Make WordPress Core

Opened 2 years ago

Last modified 3 months ago

#57379 reopened defect (bug)

A Way to Disable Export Theme

Reported by: unsalkorkmaz's profile unsalkorkmaz Owned by:
Milestone: 6.8 Priority: normal
Severity: normal Version: 6.1.1
Component: Administration Keywords: has-unit-tests has-patch
Focuses: Cc:

Description

related Github issue;
https://github.com/WordPress/gutenberg/issues/46661

## What problem does this address?
This button tries to zip my whole theme which as node_modules with 500MB content:
https://user-images.githubusercontent.com/207720/208480389-b2929241-76de-4d24-89fb-94be7223d039.png

Here is the video:
https://www.youtube.com/watch?v=9F1LtmMrjsY
You can see CPU spike in right macos m1 menu..

And lets say I want to show a demo for my premium theme.. Why would I want a download button?

## What is your proposed solution?
I need a way to disable this.

Change History (15)

This ticket was mentioned in PR #6966 on WordPress/wordpress-develop by @rajinsharwar.


7 months ago
#1

  • Keywords has-patch added

Fixing issue with node_modules not getting ignored while in sub-directory and adding new filter for permission capability for Export button. New filter "allowed_user_role_to_export_theme" added to add control over the permission callback of that Export Functionality.

https://github.com/WordPress/wordpress-develop/assets/68213636/371cb20e-365c-4d2e-8e21-d71361dc0f00

Trac ticket: https://core.trac.wordpress.org/ticket/57379

#2 @rajinsharwar
7 months ago

  • Milestone changed from Awaiting Review to 6.7
  • Summary changed from A Way to Disable Export Theme to Node Modules in sub-directories not getting ignored while exporting the theme, and a way to disable the theme export

I have fixed the issue where node_modules were not ignored in the subdirectories.

Also now, anyone can create a new user capability, and using the new filter "allowed_user_role_to_export_theme", use that to add restrictions over that Export Functionality. Something like this:

add_filter( 'allowed_user_role_to_export_theme', function( $role ){
        $role = 'my_custom_user_capability';
        return $role;
} );

In this way, instead of the default capability "edit_theme_options", the "my_custom_user_capability" will be used while checking for permissions.

Also, updated the title of the ticket to mention the change about node_modules. Slating for 6.7 release.

#3 @rajinsharwar
7 months ago

  • Keywords needs-unit-tests added

#4 @peterwilsoncc
7 months ago

@rajinsharwar I think these should be seperate tickets, one to ignore the node modules and one to discuss the need for a new filter.

#5 @rajinsharwar
7 months ago

  • Summary changed from Node Modules in sub-directories not getting ignored while exporting the theme, and a way to disable the theme export to A Way to Disable Export Theme

@peterwilsoncc Reverted the node_modules change, so that we can discuss about the new filter in thic ticket.

#6 @rajinsharwar
7 months ago

New ticket created for the Node Modules issue: #61575

#7 @peterwilsoncc
7 months ago

Thanks @rajinsharwar.

WordPress includes an export capability that controls the ability of users to export the contents of a site. With the introduction of the Site Editor, this also includes the posts and images used for customizing a theme.

As exporting a theme includes exporting these post types and combining them with the existing theme, I am wondering if the appropriate change for the exporting of themes from the site editor is to also use the export capability.

#8 @rajinsharwar
6 months ago

@peterwilsoncc Yeah, maybe we can just change that to the default export cap. Pushed that!

#9 @Mamaduka
6 months ago

Using the export capability makes sense; a user is exporting Site Editor content.

The client-side code should also be able to check if a user can perform an export action and show/hide menu items based on this.

This could be done by adding action to the theme responses.

Example from posts controller - https://github.com/WordPress/wordpress-develop/blob/74e03e3cbef2f2565028f446c76acb2dabf749bd/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php#L2201-L2203

#10 @TimothyBlynJacobs
6 months ago

I think ideally this would end up getting exposed by the client doing an OPTIONS or HEAD request to the export endpoint.

I think a link would also be a good idea. But instead of an action link, we could link to the export endpoint using a rel like w:export-theme if the theme is a block theme, and include an appropriate targetHint.

#11 @Mamaduka
6 months ago

@TimothyBlynJacobs, I suggest a link because export doesn't really fit into CRUD actions that API usually checks via OPTIONS or HEAD requests.

This ticket was mentioned in Slack in #core by chaion07. View the logs.


5 months ago

This ticket was mentioned in Slack in #core by chaion07. View the logs.


4 months ago

This ticket was mentioned in Slack in #core-test by sppramodh. View the logs.


3 months ago

#16 @peterwilsoncc
3 months ago

  • Keywords has-unit-tests added; needs-unit-tests removed
  • Milestone changed from 6.7 to 6.8
  • Severity changed from major to normal
  • Status changed from new to reopened

I've reopened this as the ticket is focusing on changing the permissions for allowing export, which needs implementation in both the UI and the API endpoint.

As there hasn't been any progress for a while, I've moved this off the 6.7 milestone.

Note: See TracTickets for help on using tickets.