Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow exporting of user feedback #270

Open
pkevan opened this issue Apr 19, 2024 · 7 comments
Open

Allow exporting of user feedback #270

pkevan opened this issue Apr 19, 2024 · 7 comments
Labels
[Component] Backend Anything wp-admin or PHP-related

Comments

@pkevan
Copy link

pkevan commented Apr 19, 2024

By default on the wp.org network exporting is limited to super admin users only.

We should allow Administrators that right, in a limited way, probably just for user feedback.

Whether we do this via map_meta_cap or changes to the Jetpack plugin, that would enable exporting of data for marketing purposes.

@pkevan pkevan added the [Component] Backend Anything wp-admin or PHP-related label Apr 19, 2024
@pkevan
Copy link
Author

pkevan commented Sep 9, 2024

This came up again recently, so started taking a look at it - it isn't super straightforward to rescind a restriction (exporting) based on a user type, and there are a few potential cases we would want to protect against.

@pkevan
Copy link
Author

pkevan commented Sep 9, 2024

@dd32 the idea that came to mind was using map_meta_cap late, i.e. after the wp.org restrictions, and include a fixed set of users, which is also protected via a proxy check too - thoughts?

it has the disadvantage of showing the global export sub menu item whilst on this page (you get a restricted screen when clicking on it), but couldn't figure out an alternative.

add_filter( 'map_meta_cap', __NAMESPACE__ . '\allow_selected_admins_to_export_feedback', 999, 4 );

function allow_selected_admins_to_export_feedback( $caps, $cap, $user_id, $args ) {

    // List of wp.org user ids who can export.
    $user_id_can_export_feedback = [
        '7239681',
    ];  
    
    if ( ! current_user_can( 'edit_theme_option' ) && ! WPORG_PROXIED_REQUEST ) {
        return $caps;
    }   
    
    $post_type = $_GET['post_type'];

    if ( in_array( $user_id, $user_id_can_export_feedback ) && 'feedback' == $post_type && 'export' == $cap ) {
        $caps = [ 'export' ];
    }
    return $caps;

}

@dd32
Copy link
Member

dd32 commented Sep 10, 2024

@pkevan We can probably just allow Administrator + proxied to export on specific sites as needed, with that post_type check too if that's all that's needed..

Anything that they can see in the admin UI should be able to be exported; I don't have the historical knowledge of why we don't have export available, but I'm assuming it was for PII information or that it allowed access to the raw post_content of something that some were not allowed to access.

That being said, I'm fairly sure Jetpack has it's own Export functionality for feedback? Or is that covered by this cap too?

@jeherve
Copy link

jeherve commented Sep 10, 2024

I'm fairly sure Jetpack has it's own Export functionality for feedback? Or is that covered by this cap too?

It does, but Jetpack only allows users with the export capability access to the export tools. While this capability makes sense on most sites, apparently on the WordPress.org network the capabilities were modified a bit, and exports are limited to super admins. This is what's causing the issue here.

@pkevan
Copy link
Author

pkevan commented Sep 10, 2024

Yes, the caps and code here covers the functionality within Jetpack.

Thinking about this some more, i'll probably put this in the code within mu-plugins where the caps are restricted initially to avoid any potential confusion in the future.

@pkevan
Copy link
Author

pkevan commented Sep 10, 2024

I'm assuming it was for PII information or that it allowed access to the raw post_content of something that some were not allowed to access.

Yes, plus probably exporting user data, which you would get if granted export access.

@pkevan
Copy link
Author

pkevan commented Sep 10, 2024

Unsure if this matters, but for the data we currently strip out manually, there isn't really any way to remove this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
[Component] Backend Anything wp-admin or PHP-related
Projects
None yet
Development

No branches or pull requests

3 participants