Closed TimothyBJacobs closed 2 months ago
Thanks for creating the issue.
I think we might want to keep canUser
around for a while. The new recommended selector will require resources to be registered as custom entities; currently, we don't have an easy way of doing that. See #27859.
The canUserEditEntityRecord
selector implies the action. We might need a better name here. Maybe hasPermssionsTo
? Matches the new hook @adamziel stabilized recently - #43268.
I think we might want to keep canUser around for a while. The new recommended selector will require resources to be registered as custom entities; currently, we don't have an easy way of doing that. See https://github.com/WordPress/gutenberg/issues/27859.
I think most custom entities would be using a non wp/v2
namespace, so they wouldn't be able to leverage canUser
anyways. But keeping it around seems fine too.
The canUserEditEntityRecord selector implies the action. We might need a better name here. Maybe
hasPermssionsTo
? Matches the new hook @adamziel stabilized recently - https://github.com/WordPress/gutenberg/pull/43268.
I like that a lot too.
@Mamaduka we can't rename it, as it is a part of the public API, but we can create a new one and deprecate the old one. How about hasEntityRecordPermissions
?
@adamziel, right. We should deprecate the canUserEditEntityRecord
selector and introduce the new one.
I just want to cross-link the "Short-circuit HEAD methods in Core controllers" core ticket. When it's available in core, I think it would be a nice addition to the new selector/resolver.
Description
The
@wordpress/core-data
module provides a selectorcanUser( action, resource, id )
that can interrogate whether a user has permission to perform the given CRUD action for the given resource and optionally a specific record.For example, to check whether the user can update a
page
with the id of5
, you can perform the following check.Unfortuantely, this method only supports resources that are in the
wp/v2
namespace. Additionally, it requires you to know the final REST API path. Typically, however, only an entitykind
andname
are known.There currently exists a
canUserEntityRecord
selector, but it is only a wrapper forcanUser
and does not Post Type entity records. Additionally, it only supports Post Types that have thewp/v2
namespace which is not a requirement since WP 5.9.https://github.com/WordPress/gutenberg/blob/1d778aa5e7506390c4d1a89974ec69088026855a/packages/core-data/src/selectors.ts#L996-L1009
I think
canUserEntityRecord
should be adapted to actually perform the permission handling logic utilizing thebaseURL
property of the entity config. ThencanUser
would be deprecated.Step-by-step reproduction instructions
canUser
selector via the browser console.Screenshots, screen recording, code snippet
No response
Environment info
No response
Please confirm that you have searched existing issues in the repo.
Yes
Please confirm that you have tested with all plugins deactivated except Gutenberg.
Yes