distributor icon indicating copy to clipboard operation
distributor copied to clipboard
verified publisher icon 10up

Added ability to view all post types when Pulling from an External Connection

Open mehul0810 opened this issue 2 years ago • 2 comments

Description of the Change

Closes #861

How to test the Change

  • Go to Distributor > Pull Content (Make sure you have added an internal as well as external connection)
  • Check and confirm that "View All" filter is available for both internal and external connection
  • Check and confirm that filtering with "View All", displays posts from all the post types for both internal and external connection

Changelog Entry

Fixed - Bug fix

Credits

Props @mehul0810 @ravinderk @cadic @peterwilsoncc

Checklist:

  • [x] I agree to follow this project's Code of Conduct.
  • [ ] I have updated the documentation accordingly.
  • [ ] I have added tests to cover my change.
  • [x] All new and existing tests pass.

mehul0810 avatar Jan 12 '23 04:01 mehul0810

In #1017 (awaiting merge) I've made a bunch of modifications to the rest api endpoint that should make this more achievable. It will probably cause a lot of conflicts to this PR though.

You'll be able to use post_type => any once that PR is merged as the custom endpoint will modify the value to only include post types the user can read, either because they have permission or the post type is publicly viewable.

peterwilsoncc avatar Apr 27 '23 03:04 peterwilsoncc

@mehul0810 thanks for the PR! Could you please rebase your PR on top of the latest changes in the base branch?

github-actions[bot] avatar Feb 09 '24 15:02 github-actions[bot]

@mehul0810 thanks for the PR! Could you please fill out the PR template with description, changelog, and credits information so that we can properly review and merge this?

github-actions[bot] avatar Jun 26 '24 17:06 github-actions[bot]

I can confirm that I can see something strange as well. It looks like when we select "view all" only posts by "admin" users are shown. That's what it looks on the surface(which may not be the case as well), needs more investigation.

https://github.com/user-attachments/assets/0a4b3c88-a76e-466d-89f5-51af791adbda

kirtangajjar avatar Jul 13 '24 05:07 kirtangajjar

I think what I and sid observed was perhaps a security fix, so it's all good? https://github.com/10up/distributor/pull/1003#pullrequestreview-2002371696

kirtangajjar avatar Jul 13 '24 07:07 kirtangajjar

@peterwilsoncc if this looks good to you, please merge, thanks!

jeffpaul avatar Jul 29 '24 21:07 jeffpaul

I think what I and sid observed was perhaps a security fix, so it's all good? #1003 (review)

It looks like it's a bug in WP_Query when querying multiple post types using the perm argument added as part of the security fix.

https://github.com/10up/distributor/blob/253cf825bb18ba6a5a7d22c3cec4034b9a09bfe3/includes/rest-api.php#L693

For multiple post types the edit_others_posts capability is ignored, for single post types it's checked and all posts are shown. I'm not sure whether it's by design to avoid overly complex SQL queries or an oversight.

peterwilsoncc avatar Jul 30 '24 03:07 peterwilsoncc

E2E tests are failing on the main branch so bypassing the merge requirements.

peterwilsoncc avatar Jul 30 '24 03:07 peterwilsoncc