Always hide AMP admin menu item and compatibility tool menu items for non-admins role #3005
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…AMP settings screen
westonruter
commented
Aug 9, 2019
| @@ -994,6 +975,9 @@ public function test_add_admin_notices() { | |||
| * @covers \AMP_Validation_Error_Taxonomy::filter_tag_row_actions() | |||
| */ | |||
| public function test_filter_tag_row_actions() { | |||
| wp_set_current_user( $this->factory()->user->create( [ 'role' => 'administrator' ] ) ); | |||
| global $pagenow; | |||
| $pagenow = 'edit-tags.php'; | |||
There was a problem hiding this comment.
I'm confused as to why this is needed now. Perhaps global state had set it before.
There was a problem hiding this comment.
Yes, this seems to be the case.
swissspidy
approved these changes
Aug 12, 2019
westonruter
added a commit
that referenced
this pull request
Aug 12, 2019
…p-bind-syntax * 'develop' of github.com:ampproject/amp-wp: RTLCSS all the things (#2977) Fix AMP Story editor compatibility with code editor (#3007) Update dependency core-js to v3.2.1 (#3011) Update amphtml validator spec to v1907301630320 (#3003) Improve handling of unlisted Vimeo videos (#2986) Always hide AMP admin menu item and compatibility tool menu ite… (#3005) Update dependency dom-scroll-into-view to v2.0.1 (#3008) Hide tooltips that should be hidden (#2988)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See https://wordpress.org/support/topic/hide-amp-in-side-bar-for-specific-roles-authors/
When a user is not an administrator, they still have access to the AMP settings screen but all of the fields on the screen are disabled and they can't modify anything. This was allowed because the Validated URLs and Validation Error screens are are admin submenu items under the top-level AMP menu page. Thus the top-level page was given
edit_postscapability, though all of the settings requiredmanage_optionsto change.The thinking here was to allow the users to access the admin screens the compatibility tool even if they cannot
manage_options. In reality, this is just noise and non-admins should not be concerned with site-level validation errors. See #2316 (comment) and #2673.Nevertheless, a case can be made to continue allowing a user to access the Validated URL screen individually for posts that they can edit. This is what this PR does. Non-admin users never see the top-level AMP admin menu item, and they never see the admin menu items for Validated URLs and Validation Errors. The only way they can get to these screens is by causing a validation error, at which point they will see the warning notice in Gutenberg, allowing them to access the screen via the “Review Issues” link.
This PR also hides the Validated URLs from the “At a Glance” dashboard widget, if the user is not an administrator.
Before
After
Build for testing: amp.zip - 1.2.1-beta1-20190809T205628Z-303e81ea
Fixes #2702.