-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
As a contributor / author navigation block only shows a spinner #36286
Comments
We're going to fix part of this in the REST API by allowing anyone with CPT edit access to read this information. But we should investigate why there isn't an error message of some kind when that REST API request fails. |
I'll take a look at the UI side of this. |
Actually, can someone clarify (@youknowriad ?) whether any user should be able to use this block? This would expose all menu data to contributors and up which may be undesirable. |
I'm not familiar with this block personally but yes, I believe like all blocks, it's supposed to be usable by everyone, so I guess we'd have to adapt its behavior (hide things) for contributors. |
Yep. Several tasks will likely need to spin out of this one in terms of making sure the block adapts to different user types. |
So as pointed out above I'm getting a 403 Forbidden for the Menus endpoint. This will get fixed but we should add a fallback in the UI which I will do now. Ok it looks like the fallback in the UI is already in place it's just a bug with Core Data. I have a fix in #36353. |
Thanks @youknowriad. Do you think it is acceptable that this block won't show the "Convert from an existing menu" UI for non-administrators? |
I was just checking how this might work for reusable blocks, and it looks like it doesn't 😬 A contributor can add a resuable block created by an admin, edit it, but they can't save it (tested in the post editor). Saving seems to throw an error:
So it seems there isn't much prior art for this kind of situation. |
I'm taking a look at a solution now as the current experience is not suitable. |
I started exploring if we could use the block locking API to stop users editing if they have lower permissions. Also experimenting with showing a warning message above the block when it is selected to warn users that they have insufficient permissions to edit the block. What we really need is a "no edits" mode for blocks. |
I think they should be able to read but not write. The Site Editor needs to display the Navigation block and its items but not allow them to edit the items. To do that we need the endpoint to allow returning the data for lower permission users. |
Following some discussion
Also noting that the Site Editor is no longer accessible by Contributor role users so this might be less of an issue. |
You can read data from the menu item endpoint, if you can edit any post you can access the menu data. So what exactly has to change? I am confused |
My mistake. We can read
The first one is achievable using |
To be clear, there will also need to check permission checks for menus ( as in classic menus) as well not just |
@spacedmonkey I think this was handled in #36353, but it doesn't check the permissions up front, just handles the failure response from the GET request. Users can't directly edit classic menus from the navigation block, so I don't think it's too bad the way it is. What do you think?
@getdave I'm not really sure what the distinction is between editing and publishing. Both require saving |
The navigation post type's capabilities map to post post types capabilities. This means a user like a contributor could create a post but not publish it. If a contributor creates a post in the editor, they can submit it for review but not publish. Canuser do not currently allow you to check for publish capabilities. Just that a user can post to an endpoint doesn't mean they can publish. To see if you can publish, you have check the links and see if the 'wp:action-publish' exists. |
@talldan What @spacedmonkey outlines is what I'm experiencing. You can create a post and "save" it but because you cannot publish the |
Also if we find a way to reliably determine that the user cannot create Navigation we should remove the Navigation block from the block picker (but not unregister it). That way they never even have to see the "You don't have permission to create" message, but they'd still be able to view (but not edit) existing Navigations. |
Current stateThe Navigation block allows users to control Navigation on a website. This block is potentially used for "site wide" Navigation such as in the header of the site. The block saves its inner blocks to an entity of Post type Currently this block is available to be interacted with in the (Post) editor by all users. That's a problem because historically only "admin" users have been able to edit Menus. The GoalThe Navigation block should behave in a similar way to Menus in classic WordPress. The Menus screen is only available to users with the We should replicate that for the Nav block in that it should not be possible to update a Navigation if you don't have that permission level. However, due to the concept of WYSIWYG editing, we should (ideally) still allow users with lower capabilities to see (i.e. "view") Navigations. They should just not be able to edit them. Also worth remembering that the Site Editor is only accessible to Admin users, so this is really only a problem for editors which lower permission users have access to. Editing an (existing) Navigation as a Contributor userWhen attempting to "Save", users with insufficient capabilities cannot do so. However this is not made apparant in the UI via any kind of feedback. The only way to know what is happening is to look at the Network tab and notice the Here's a video showing me as a "Contributor" Role user, trying to edit an existing Navigation (which was created by an Admin): Screen.Capture.on.2021-12-10.at.10-38-48.movWhy does this happen?As Why don't we show an error message?Ideally we could detect the 403 on the response and show an error message. However, currently Gutenberg's gutenberg/packages/core-data/src/resolvers.js Lines 107 to 110 in 1b15cf1
...and therefore it is not possible for the React component to determine if/when a request made via the Using canUser to determine permissionsWhy can't we use
This allow us to display a message to the user within the block that they don't have permission to edit. This won't stop them interacting with the block, but at least they'll know they can't save. Remember this only works once we have a
...will return misleading results. Creating a Navigation as a Contributor userCurrently there's nothing to stop a low capability user from inserting a Navigation block and trying to "Create" a new Navigation. However (as shown below) whilst the UI allows them to "Create" a new Navigation, they do not have permission to publish it and thus the UI simply "hangs" in a loading state due to the Screen.Capture.on.2021-12-10.at.11-04-13.movThis seems good - in the same way as above, we can show a feedback message to the user by checking whether they have permission. However...the problem is we cannot know whether a user has permission until the
That means we have no way to determine whether the user can create Navigations prior to showing them the Navigations in Private PostsIt's also possible to create Navigations within private Posts. Should a Navigation created in this way be accessible to other users? Potential SolutionsMap capabilities to
|
For some extra context here, we had to tweak the permission for We can create a custom REST API controller / tweak permissions so that navigations posts public to read by limited in who can create them. This means that navigation blocks are seen as public first, not sensitive. If navigation are seen as public, if you embed one in a private post / draft post, you know that it is public. However, this would only make sense in a world where we had a navigation editor, when you create a public menu and then simply embed into the post / page. For navigation posts to work as expected, even contributor users would have to have the ability to publish navigation posts. It's worth noting, that just being able to create a post does not mean that you can publish it. Contributors can create a post in the editor but are not allowed to publish them. A post goes into a pending state and another editor/admin user can review and publish it for them. The current checks for I believe we need to update I am personally worried about timelines here, as we are currently beta 2, resolve this may take some time. Stripping the navigation block out anything other than the site editor, maybe the best path forward. |
@draganescu It isn't just a case of create/save/publish it is also read the a couple of cases where a post could not be accessed.
The key thing is, we need the navigation block in site edit, but we can remove/unregister it from other editors until we can really solve these problems.
I do think it is something that should be easier enough to hack together a POC. Might need a little help with the JS, but I could get something working early next week. |
@spacedmonkey @draganescu Please see #37291. Also note |
I have a possibly solution here. #37302 I would love a review. |
I'm not sure we should be introducing more usage of I like the approach of setting the capabilities to Ccing @peterwilsoncc who has looked a lot at post type capabilities. |
I personally agree with you @TimothyBJacobs but I am not sure I see another way around this. If I build a private, draft or scheduled a embed a navigation block in it, if that data is public, it could be seen as leaking information, as if any users can access any navigation, you could see what was in a private post. Consider the following example. Boss of company writes a blog post, saying they are going to be job loses, schedules the post go out on the 1st of Jan. He / she / they embed a navigation block that links to information about the job loses. If user b, creates a post and lists the navigation block, they could embed the navigation block used in the job loses post and find out the contents of that blog post before it's public. When you consider a navigation a part of the parent posts content and not a global and public thing, then inherited is the only mental model for navigation blocks that start life as part of content. Again, if we had a navigation editor, this would be different but if a navigation post / block starts life in the editor, there, it should follow the permission model of the parent post. However, navigation posts, created in the site editor, should always be seen as public and do not have the same rules. |
Another very simple workaround, is to only save navigation posts, if you are in the site editor and save the navigation block data into the contents of the current post you are editing. That would mean, blocks are not available to select unless you created the in site editing. |
I don't think we necessarily need to solve for that case in the initial release as long as it is clear to the user that menus are available to be selected to all authors. There is a similar issue with Reusable Blocks. I think a solution for both would be to allow publishing privately with the
I think this is a good solution as well. |
This comment has been minimized.
This comment has been minimized.
There's a |
Please help me understand better. |
Hi @carolinan. This particular issue is focusing on the Navigation block and how it behaves/presents itself for users with lower capabilities/permissions (e.g.
Specifically in terms of Nav Menus, the concerns I highlighted are that some users shouldn't have permission to edit certain key areas of the site. Navigations are potentially key areas of a site. I currently believe this paradigm is consistent with classic Themes, in that - for example - only Admins can edit Applying the same thinking to FSE means that those same users shouldn't be able to make edits to Navigation Menus (via the Navigation block). This is what #37286 is trying to address. I hope that helps? Let me know if there's something that's not clear or if you have any questions. |
But the current solution in 37291 is to remove it for all users of template editing, not only non admins. |
Ok understood. Perhaps we can discuss the concerns about disabling in Site Editor over at #37291. The reason I didn't merge this is that I want to get more feedback on cases such as those which you mention. We may require more nuance that blanket "disable in everything but Site Editor". Consider the PR a proposal for review and feedback. Appreciate your time here. |
Recommendations for WP 5.9 Beta 3 or 4I've been working with others on a range of solutions to this problem around lower permission users' interactions with the Nav block. I now believe that in order for a fix to be in place for WP 5.9, the best and most expedient option is to display a UI warning to the user explaining that their changes cannot be persisted. I recognise that ideally, if the user has insufficient permissions, the blocks would be entirely read-only. However, we do not have sufficient time to extend/enhance the existing block locking system or scope to create a new API to enable this (although this is something we should pursue in WP 6.0). We should consider that these permissions issues will likely only effect a small subset of users because:
Nonetheless, whilst we cannot make blocks read only, we should endeavour to at least alert users to the fact that their edits will not be persisted. I have x2 PRs which attempt to do this:
I believe these are good to merge. They may require some follow ups but they move us towards a better experience. What we now need are:
Thank you all in advance for your help 🙇 |
I left a comment on #37286, which — of the two suggested — feels like the best path forward to me: no layout shifts, and clearly announced error. |
I believe we missed the cut off for beta 3 already. I believe it is due out Wednesday. Beta 4 is 100% possible. |
Beta 3 is the string freeze, so 4 would be too late to add a new error message. |
Description
As a contrubitor or author user, I create a navigation block and all is shown is a spinner. See video.
Step-by-step reproduction instructions
Screenshots, screen recording, code snippet
Screen.Recording.2021-11-07.at.20.43.46.mov
Environment info
Please confirm that you have searched existing issues in the repo.
Yes
Please confirm that you have tested with all plugins deactivated except Gutenberg.
Yes
The text was updated successfully, but these errors were encountered: