Refresh user permissions on module recovery

[aaemnnosttv]

Feature Description

Any time a module is recovered, the current user's permissions for that module will be elevated as a result of becoming the new module owner. As such, we should always make sure to refresh the user's permissions from the server after modules are recovered.

Without this, the recovering user will not be able to manage the sharing settings for the modules they just recovered.

Screenshots

Search Console and Analytics recoverable

Post-recovery sharing settings show managed by the current user but lacking capabilities they should have

Settings appear properly after reloading the page

---

Do not alter or remove anything below. The following sections will be managed by moderators only.

Acceptance criteria

• When one or more modules are recovered successfully, the current user's capabilities should be refreshed from the server

Implementation Brief

• In Google\Site_Kit\Core\Permissions\Permissions class:
  • Define a new private method get_rest_routes that defines a API route to get users current capabilities.
    • Return an array from the method with a single get (WP_REST_Server::READABLE) REST_Route.
      • Path: core/user/data/permissions
      • callback should return a WP_REST_Response with the value of $this->check_all_for_current_user().
      • permission_callback should be current_user_can( Permissions::VIEW_SPLASH )
  • In the register method:
    • Add a filter googlesitekit_rest_routes that adds the rest route to site kit.
    • See Authentication for how it's done.
• In assets/js/googlesitekit/datastore/user/permissions.js file:
  • Add a new action refreshCapabilities.
  • Get dispatch from commonActions.
  • Get newCapabilities by calling the newly added api using API.get.
  • API.get( 'core', 'user', 'permissions', undefined, { useCache: false } )
  • Update capabilities by dispatching receiveCapabilities action with the newCapabilities.
• In assets/js/googlesitekit/modules/datastore/modules.js file:
  • Update the recoverModules action:
    • Dispatch refreshCapabilities action to the CORE_USER store when one (or more) module is successfully recovered.

Test Coverage

• Add PHP Unit Test for new API Route.
• Add test for refreshCapabilities and update any failing tests.
• Update recoverModules tests to check for the updated permissions after a successful recovery.

QA Brief

• Enable dashboardSharing and Sign In with first admin.
• Install Sharing Settings Tester.
• In a Incognito Window, login to second admin.
• Do not connect to site kit. Instead, go to the Sharing Settings and change some roles on PageSpeed Insights.
• Back in the first admin, visit Site Kit Dashboard. You should see the Module Recovery Alert for PageSpeed Insights.
• Click on Open Sharing Settings in the toolbar.
• See that, the Who can view column for PageSpeed Insights being unavailable with a message to contact managing user.
• Close the modal and Initiate module recovery.
• Once the module has been recovered, the recovery alert will disappear. DO NOT REFRESH THE PAGE.
• Click on Open Sharing Settings again in the toolbar.
• Who can view for Pagespeed Inshight should be restored and editable.

Changelog entry

• Refresh user permissions on module recovery.

[techanvil]

IB :white_check_mark:

[mohitwp]

QA Update ✅

Verified

• Verified using tester plugin and dashboard sharing settings tester plugin.
• After initiating recovery Who can view for Pagespeed Inshight gets restored and editable without refreshing again.
• User is able to edit 'Who can view' access for PSI and other modules after recovery.

https://user-images.githubusercontent.com/94359491/186407303-a912ff0a-1e67-47ab-8d4c-c340173e4174.mp4