unfortunately the role must have full access 31 // to pages to read drafts / from other users etc 32 // but ok we can live with that I guess :) ). 33 $role->add_cap( 'edit_pages' ); 34 $role->add_cap( 'edit_others_pages' ); 35 $role->add_cap( 'edit_published_pages' ); 36 $role->add_cap( 'publish_pages' ); 37 $role->add_cap( 'delete_pages' ); 38 $role->add_cap( 'delete_others_pages' ); 39 $role->add_cap( 'delete_published_pages' ); 40 $role->add_cap( 'delete_private_pages' ); 41 $role->add_cap( 'edit_private_pages' ); 42 $role->add_cap( 'read_private_pages' ); 23 // These are page editing for the Privacy page purposes. 24 edit_pages 25 edit_others_pages 26 edit_published_pages 27 publish_pages 28 delete_pages 29 delete_others_pages 30 delete_published_pages 31 delete_private_pages 32 edit_private_pages 33 read_private_pages 43 34 }}} 44 35 45 4] Adjust the menu. The 'Tools' is already opening for this role as-is, but I had to "adjust" the Settings so the Exporter/Eraser tools could be accessed. I simply added an `if` there to create a different Settings parent menu if a user has the manage_privacy_options cap but not the manage_options one. I'm not totally sure about this though but that's the only way that my brain allowed me to work with this since we can't pass arrays on the menus for caps.46 36 47 --- 37 Do tell me if I'm missing anything as I got really lost trying to figure out how caps are supposed to be in core. 48 38 49 The caps after this are accessible from plugins like the "Member" that was mentioned here and they can be assigned to different roles also.39 The filters that we usually use on plugins are straightforward but core seems a totally different game on this aspect :D . 50 40 51 I would love feedback on how to tackle the menu problem as I don't like much the if statement there and not really sure if it's ok to do it that way. 41 Thanks!