REST API: Add /gutenberg/available-extensions endpoint #10710
Conversation
ockham
added
[Status] In Progress
[Feature] WP REST API
[Focus] Blocks
|
Thank you for the great PR description! When this PR is ready for review, please apply the Scheduled Jetpack release: November 26, 2018. Generated by 🚫 dangerJS |
ockham
force-pushed
the
add/gutenberg-available-extensions-endpoint
branch
from
3d6465e to
64bf1e4
Compare
ockham
added
[Status] Needs Review
|
Leaving a not here that we discussed with @ockham that it might make sense to also pass a |
| 'type' => 'boolean', | ||
| ), | ||
| 'unavailable_reason' => array( | ||
| 'description' => __( 'Human readable reason for the extensiongutenberg/available-extensions not being available', 'jetpack' ), |
There was a problem hiding this comment.
Something looks a little wrong with this description
| /** | ||
| * Ensure the user has proper permissions | ||
| * | ||
| * @return WP_Error|boolean |
There was a problem hiding this comment.
current_user_can will always return a boolean AFAIK. Are we filtering it so it would return a WP_Error under some circumstances?
There was a problem hiding this comment.
Nah (or at least that I'm aware of). JSDoc copypasta.
| * @return WP_Error|boolean | ||
| */ | ||
| public function get_items_permission_check() { | ||
| return current_user_can( 'edit_posts' ); |
There was a problem hiding this comment.
Noting that usually for doing anything with modules (retrieving activation status or (de)activating), we require the jetpack_manage_modules capability. Is there any reason why we use a different one here?
There was a problem hiding this comment.
I think a user can have edit_posts but not jetpack_manage_modules
There was a problem hiding this comment.
Okay, but then: if we don't want the users to have access to manage modules, we don't give them the jetpack_manage_modules and the jetpack_admin_page capabilities, right? But then, with the check being like this, we expose the module information to them, regardless of whether they have the capability. That feels a bit off to me.
There was a problem hiding this comment.
Your rationale makes sense to me, @tyxla. Changing to jetpack_manage_modules.
There was a problem hiding this comment.
Not so fast @ockham 😆
FWIW, the modules endpoint needs the jetpack_admin_page permission for reading module activation state. It needs jetpack_manage_modules for changing the state.
There was a problem hiding this comment.
So if we go by intent (display available blocks in the block picker, i.e. when editing a post) rather than implementation (check module activation state -- but also some additional information for individual blocks), edit_posts seems to make sense again... 🤔
There was a problem hiding this comment.
Note that even though jetpack_admin_page falls back to read, they're still different capabilities, and if we use read instead of jetpack_admin_page, we're still introducing subtle differences. One difference could be the fact that in with Jetpack dev mode enabled, jetpack_admin_page will default to manage_options. Another could be any plugin or custom code that tinkers with the custom capability.
There was a problem hiding this comment.
Is the TL;DR of the above convo that contributors can still see their blocks? 😅
There was a problem hiding this comment.
Block availability isn't perfectly congruent with module activation status, since individual blocks can also depend on plans etc.
Totally. But then, since module activation status is one of the requirements, I'd expect the minimum needed capability there to be jetpack_admin_page. Any user should be able to read the current site plan, at least that's how it currently works for the Jetpack React page.
There was a problem hiding this comment.
As discussed via Slack, this endpoint won't expose module activation state directly, so using edit_posts makes sense 👍
| <?php | ||
|
|
||
| /* | ||
| * Plugin Name: Available Gutenberg Extensions (Blocks and Plugins) for wpcom/v2 WP-API |
There was a problem hiding this comment.
Is this a plugin? I didn't expect to see a plugin docblock here.
There was a problem hiding this comment.
Copypasta strikes again 🙄
I gave this some more thought. I thought of a scenario:
I can't seem to think of any plausible cases where the list of available blocks would change in such a scenario. What seems somewhat more realistic is different blocks available depending on post type, but since AFAIK even Gutenberg itself doesn't take that case into account (yet), I'm inclined to say it's safe enough to not have the endpoint accept any arguments. (Should Gutenberg change dramatically in that regard it's probably okay to bump the API version anyway.) Unless you feel strongly about this @lezama 😄 |
let's keep it simple for now 👍 |
|
Addressed feedback. This should be ready for another look. |
|
WP.com counterpart: D21280-code |
| * [ | ||
| * { # Availabilty Object. See schema for more detail. | ||
| * available: (boolean) Whether the extension is available | ||
| * unavailable_reason: (string) Human readable reason for the extension not being available |
There was a problem hiding this comment.
Human readable reason for the extension not being available
is not really true. since reason usally looks like missing_module or missing_plan
|
Thanks everyone! |
jeherve
added
[Status] Has Changelog
and removed
[Status] Needs Changelog
[Status] Needs Review
* Add first version of the Changelog and testing list for 6.9 * Changelog: add #10710 * changelog: add #10538 * changelog: add #10741 * changelog: add #10749 * changelog: add #10664 * changelog: add #10224 * changelog: add #10788 * Changelog: add #10560 * Chanegelog: add #10812 * changelog: add #10556 * Changelog: add #10668 * Changelog: add #10846 * Changelog: add #10947 * Changelog: add #10962 * Changelog: add #10956 * Changelog: add #10940 * Changelog: add #10934 * Changelog: add #10912 * changelog: add #10866 * changelog: add #10924 * Changelog: add #10936 * Changelog: add #10833 * changelog: add #10867 * Changelog: add #10960 * Changelog: add #10888 * changelog: add #10840 * changelog: add #10972 * Changelog: add #10979 * changelog: add #10909 * Changelog: add #10958 * Changelog: add #10981 * Changelog: add #10564 * Changelog: add #10809 * Changelog: add #10982 * Changelog: add #10706 * Changelog: add #10978 * Changelog: add #10132 * Changelog: add #11022 * Changelog: add #11024 * Changelog: add #10875 * Changelog: add #11030 * Changelog: add #11053 * Changelog: add #10880 * Changelog: add #9359 * Changelog: add #11037 * Update block list * Changelog: add #11060 * Changelog: add #10755 * changelog: add #11000 * Changelog: add #10786 * Changelog: add #10945 * Changelog: add #10597
Based on @roccotripaldi's D21225-code. As I commented there,
Changes proposed in this Pull Request:
/gutenberg/available-extensionsendpoint to expose Gutenberg block and plugin availabiltyTesting instructions:
Manual Tests
(stolen from Mike's for #10605)
GET /wp-json/wpcom/v2/gutenberg/available-extensions. Verify that you get a list of blocks, withavailablebool attributes (andunavailable_reasonstrings ifavailableisfalse). Verify that block/plugin availability corresponds to module activations status/plan/etc (also try changing them and verify that the endpoint's response changes accordingly).GET /wp-json/wpcom/v2/gutenberg/available-extensions, and verify that you get a 403 error. Try the same unauthenticatedProposed changelog entry for your changes:
/gutenberg/available-extensionsendpoint to expose Gutenberg block and plugin availabiltyFollow-up TODO