Allow exporting of user feedback

[pkevan]

By default on the wp.org network exporting is limited to super admin users only.

We should allow Administrators that right, in a limited way, probably just for user feedback.

Whether we do this via map_meta_cap or changes to the Jetpack plugin, that would enable exporting of data for marketing purposes.

[pkevan]

This came up again recently, so started taking a look at it - it isn't super straightforward to rescind a restriction (exporting) based on a user type, and there are a few potential cases we would want to protect against.

[pkevan]

@dd32 the idea that came to mind was using map_meta_cap late, i.e. after the wp.org restrictions, and include a fixed set of users, which is also protected via a proxy check too - thoughts?

it has the disadvantage of showing the global export sub menu item whilst on this page (you get a restricted screen when clicking on it), but couldn't figure out an alternative.

add_filter( 'map_meta_cap', __NAMESPACE__ . '\allow_selected_admins_to_export_feedback', 999, 4 );

function allow_selected_admins_to_export_feedback( $caps, $cap, $user_id, $args ) {

    // List of wp.org user ids who can export.
    $user_id_can_export_feedback = [
        '7239681',
    ];  

    if ( ! current_user_can( 'edit_theme_option' ) && ! WPORG_PROXIED_REQUEST ) {
        return $caps;
    }   

    $post_type = $_GET['post_type'];

    if ( in_array( $user_id, $user_id_can_export_feedback ) && 'feedback' == $post_type && 'export' == $cap ) {
        $caps = [ 'export' ];
    }
    return $caps;

}

[dd32]

@pkevan We can probably just allow Administrator + proxied to export on specific sites as needed, with that post_type check too if that's all that's needed..

Anything that they can see in the admin UI should be able to be exported; I don't have the historical knowledge of why we don't have export available, but I'm assuming it was for PII information or that it allowed access to the raw post_content of something that some were not allowed to access.

That being said, I'm fairly sure Jetpack has it's own Export functionality for feedback? Or is that covered by this cap too?

[jeherve]

I'm fairly sure Jetpack has it's own Export functionality for feedback? Or is that covered by this cap too?

It does, but Jetpack only allows users with the export capability access to the export tools. While this capability makes sense on most sites, apparently on the WordPress.org network the capabilities were modified a bit, and exports are limited to super admins. This is what's causing the issue here.

[pkevan]

Yes, the caps and code here covers the functionality within Jetpack.

Thinking about this some more, i'll probably put this in the code within mu-plugins where the caps are restricted initially to avoid any potential confusion in the future.

[pkevan]

I'm assuming it was for PII information or that it allowed access to the raw post_content of something that some were not allowed to access.

Yes, plus probably exporting user data, which you would get if granted export access.

[pkevan]

Unsure if this matters, but for the data we currently strip out manually, there isn't really any way to remove this.