mjangda
commented
7 years ago What happens when the filesystem is read-only and you have these caps?
Closed ethitter closed 7 years ago
mjangda
commented
7 years ago What happens when the filesystem is read-only and you have these caps?
ethitter
commented
7 years ago Nothing too serious, it mostly leads to confusion. Core displays the theme and plugin editors, even though they should be disabled for all users care of the DISALLOW_FILE_MODS constant. Themes/plugins that use the file editor (or check related caps) also provide VIP Support users with an inconsistent experience. This came about as there was some confusion while someone was reviewing a plugin that checked the edit_files cap, and it was unexpectedly returning true.
mjangda
commented
7 years ago Got it. (Also just caught up on the Slack scrollback :))
My only concern here would be that user_has_cap is fired a lot of times so we want to make sure it's super fast. I'm assuming that the cost of array_diff here is probably negligible.
ethitter
commented
7 years ago Yeah, I thought about that. I think the array_diff() is preferable to a check inside the foreach(), and at worst, we're only slowing this down for ourselves. :)
scottsweb
commented
7 years ago This caught me out too. I was looking at tumbleweed and noticed you can delete a plugin - or at least the UI suggests you can and started to implement changes for that: https://github.com/Automattic/vip-dashboard/pull/75/files#diff-89ad60d19282ec7bc4917b8a060268ccR388
Certain capabilities, such as those related to filesystem modifications, don't make sense for even VIP Support users, as the filesystem is read-only.
Fixes #52