Improves permissions checks for the Bulk Clone action and the republishing of a copy.#452
Improves permissions checks for the Bulk Clone action and the republishing of a copy.#452enricobattocchi wants to merge 3 commits intotrunkfrom
Conversation
…items in admin notices, and enhance unit tests to cover new scenarios.
There was a problem hiding this comment.
Pull request overview
This PR enhances security by adding permission checks to prevent unauthorized users from cloning or republishing posts they don't have edit access to. The changes ensure that bulk clone and rewrite-and-republish operations skip posts where the user lacks appropriate permissions, with proper feedback provided to the user.
Changes:
- Added permission checks in bulk action handlers to verify users can edit posts before cloning or rewriting
- Implemented skip counters and new query parameters to track and display skipped items
- Added a permission check in the republish request handler to prevent unauthorized republishing
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| src/handlers/bulk-handler.php | Added current_user_can('edit_post') checks in clone and rewrite bulk action handlers, with skip tracking |
| src/watchers/bulk-actions-watcher.php | Added handling for new bulk_cloned_skipped and bulk_rewriting_skipped query parameters with warning notices |
| src/post-republisher.php | Added permission check to prevent republishing when user cannot edit the original post |
| tests/WP/Post_Republisher_Test.php | Added test verifying republish_request dies when user cannot edit the original post |
| tests/Unit/Watchers/Bulk_Actions_Watcher_Test.php | Added tests for displaying skip notices in bulk clone and rewrite operations |
| tests/Unit/Handlers/Bulk_Handler_Test.php | Added comprehensive tests for permission checks in bulk clone and rewrite handlers |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Pull Request Test Coverage Report for Build 21648102573Details
💛 - Coveralls |
…nditions, and improve unit test coverage.
enricobattocchi
force-pushed
the
fix/permission-check
branch
from
0819e78 to
321f2e3
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
2 participants
Context
Summary
This PR can be summarized in the following changelog entry:
Relevant technical choices:
Test instructions
Test instructions for the acceptance test before the PR gets merged
This PR can be acceptance tested by following these steps:
Relevant test scenarios
Test instructions for QA when the code is in the RC
QA can test this PR by following these steps:
Impact check
This PR affects the following parts of the plugin, which may require extra testing:
UI changes
Documentation
Quality assurance
Innovation
innovationlabel and noted the work hours.Fixes https://github.com/Yoast/reserved-tasks/issues/1018