Make WordPress Core

Opened 21 months ago

Last modified 10 days ago

#57379 new defect (bug)

A Way to Disable Export Theme

Reported by: unsalkorkmaz's profile unsalkorkmaz Owned by:
Milestone: 6.7 Priority: normal
Severity: major Version: 6.1.1
Component: Administration Keywords: has-patch needs-unit-tests
Focuses: Cc:

Description

related Github issue;
https://github.com/WordPress/gutenberg/issues/46661

## What problem does this address?
This button tries to zip my whole theme which as node_modules with 500MB content:
https://user-images.githubusercontent.com/207720/208480389-b2929241-76de-4d24-89fb-94be7223d039.png

Here is the video:
https://www.youtube.com/watch?v=9F1LtmMrjsY
You can see CPU spike in right macos m1 menu..

And lets say I want to show a demo for my premium theme.. Why would I want a download button?

## What is your proposed solution?
I need a way to disable this.

Change History (13)

This ticket was mentioned in PR #6966 on WordPress/wordpress-develop by @rajinsharwar.


2 months ago
#1

  • Keywords has-patch added

Fixing issue with node_modules not getting ignored while in sub-directory and adding new filter for permission capability for Export button. New filter "allowed_user_role_to_export_theme" added to add control over the permission callback of that Export Functionality.

https://github.com/WordPress/wordpress-develop/assets/68213636/371cb20e-365c-4d2e-8e21-d71361dc0f00

Trac ticket: https://core.trac.wordpress.org/ticket/57379

#2 @rajinsharwar
2 months ago

  • Milestone changed from Awaiting Review to 6.7
  • Summary changed from A Way to Disable Export Theme to Node Modules in sub-directories not getting ignored while exporting the theme, and a way to disable the theme export

I have fixed the issue where node_modules were not ignored in the subdirectories.

Also now, anyone can create a new user capability, and using the new filter "allowed_user_role_to_export_theme", use that to add restrictions over that Export Functionality. Something like this:

add_filter( 'allowed_user_role_to_export_theme', function( $role ){
        $role = 'my_custom_user_capability';
        return $role;
} );

In this way, instead of the default capability "edit_theme_options", the "my_custom_user_capability" will be used while checking for permissions.

Also, updated the title of the ticket to mention the change about node_modules. Slating for 6.7 release.

#3 @rajinsharwar
2 months ago

  • Keywords needs-unit-tests added

#4 @peterwilsoncc
2 months ago

@rajinsharwar I think these should be seperate tickets, one to ignore the node modules and one to discuss the need for a new filter.

#5 @rajinsharwar
2 months ago

  • Summary changed from Node Modules in sub-directories not getting ignored while exporting the theme, and a way to disable the theme export to A Way to Disable Export Theme

@peterwilsoncc Reverted the node_modules change, so that we can discuss about the new filter in thic ticket.

#6 @rajinsharwar
2 months ago

New ticket created for the Node Modules issue: #61575

#7 @peterwilsoncc
2 months ago

Thanks @rajinsharwar.

WordPress includes an export capability that controls the ability of users to export the contents of a site. With the introduction of the Site Editor, this also includes the posts and images used for customizing a theme.

As exporting a theme includes exporting these post types and combining them with the existing theme, I am wondering if the appropriate change for the exporting of themes from the site editor is to also use the export capability.

#8 @rajinsharwar
2 months ago

@peterwilsoncc Yeah, maybe we can just change that to the default export cap. Pushed that!

#9 @Mamaduka
7 weeks ago

Using the export capability makes sense; a user is exporting Site Editor content.

The client-side code should also be able to check if a user can perform an export action and show/hide menu items based on this.

This could be done by adding action to the theme responses.

Example from posts controller - https://github.com/WordPress/wordpress-develop/blob/74e03e3cbef2f2565028f446c76acb2dabf749bd/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php#L2201-L2203

#10 @TimothyBlynJacobs
6 weeks ago

I think ideally this would end up getting exposed by the client doing an OPTIONS or HEAD request to the export endpoint.

I think a link would also be a good idea. But instead of an action link, we could link to the export endpoint using a rel like w:export-theme if the theme is a block theme, and include an appropriate targetHint.

#11 @Mamaduka
6 weeks ago

@TimothyBlynJacobs, I suggest a link because export doesn't really fit into CRUD actions that API usually checks via OPTIONS or HEAD requests.

This ticket was mentioned in Slack in #core by chaion07. View the logs.


2 weeks ago

This ticket was mentioned in Slack in #core by chaion07. View the logs.


10 days ago

Note: See TracTickets for help on using tickets.