search

WordPress / gutenberg

The Block Editor project for WordPress and beyond. Plugin is available from the official repository.
https://wordpress.org/gutenberg/
Other
10.58k stars 4.23k forks source link

Add an `edit_global_styles` user capability to limit access to Global Styles #56299

Open ndiego opened 1 year ago

ndiego commented 1 year ago

What problem does this address?

By default, the Site Editor is restricted to Administrators. You can enable Site Editor access by granting any user role, or a new role, the capability of edit_theme_options. Here is an example: 

function create_custom_site_editor_role() {
    $capabilities = array(
        'read' => true,
        'edit_theme_options' => true,  // Allows access to the Site Editor and appearance settings
    );
    add_role( 'site_editor', 'Site Editor', $capabilities );
}
add_action( 'init', 'create_custom_site_editor_role' );

This example user role is extremely restrictive, but as soon as the user accesses the Site Editor they have a lot of power to modify they site. Certain things won't work, like adding/modifying patterns, adding templates, adding pages, etc. It takes a bit of trial and error to figure out what does.

This role does, however, have near complete control over Global Styles, which might not be ideal in specific scenarios.

Consider the situation where I have built a site for a client. The client wants some of their users to have limited access to the Site Editor so they can modify templates, pages, and patterns, but the users should not have access to modify the styling of the site. A designer configured the styling to match the client's brand guidelines.

I want to be able to create a new user role for the client that provides access to the Site Editor but restricts access to Global Styles, perhaps with a capability called edit_global_styles.

What is your proposed solution?

Create a new user capability called edit_global_styles (or something similar), which would allow the creation of a user role like the following. 

function create_custom_site_editor_role() {
    $capabilities = array(
        'read' => true,
        'edit_theme_options' => true,  // Allows access to the Site Editor and appearance settings
        'edit_global_styles' => false // Restrict access to Global Styles
    );
    add_role( 'site_editor', 'Site Editor', $capabilities );
}
add_action( 'init', 'create_custom_site_editor_role' );

This capability would have the following effect.

Site Editor sidebar

Before After
image image

Global Styles panel

Before After
image image

Push to Global Styles panel

Before After
image image
genepine commented 2 months ago

In block themes, the navigation menu cannot be edited with editor privileges. In classic themes, we can use UserRoleEditor or AdminMenu to give editor privileges and above (i.e. general users) the appropriate privileges for customizing the navigation menu, which allows you to change the order of the menu and change the destination of links. This is not possible with block themes.

ramonjd commented 2 months ago

Indirectly related:

The proposal is to open up READ access to all users that can edit posts. I don't think there's a conceptual conflict.