Size Change: +2.3 kB (0%)

Total Size: 1.13 MB

_{compressed-size-action}

I like this PR, it preserves everything in the post while limiting just the single restricted functionality. It looks like something that other entity-based blocks could use, too. Perhaps the logic here would make a good <PermissionsRequired /> component? Multi-entity saving could also leverage the permissions data. What if we declared permissions in the entities config? 🤔 Then each <EntityProvider could also render a UI warning. cc @gziolo @youknowriad

IMO we should make the blocks that cannot be edited read only and show the permission message in the inspector or in a flash notification when editing is attempted, so that we don't clutter the layouts so much :)

Particularly if we'll add this to other entity based blocks.

Glad you folks believe this is a better route forward.

If we can agree to merge this PR, then I can iterate on disabling the UI iterations.

In terms of time and scope, can we try and land a solution for the Navigation block only? If that can be abstracted for other blocks then great, but with limited time left I believe we need to focus on the Nav block only.

@jasmussen @javierarce Pinging you both here to see if you have any opinions on how to show the UI warning to the user.

IMO we should make the blocks that cannot be edited read only and show the permission message in the inspector or in a flash notification when editing is attempted, so that we don't clutter the layouts so much :)

I updated the implementation to use the global @wordpress/ notices package.

@getdave This does not handle the case where a user edits a post that contains a navigation post that they can not access.

In this screencast, you can see an admin add a navigation post then a contributor try and edit that post. The REST API 404s but that is not error handling in the editor.

@getdave This does not handle the case where a user edits a post that contains a navigation post that they can not access.

@spacedmonkey I don't understand this. I tested it and I couldn't replicate. Did I miss a step?

• I created a Post as Contributor.
• I switched to Admin and edited the Post, adding a Nav block and saving it.
• I switch back to Contributor.
• I saw the Nav block load correctly but the UI message was displayed.

@getdave The difference seems to be that you created a new menu, I used an existing menu that was created as part of FSE.

I ran my test again, got different buggy results.
Spinner that never goes

But when I select the block, I do get an error message.

@spacedmonkey Those replication steps didn't work either. I tried:

• As admin, creating Navigation in Site Editor
• switching to a Post which has contributor as author
• adding Nav block and selecting the Nav Menu i created in Site Editor and savings.
• switching to Contributor user
• opening the same Post
• Menu loads as expected and the error shows when the block is selected (intentional)

Not sure why you're getting different results here. Could you try rebuilding and then running the test again and noting down the exact steps to replicate what you're experiencing?

One thing I noted was that (for some reason) then Menu you are selecting has no items. Was that intentional?

Steps to replicate.

1. Create a post with navigation as admin.
2. Login as contributor.
3. Create post
4. Try to embed navigation for admin post.
5. See spinner.

@getdave

@spacedmonkey Thanks. I've now managed to replicate and the bug seems to be specific to your selecting All Pages when creating the Menu. That means under the hood we're using the Page List block.

It looks like it doesn't consider permissions in that many users can't access Pages including contributor users.

I'm not saying having this bug in the experience is acceptable, but if you try this PR with standard links it works perfectly.

I have raised a followup PR to fix the Page List but it's a bug that exists in trunk separately to the changes in this PR.

As a result I think we should assess this PR against using standard links and fix the bug with Page List as a seperate issue.

I think it should be possible to make the blocks mostly non-editable. Possibly it just requires setting templateLock to all. If that doesn't achieve everything needed it could also be possible to conditionally use the Disabled component and set renderAppender to false.

I think it could be worth trying it out in a separate PR as a small follow-up.

I think the flaky test system had an issue with the forward slash in the test description, so I've changed the test description. Hopefully that makes it pass.

I think it could be worth trying it out in a separate PR as a small follow-up.

Yes let's tackle this separately.

However, it the snackbar message show everytime the block is selected.

Thanks @spacedmonkey. That's actually intended based on @jasmussen's comment

@jasmussen: The snackbar warning announces well to screen readers, and by virtue of appearing in context, every time you try to make an edit, feels like the better interface for this warning.

@talldan I've adjusted as required and @ockham and I fixed the flaky test issue (turns out you need the create user bit in before/afterAll hooks.

Are you happy to merge?

I cannot test due to a npm outage, but the code looks good to me.

Thanks to everyone who helped with this, particularly @spacedmonkey for his REST API knowledge and @talldan and @adamziel for reviewing 🙇‍♂️

⚠️ String changes post string freeze in WP 5.9 Beta 3

Having spoken with release leads, as requested I have raised this Trac ticket to track the need to update strings after the Beta 3.