Non Administrator roles are no longer able to switch post templates (and therefore also cannot preview them) #68870
Comments
fabiankaegy
added
[Package] Editor
|
I would like to investigate this issue, but is this a new issue with WP 6.8? Also, it would be great if you could add some test steps to reproduce this issue. |
|
@t-hamano yes the issue is not present in WordPress 6.7.1 CleanShot.2025-01-24.at.11.36.51.mp4Steps to reproduce the issue:
|
|
It looks like #68110 may have actually caused this regression. It wants to solve for Author roles that cannot edit pages but in doing so it appears to have caused this regression (I think) |
|
I think there actually are two separate issues here:
Both are regressions and from my POV need to be fixed before 6.8. I don't know yet how the first issue should get fixed. But for the second one it seems the blocking factor here is https://core.trac.wordpress.org/ticket/48885 (or something similar) that would allow non administrator roles to be able to read what page is set to be the homepage / posts page. I wonder if an interim solution where we actually pass in the frontpage & post page configuration from the PHP side as static variables. Inside the post editor there is no way to change those anyways. And inside the site editor it doesn't matter because any user that can access the site editor has administrator rights and therefore can view the settings anyways. 🤔 I realize that is not an ideal solution. And I would much rather have a proper rest api fix that allows non admins to view non sensitive site settings such as these two values. But to me that rest limitation should not block this valuable feature (that we have already been shipping for several WP Core versions) |
|
My guess is that this may be due to the new For users who can't load site data, i.e. non-admin users, the Simply removing this early return seems to solve the problem, but I'm not very familiar with the Core Data API and would like feedback. |
|
It is possible that non-administrators are not allowed to read the "home page" setting. If it's the case, we shouldn't allow non administrators to switch to post templates because it just means that we'll render the wrong template in some cases. The alternative would be to figure out how to make the "home page" setting accessible to non administrators. |
This is what I would prefer and what I am trying to work on currently. https://core.trac.wordpress.org/ticket/48885 seems to be a good way to solve it. If we cannot get there in time for 6.8 I say we have to revert the "bugxif" in #68110 because whilst I agree it is a bug. The behavior in trunk today is a large regression because users that were previously able to do something are no longer able to do it. |
|
It's worth noting that some options are already exposed as inline JS variables: https://github.com/t-hamano/wordpress-develop/blob/530e8fda5d466b07391ff41fe20525d3de4c55ab/src/wp-includes/block-editor.php#L629-L635 It would probably be easiest to add an option for the homepage setting here, but once exposed, the JS global variable cannot be removed for backward compatibility, so it may be best to avoid this in the long run. Personally, I would prefer to accept the bug for now that non-admins may see unintended templates, and make post templates available to non-admins too. That bug must have been there before. |
In #60447 we added the ability for non administrators to preview the template as they are editing a post. Even long before this editors were always able to switch between which template should be selected for a post.
Today in trunk neither option is available to editor roles or below. They don't get the template selector and they don't get a template preview.
Looking into the source code the
templateIdnever gets definedgutenberg/packages/editor/src/components/post-template/panel.js
Lines 22 to 29 in 7e9e53d
This is a major regression that we need to fix before the next WordPress release.
The text was updated successfully, but these errors were encountered: