DISALLOW_FILE_EDIT prevents manage plugins from working

[Ipstenu]

This may belong in Jetpack, since it's via the manage feature, as I understand it, but possibly not...

I saw that the auto-updates are dependent on DISALLOW_FILE_EDIT being false (or undefined) as well as the logical _MODS and AUTOMATIC_UPDATER_DISABLED

The following constants also need to be set to false or not defined:
DISALLOW_FILE_EDIT, DISALLOW_FILE_MODS and
AUTOMATIC_UPDATER_DISABLED. And any plugin that
intentionally disables autoupdates must not be active.

There seems to be some confusion as to what DISALLOW_FILE_EDIT is intended for.

DISALLOW_FILE_EDIT is specifically there to prevent people from editing files while permitting them to continue to upgrade their themes and plugins per usual. The whole point of it is to say "Don't EDIT these files!" It's a safeguard for many users, most of whom don't know the difference between 'make a child theme' and 'edit my parent theme.' This is a setting that consultants regularly recommend for their clients as it permits them to be safe from shooting themselves in the foot while still encouraging updates.

Per https://core.trac.wordpress.org/ticket/11306 the intention was to disallow editing and nothing more.

Consider https://core.trac.wordpress.org/ticket/31779 as well. While we don't want users to be editing things willy nilly, it's a logical fallacy to assume that 'no edit' means 'no upgrades.' In my experience, not allowing edits means, rather literally, not to permit edits.

Unless there's a technical reason (like the check for meta caps is torqued by the _EDIT check, which I would understand, it's quirky), why would this be a limitation?

It's actually lowering security for users. You're forcing them to allow edits in order to upgrade. We all know that users really must upgrade for sanity and security. Putting barriers like this in place seems a step backwards.

[jeherve]

Related: #304 and Automattic/jetpack#2987

cc @enejb, who's worked on that in the past few weeks.