tec3/five-for-the-future
tec3/five-for-the-future
1
0
Fork 0
mirror of https://github.com/WordPress/five-for-the-future.git synced 2025-07-06 10:45:44 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Manage Pledge: Enable pledge admins to edit contributors from manage form (#108)

Browse source 
* Add contributor management to manage form
* Check `pledge_id` to prevent returning all contributors
* Return a plain text error string – this is used in an alert box, so it can't contain HTML
* Hide confirmation when pledge is a draft
* Only enqueue script if the user is authorized
This commit is contained in:
Kelly Dwan 2019-11-26 12:57:14 -05:00
parent f5846c9128
commit f30324adea
No known key found for this signature in database
GPG key ID: 8BA5575F3D11575D
8 changed files with 110 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

3
plugins/wporg-5ftf/includes/contributor.php
View file

@ -248,6 +248,9 @@ function get_pledge_contributors( $pledge_id, $status = 'publish', $contributor_
* @return array An array of contributor data, ready to be used in the JS templates.
*/
function get_pledge_contributors_data( $pledge_id ) {
if ( ! $pledge_id ) {
return array();
}
$contrib_data = array();
$contributors = get_pledge_contributors( $pledge_id, 'all' );

5
plugins/wporg-5ftf/includes/endpoints.php
View file

@ -8,7 +8,8 @@ namespace WordPressDotOrg\FiveForTheFuture\Endpoints;
use WordPressDotOrg\FiveForTheFuture\{ Auth, Contributor, Email };
use const WordPressDotOrg\FiveForTheFuture\PledgeMeta\META_PREFIX;
add_action( 'wp_ajax_manage-contributors', __NAMESPACE__ . '\manage_contributors_handler' );
add_action( 'wp_ajax_manage-contributors', __NAMESPACE__ . '\manage_contributors_handler' );
add_action( 'wp_ajax_nopriv_manage-contributors', __NAMESPACE__ . '\manage_contributors_handler' );
add_action( 'wp_ajax_send-manage-email', __NAMESPACE__ . '\send_manage_email_handler' );
add_action( 'wp_ajax_nopriv_send-manage-email', __NAMESPACE__ . '\send_manage_email_handler' );
@ -29,7 +30,7 @@ function manage_contributors_handler() {
if ( is_wp_error( $authenticated ) ) {
wp_die( wp_json_encode( [
'success' => false,
'message' => $authenticated->get_error_message(),
'message' => __( 'Sorry, you don\'t have permissions to do that.', 'wporg-5ftf' ),
] ) );
}

7
plugins/wporg-5ftf/includes/pledge-form.php
View file

@ -175,8 +175,6 @@ function render_form_manage() {
return ob_get_clean();
}
$contributors = Contributor\get_pledge_contributors( $pledge_id, $status = 'all' );
if ( 'Update Pledge' === $action ) {
$results = process_form_manage( $pledge_id, $auth_token );
@ -187,7 +185,8 @@ function render_form_manage() {
}
}
$data = PledgeMeta\get_pledge_meta( $pledge_id );
$data = PledgeMeta\get_pledge_meta( $pledge_id );
$contributors = Contributor\get_pledge_contributors_data( $pledge_id );
ob_start();
$readonly = false;
@ -214,7 +213,7 @@ function process_form_manage( $pledge_id, $auth_token ) {
*/
$can_view_form = Auth\can_manage_pledge( $pledge_id, $auth_token );
if ( ! $has_valid_nonce || ! $can_view_form ) {
if ( ! $has_valid_nonce || is_wp_error( $can_view_form ) ) {
return new WP_Error(
'invalid_token',
sprintf(

31
plugins/wporg-5ftf/includes/pledge-meta.php
View file

@ -6,7 +6,7 @@
namespace WordPressDotOrg\FiveForTheFuture\PledgeMeta;
use WordPressDotOrg\FiveForTheFuture;
use WordPressDotOrg\FiveForTheFuture\{ Contributor, Email, Pledge, PledgeForm, XProfile };
use WordPressDotOrg\FiveForTheFuture\{ Auth, Contributor, Email, Pledge, PledgeForm, XProfile };
use WP_Post, WP_Error;
defined( 'WPINC' ) || die();
@ -18,6 +18,7 @@ add_action( 'init', __NAMESPACE__ . '\schedule_cron_jobs' );
add_action( 'admin_init', __NAMESPACE__ . '\add_meta_boxes' );
add_action( 'save_post', __NAMESPACE__ . '\save_pledge', 10, 2 );
add_action( 'admin_enqueue_scripts', __NAMESPACE__ . '\enqueue_assets' );
add_action( 'wp_enqueue_scripts', __NAMESPACE__ . '\enqueue_assets' );
add_action( 'transition_post_status', __NAMESPACE__ . '\maybe_update_single_cached_pledge_data', 10, 3 );
add_action( 'update_all_cached_pledge_data', __NAMESPACE__. '\update_all_cached_pledge_data' );
@ -207,6 +208,7 @@ function add_meta_boxes() {
function render_meta_boxes( $pledge, $box ) {
$readonly = ! current_user_can( 'edit_page', $pledge->ID );
$is_manage = true;
$pledge_id = $pledge->ID;
$data = array();
foreach ( get_pledge_meta_config() as $key => $config ) {
@ -502,9 +504,14 @@ function enqueue_assets() {
$ver = filemtime( FiveForTheFuture\PATH . '/assets/js/admin.js' );
wp_register_script( '5ftf-admin', plugins_url( 'assets/js/admin.js', __DIR__ ), [ 'jquery', 'wp-util' ], $ver );
$pledge_id = is_admin() ? get_the_ID() : absint( $_REQUEST['pledge_id'] ?? 0 );
$auth_token = sanitize_text_field( $_REQUEST['auth_token'] ?? '' );
$script_data = [
'pledgeId' => get_the_ID(),
// The global ajaxurl is not set on the frontend.
'ajaxurl' => admin_url( 'admin-ajax.php', 'relative' ),
'pledgeId' => $pledge_id,
'manageNonce' => wp_create_nonce( 'manage-contributors' ),
'authToken' => $auth_token,
];
wp_add_inline_script(
'5ftf-admin',
@ -515,9 +522,21 @@ function enqueue_assets() {
'before'
);
$current_page = get_current_screen();
if ( Pledge\CPT_ID === $current_page->id ) {
wp_enqueue_style( '5ftf-admin' );
wp_enqueue_script( '5ftf-admin' );
if ( is_admin() ) {
$current_page = get_current_screen();
if ( Pledge\CPT_ID === $current_page->id ) {
wp_enqueue_style( '5ftf-admin' );
wp_enqueue_script( '5ftf-admin' );
}
} else {
global $post;
if ( is_a( $post, 'WP_Post' ) ) {
$pledge_id = absint( $_REQUEST['pledge_id'] ?? 0 );
$auth_token = sanitize_text_field( $_REQUEST['auth_token'] ?? '' );
$can_manage = Auth\can_manage_pledge( $pledge_id, $auth_token );
if ( ! is_wp_error( $can_manage ) && has_shortcode( $post->post_content, '5ftf_pledge_form_manage' ) ) {
wp_enqueue_script( '5ftf-admin' );
}
}
}
}