Site Title: Add a view mode for non-admins#18760
Conversation
scruffian
requested review from
Soean,
ajitbohra,
jorgefilipecosta and
talldan
as code owners
| import { RichText } from '@wordpress/block-editor'; | ||
|
|
||
| export default function SiteTitleEdit() { | ||
| export function SiteTitleEdit( props ) { |
There was a problem hiding this comment.
We should follow the style of the other components in this package and destructure props.
| * WordPress dependencies | ||
| */ | ||
| import { compose } from '@wordpress/compose'; | ||
| import { withSelect } from '@wordpress/data'; |
There was a problem hiding this comment.
withSelect uses useSelect under the hood and we are moving towards using that to better compose with other hooks, take advantage of functional component performance improvements, and improve readability.
| <h1>{ title }</h1> | ||
| ); | ||
|
|
||
| return ( props.canUpdate && props.isSelected ) ? editMode : viewMode; |
There was a problem hiding this comment.
Can we disable the input instead of introducing this split rendering path?
It seems innocuous in this context, but split edit/view paths will make it really hard to keep a consistent rendering style, so it will be better if we enforce using a single rendering path from the start.
There was a problem hiding this comment.
+1 to thinking more about how split render paths can be avoided.
There was a problem hiding this comment.
I agree. We explored a read only mode for RichText a while ago that could be enabled based on the context (a locked template or block for example). Additionally it would be good to disable attribute updating.
| withSelect( ( select, {} ) => { | ||
| const { canUser } = select( 'core' ); | ||
| return { | ||
| canUpdate: canUser( 'update', 'settings' ), |
There was a problem hiding this comment.
Just a note that I intend to make this part of the framework.
I envision that core-data will keep track of which entity properties are locked, actions can change that, entity configs provide default values/selectors, and useEntityProp will return a third boolean variable that says whether the specified prop is locked or not.
|
See #18772. |
|
The site title is available via the index in the REST API under |
|
I've also opened https://core.trac.wordpress.org/ticket/48816 since it seems like using the actual site title with display filters applied would also be wanted? |
|
I updated this to use the index path in the REST API for To avoid splitting the render path we need to do some more work on RichText so it has a read only mode. I'll start on this in a different PR, but maybe we can get this merged anyway, and circle back? |
|
@epiqueras, the problem is that non-admins can't access the REST API for this path at all, so I'm not sure that solution is going to help. :( |
|
We should find a way to unify these two APIs. Either make In the meantime, f6ce79c can still be applied to #18772. See #18772 (comment) for more reasoning. |
|
Also, I imagine the entity engine should be able to switch the API request if needed based on the locked context. |
That starts to become too convoluted. There could be multiple reasons why a property is locked and no way to map them to a single "correct" API request without a lot of extra configuration. Different consumers will also have vastly different requirements for this. This should be handled at the endpoint level where the required data and functionality already exists. There is no reason we couldn't have an additional endpoint that delegates to |
|
They are two entirely separate contexts, one is for editing a setting, the other is for getting the rendered site title. We're not going to support updating properties on the site index. Allow users read only access to the settings endpoint has a huge number of security implications. |
Is that viable? Only exposing properties which are safe to be read by users of course. |
|
I think those properties would be on the index. If it would be architecturally simpler, we could potential nest them under something like |
|
Yeah, we just need to use the same endpoint for reading and updating. |
|
I don't see why switching the request on the client to the base is a problem? It seems exactly the type of logic the API client would do instead of coding a specific endpoint on the server. That data should also already be loaded. Further, the values themselves should be different. Whatever is on |
|
Because it breaks a single resource into two when there's no need to. It's inconsistent and will make it harder to maintain. Other properties have |
This won't be possible, see: https://core.trac.wordpress.org/ticket/48812. I'll investigate the reverse... |
|
The index route isn't currently writable: https://github.com/WordPress/WordPress/blob/master/wp-includes/rest-api/class-wp-rest-server.php#L91 I can't forsee that changing either. Maybe we need to create new routes for each option? |
|
I think we should do this: #18760 (comment). |
|
I started a patch for this on the REST API: https://core.trac.wordpress.org/attachment/ticket/48885 I'm not sure how to go about implementing this in Gutenberg... |
|
Add a new entity for the new resource like you did here for "base": f6ce79c#diff-c5eaec560b039f2dc76f93fa76ba89da. |
|
I created #18970 to use the new API endpoint |
|
I don't think we should have a specific endpoint just for the title. Won't there be other site settings that need this functionality? Why not something like |
|
@epiqueras the endpoint supports /settings/title I wasn't sure how to extend the definition of entities to allow this. |
|
Yes, but why? All of these properties follow the same reading and updating logic. They should be grouped under something like |
Would this be identical to what |
|
No:
Only for a safe subset of settings. |
|
Ah, ok, that makes sense thanks. I'll update the patch to take this approach on Monday. Sorry for the confusion. |
|
Awesome! Thanks :-)
|
|
I updated this, and the corresponding core patch (https://core.trac.wordpress.org/ticket/48885) to put all the public settings in the same route. |
|
Reading the core ticket, it looks like the API endpoint needs to be implemented in the Gutenberg plugin? |
|
@scruffian, is it something that still needs to be worked on? |
gziolo
added
the
[Status] Stale
|
The issue is how we can let non-admins edit site level blocks like this. I don't think that problem has been solved yet. |
|
From what I understand, this can be closed thanks to this work: #32817 I'm going to do so but, if that's wrong, happy to reopen :) |
10 participants
Description
This updates the Site Title block to account for non-admins.
It's possible that this block could be added to a post that anyone has access to. Only admins should be able to edit the content, but all users should be able to see this block so that they have an accurate preview.
How has this been tested?
Create a 'non-admin' account on your WordPress site. Add the Site Title block to a post. You should be able to see the site title, but not edit it:
Screenshots
Admin (unchanged)
Non-admin
Types of changes
New feature (non-breaking change which adds functionality)
Checklist: