User capabilities should be used not roles nor deprecated capabilities #1364
Conversation
There was a problem hiding this comment.
Looks good!
I've left a number of remarks inline. Most are just minor things, however there are two more pertinent issues which I'd like to ask you to consider:
- As per the inline comments, the warning when the capability is a variable.
- As this is now being pulled to WPCS, we need to consider plugins which add their own capabilities.
What about adding a public property to allow plugins to pass the capabilities they define to the sniff ? (default value would be an empty array).
| /** | ||
| * User capabilities should be used not roles. | ||
| * | ||
| * @link https://make.wordpress.org/themes/handbook/review/required/#options-and-settings |
There was a problem hiding this comment.
This link tag can be removed as the sniff is now pulled to WPCS instead of TRTCS, so is no longer theme specific.
| protected $group_name = 'caps_not_roles'; | ||
|
|
||
| /** | ||
| * List of functions that accept roles and capabilities as an agrument. |
| * List of functions that accept roles and capabilities as an agrument. | ||
| * | ||
| * The number represents the position in the function call | ||
| * passed variables, here the capability is to be listed. |
There was a problem hiding this comment.
The number represents the position in the function call passed variables, here the capability is to be listed.
☝️ This sentence seems a bit wonky.
Did you mean: The number represents the parameter position in the function call, where the capability is supposed to be listed. ?
| * | ||
| * @var array Function name with parameter position. | ||
| */ | ||
| protected $target_functions = array( |
There was a problem hiding this comment.
Even though it's disabled for new installs, there is also the add_links_page() function.
|
|
||
| if ( isset( $this->core_roles[ $matched_parameter ] ) ) { | ||
| $this->phpcsFile->addError( | ||
| 'Capabilities should be used instead of roles. Found "%s" in function "%s"', |
There was a problem hiding this comment.
I'd either add parentheses to the function name, as in Found "%s" in call to function "%s()" or would just leave the function name part away Found "%s". The line number and the parameter content should be clear enough.
| 'edit_posts' => true, | ||
| 'delete_posts' => true, | ||
| 'read' => true, | ||
| 'level_10' => true, |
There was a problem hiding this comment.
If I remember correctly, the use of "level_xx" capabilities was deprecated ages ago. Should these be put in a separate list and warned against when found ?
There was a problem hiding this comment.
I have moved them to a separate list but I feel that the deprecation notice should be in a separate sniff.
I kept them in this sniff as they are still valid regardless if they are deprecated.
| ); | ||
| } else { | ||
| $this->phpcsFile->addWarning( | ||
| '"%s" is an unknown role or capability. Check the "%s()" function call to ensure it is a capability and not a role.', |
There was a problem hiding this comment.
Be aware that this will give a lot of false positives/unnecessary warnings as the $capability a plugin needs is often defined in a class property/(class) constant and passed to the function that way.
As I can imagine that this check is useful for the Theme Review Team, maybe have it disabled by default with the ability to enable it via a custom property ?
class My_Plugin {
const CAPABILITY = 'manage_options';
public function do_something() {
if ( current_user_can( self::CAPABILITY ) ) {}
}
}| 'parent_slug' , | ||
| 'page_title' , | ||
| 'menu_title' , | ||
| $varible , // Warning. |
| return; | ||
| } | ||
|
|
||
| $matched_parameter = $this->strip_quotes( $parameters[ $position ]['raw'] ); |
There was a problem hiding this comment.
This will only work when the $capability is passed as a single text string.
Note: If the warning is to be removed/disabled by default (see my other remark), this should be fine to leave as is.
There was a problem hiding this comment.
The warning is now disabled by default.
| * The number represents the position in the function call | ||
| * passed variables, here the capability is to be listed. | ||
| * The list is sorted alphabetically. | ||
| * |
There was a problem hiding this comment.
Maybe mention that these functions are defined in wp-admin/includes/plugin.php to make life easier for updating the list at a later point time.
|
Oh and another thing: the sniff should probably be added to a ruleset ;-) I'd suggest adding it to the |
There was a problem hiding this comment.
Hi @grappler, thanks for making those changes!
Based on the changed code, I think the code can be simplified and made slightly faster.
I'm also missing an error/warning for usage of the deprecated levels.
What about changing the logic to (note: pseudo-code/untested);
....
$matched_param = ...;
if ( isset( $this->core_capabilities[ $matched_parameter ] ) ) {
return;
}
$this->customCapabilities = $this->merge_custom_array( $this->customCapabilities, array(), false );
if ( ! empty( $this->customCapabilities ) && in_array( $matched_parameter, $this->customCapabilities, true ) ) {
return;
}
if ( isset( $this->core_roles[ $matched_parameter ] ) ) {
$this->phpcsFile->addError(...);
return;
}
if ( isset( $this->deprecated_capabilities[ $matched_parameter ] ) ) {
$this->phpcsFile->addError('The "%s" capatibility has been deprecated since WP 3.0. Found: %s', ...);
return;
}
if ( false === $this->checkOnlyKnownCaps ) ) {
$this->phpcsFile->addWarning(...);
return;
}
Notes:
- The
get_all_capabilities()method currently does not allow for changing the property inline which prevents this feature from being unit tested.
The proposed logic above would allow you to cut theget_all_capabilities()method out completely and to unit test the use of the$customCapabilitiesproperty.
As a side-effect, this will also get rid of the PHP 5.3 error about the use of array dereferencing not being available (yet) and will allow the build to pass.
Other than that:
- My previous remark about the line nr for the error message still stands - I'm open to dropping it, but would like to see an argument not to make the change.
| * | ||
| * @var boolean | ||
| */ | ||
| public $checkOnlyKnownCaps = true; |
There was a problem hiding this comment.
Please use $snake_case property names here and below.
FYI: the WPCS native CS check does not check for this as often upstream properties are used/overruled, but (new) WPCS native properties should be snake_case.
| add_users_page( 'page_title', 'menu_title', 'administrator', 'menu_slug', 'function' ); // Error. | ||
| add_management_page( 'page_title', 'menu_title', 'editor', 'menu_slug', 'function' ); // Error. | ||
| add_options_page( 'page_title', 'menu_title', 'contributor', 'menu_slug', 'function' ); // Error. | ||
| // @codingStandardsChangeSetting WordPress.WP.UseCapabilitiesNotRoles checkOnlyKnownCaps false |
There was a problem hiding this comment.
Please add a blank line above this to make it easier to see that a property is being changed and something else is now being tested.
There was a problem hiding this comment.
Also: please reset the property at the end of the block of tests so additional unit tests which may be added later can expect the default properties to be in effect.
| return; | ||
| } | ||
|
|
||
| $matched_parameter = $this->strip_quotes( $parameters[ $position ]['raw'] ); |
There was a problem hiding this comment.
The warning is now disabled by default.
| 'edit_posts' => true, | ||
| 'delete_posts' => true, | ||
| 'read' => true, | ||
| 'level_10' => true, |
There was a problem hiding this comment.
I have moved them to a separate list but I feel that the deprecation notice should be in a separate sniff.
I kept them in this sniff as they are still valid regardless if they are deprecated.
| if ( isset( $this->core_roles[ $matched_parameter ] ) ) { | ||
| $this->phpcsFile->addError( | ||
| 'Capabilities should be used instead of roles. Found "%s" in function "%s"', | ||
| $stackPtr, |
There was a problem hiding this comment.
I thought the notice was being shown in the correct line as I had a similar example in the unit test. As I was double checking to reply here I realised it was not the case. It has been fixed now.
|
@grappler Hmm.. weird, I can't seem to respond to "outdated" comments anymore... GH playing up.
Could you explain why you think this should be a separate sniff ?
If there is not going to be a warning for the deprecated levels, than having the separate list & doing the
I understand why you added the extra logic to determine the line as the If you do think the extra logic has value, it will need to be changed to take comments and annotations into account, i.e. use Other than that, my previous remark about the And the PHP 5.3 issue also still needs attention. |
Sure, I feel that There is an core issue where user levels are still needed. https://core.trac.wordpress.org/ticket/16841 WordPress core still uses them so the deprecated notice would need to be disabled.
Because it would fail on the following code 🤷♂️ add_menu_page(
__( 'Custom Menu Title', 'textdomain' )
,'custom menu'
,'manage_options'
,'myplugin/myplugin-admin.php'
,''
,plugins_url( 'myplugin/images/icon.png' )
,6
);I have removed the |
There was a problem hiding this comment.
The sniff should should do one task not two.
I don't actually agree with you on that. That's what error codes are for. One focus area: yes, one task: no.
Prior art already in this repo, as well as upstream, demonstrates this quite easily: take for instance the WP.I18n sniff.
In both cases - using roles or levels -, people are using the WP capabilities incorrectly, so you are effectively checking the same thing in both cases.
Sure, I feel that UseCapabilitiesNotRoles if different from deprecated roles.
IMHO that is more a case of the sniff needing a better name than a reason for not including the check.
WordPress core still uses them so the deprecated notice would need to be disabled.
As it would be in the Extra ruleset, that's not an issue. All the same, as Core deprecated them in 2.0 AFAIK, I would think it might be time that they ought to be removed from core too, but that's a discussion for another time & place.
Anyway, especially as you've pulled the other sniff in which the deprecated check would be contained (presuming it is), this is not a merge-blocker for me.
Because it would fail on the following code
👍 , though there is no unit test to show this. Could you reformat one of the existing test lines to add a safeguard for this ?
I have removed the get_all_capabilities() method and added a unit test for the custom_capabilities but I could not get it to unset.
You can unset it by passing false. The handling of this is build into the merge_custom_array() method.
// @codingStandardsChangeSetting WordPress.WP.UseCapabilitiesNotRoles custom_capabilities false
| * | ||
| * @since 1.0.0 | ||
| * | ||
| * @var string |
There was a problem hiding this comment.
Property type should be array with a default of array() as plugins can add more than one capability.
This is not an issue for the unit tests as the merge_custom_array() method already has a tolerance build in for incorrectly passed array properties, i.e. when they are passed as a comma-delimited string.
| * | ||
| * @var array All deprecated capabilities in core. | ||
| */ | ||
| protected $deprecated_capabilities = array( |
There was a problem hiding this comment.
If the deprecated check is not going to be included, there is no reason for this to be a separate array.
| $next_not_whitespace = $this->phpcsFile->findNext( | ||
| Tokens::$emptyTokens, | ||
| $parameters[ $position ]['start'], | ||
| $parameters[ $position ]['end']+1, |
|
|
||
| // @codingStandardsChangeSetting WordPress.WP.UseCapabilitiesNotRoles custom_capabilities custom_cap | ||
| if ( author_can( $post, 'custom_cap' ) ) { } // OK. | ||
| if ( author_can( $post, 'read' ) ) { } // OK. |
There was a problem hiding this comment.
Maybe also add:
// @codingStandardsChangeSetting WordPress.WP.UseCapabilitiesNotRoles check_only_known_caps false
if ( author_can( $post, 'unknown_custom_cap' ) ) { } // Warning.
// @codingStandardsChangeSetting WordPress.WP.UseCapabilitiesNotRoles check_only_known_caps true... to test that the warning is still thrown correctly even when custom capabilities have been registered.
A unit test with several custom caps would also not be a bad thing. Doesn't have to be a separate test, you could just change the settings line here (use a comma-delimited list without spaces) and test both custom caps.
|
OK, I will rename the sniff to With two of my Unit Test additions |
That's why walking the parameter tokens instead of using |
It ended up being such an easy fix 😄 I think I have fixed all of the comments. |
|
I've added a commit to this PR to allow the builds to pass. This PR identified a fixer conflict which is why the build was failing. The fixer conflict involved two upstream sniffs. I've opened PR squizlabs/PHP_CodeSniffer#2056 to fix the fixer conflict. For now, the unit test case file from this PR will be ignored for the fixer conflict check. Once the upstream PR has been merged, my commit should be reverted. |
There was a problem hiding this comment.
Hi @grappler,
Just reviewed again. The token walking is still not stable, see my remark inline and my earlier remark:
If you do a for loop from start to end and disregard any empty tokens, concatenate all text string tokens and have a toggle for "unexpected tokens" (variables, constants), both this as well as silly things like: 'super' . '_admin' can be detected reliably.
Regarding the unit tests, I'm missing the following:
- A test that nothing happens when the expected parameter is not set.
- A test that no warning is being thrown for an unknown capability when
$check_only_known_capsistrue(default). - Testing that the
$custom_capabilitiesproperty works as expected when$check_only_known_capsistrue(default). I.e. the current tests are within thecheck_only_known_caps falseblock, so only the combination is tested.
Also the unit tests on line 45 and 54 are testing the same thing.
| /** | ||
| * Check that capabilities are used correctly. | ||
| * | ||
| * User capabilities should be used not roles. Deprecated capabilities. |
There was a problem hiding this comment.
Deprecated capabilities... what about them ?
Did you mean to say: User capabilities should be used not roles nor deprecated capabilities. ?
| true | ||
| ); | ||
|
|
||
| $matched_parameter = $this->strip_quotes( $this->tokens[ $next_not_empty ]['content'] ); |
There was a problem hiding this comment.
Token walking means doing a for() loop between the param start and end. You are now just checking the first token and not even checking that this is a text string token....
This will break on all of the following examples (silly code, but you get my point):
if ( author_can( $post, editor() ) ) { } // Should not error for using role.
if ( author_can( $post, 'super' . '_admin' ) ) { } // Should give error for using role.
// @codingStandardsChangeSetting WordPress.WP.Capabilities check_only_known_caps false
if ( author_can( $post, editor() ) ) { } // Should give warning about unknown capability, not error for using role.
if ( author_can( $post, install_plugins() ) ) { } // Should give warning about unknown capability.
if ( author_can( $post, 'install_' . 'plugins' ) ) { } // OK.
if ( author_can( $post, 'install_plugins' . $something ) ) { } // Should give warning about unknown capability.
if ( author_can( $post, 'install_plugins' . '_for_theme' ) ) { } // Should give warning about unknown capability.
// @codingStandardsChangeSetting WordPress.WP.Capabilities check_only_known_caps trueThere was a problem hiding this comment.
Would it make sense to have this code as a utility function? I think there are other classes that would profit from it.
// More extensive check to prevent people circumventing the sniff.
$text = '';
$found_variable_token = false;
for ( $i = $parameters[1]['start']; $i <= $parameters[1]['end']; $i++ ) {
if ( isset( Tokens::$stringTokens[ $this->tokens[ $i ]['code'] ] ) === false ) {
if ( T_VARIABLE === $this->tokens[ $i ]['code'] ) {
$found_variable_token = true;
}
return;
}
$text .= $this->strip_quotes( $this->tokens[ $i ]['content'] );
}
return $text;Copied the code from WPTT/WPThemeReview#26
There was a problem hiding this comment.
I was thinking about that, but I don't think there has been much need for it before now in WPCS.
All the same, I'd be happy for this to become a utility function, however, the "is there a variable ?" check in this code snippet would probably be a different question whenever used. Also in the above sample, it is presumed only single/double quoted strings are used, not heredoc/nowdoc, so some changes would be needed and I'd guess that the utility should in that case just retrieve a string of all text string tokens found between $start and $end, not do the "is there are variable" check ?
P.S.: looking at the code now, I'm still going to make one more change to the WPTRT sniff this came from ;-)
There was a problem hiding this comment.
OH, I forgot that the code was checking for two things. When I mentioned the idea I was thinking about returning a string of all of the text string tokens.
| } | ||
|
|
||
| if ( isset( $this->deprecated_capabilities[ $matched_parameter ] ) ) { | ||
| $this->phpcsFile->addError( |
There was a problem hiding this comment.
[No action needed, just noting this down for the future]
As the capability is only deprecated, should this be an error or a warning ?
Based on the logic used in other sniffs which check for deprecations, it should be an error as the version in which the capability was deprecated is more than three WP releases previous to the current release.
However, that would mean that a check should be done against the $minimum_supported_version of WP and that the deprecation version should be added to the $deprecated_capabilities array as the value for each item.
As all currently deprecated capabilities were deprecated in WP 3.0.0, I'm happy to leave this as is for now. As soon as other capabilities would become deprecated, this would need to be adjusted though.
There was a problem hiding this comment.
@grappler I saw you went ahead and made this change already anyway 💕
Two minor remarks about that:
- The use of the
Sniff::minimum_supported_versionproperty still needs to be annotated in the class docblock with a@usestag. - As, at this moment, there are no capabilities which are deprecated in the last three versions, this needs a dedicated set of unit tests like so:
add_options_page( 'page_title', 'menu_title', 'level_10', 'menu_slug', 'function' ); // Error.
// @codingStandardsChangeSetting WordPress.WP.Capabilities minimum_supported_version 3.5
add_options_page( 'page_title', 'menu_title', 'level_10', 'menu_slug', 'function' ); // Error.
// @codingStandardsChangeSetting WordPress.WP.Capabilities minimum_supported_version 2.8
add_options_page( 'page_title', 'menu_title', 'level_10', 'menu_slug', 'function' ); // Warning.
// @codingStandardsChangeSetting WordPress.WP.Capabilities minimum_supported_version 4.6|
|
||
| if ( isset( $this->deprecated_capabilities[ $matched_parameter ] ) ) { | ||
| $this->phpcsFile->addError( | ||
| 'The capatibility "%s" found in function call "%s()" has been deprecated since WordPress version 3.0.', |
| $this->phpcsFile->addError( | ||
| 'The capatibility "%s" found in function call "%s()" has been deprecated since WordPress version 3.0.', | ||
| $next_not_empty, | ||
| 'DeprecatedCapability', |
There was a problem hiding this comment.
Not a blocker, but the error code could just be Deprecated as Capability is already in the sniff name, so the full error code would be WordPress.WP.Capability.Deprecated.
| $this->phpcsFile->addWarning( | ||
| '"%s" is an unknown role or capability. Check the "%s()" function call to ensure it is a capability and not a role.', | ||
| $next_not_empty, | ||
| 'UnknownCapabilityFound', |
There was a problem hiding this comment.
Not a blocker, but the error code could just be Unknown as Capability is already in the sniff name, so the full error code would be WordPress.WP.Capability.Unknown.
- PHPCS 3.x compat: Namespace all things - Move to WP folder as it is a WP specific sniff Rename: UseCapabilitiesNotRoles to Capabilities - Update list of target functions based on WP knowledge and list of capabilities based on WP core unit tests - Add an option to check only for know capabailites - Allow defining custom capabilites - Seperate deprecated capabilites and add depreacted caps error - Add notice to the line the parameter is defined
grappler
force-pushed
the
feature/36-use-capabilities-not-roles
branch
from
6eeacd6
to
89550d4
Compare
|
Thank you for the review.
|
…m the fixer conflict check [IMPORTANT]: This commit should be reverted once the fixer conflict has been fixed upstream. The build was failing because this test file fails to fix during the fixer conflict check. This is caused by a conflict between the `Generic.WhiteSpace.DisallowSpaceIndent`, `Generic.Functions.FunctionCallArgument` and the `PEAR.Functions.FunctionCall` sniffs. As these are all upstream, a fix needs to be pulled there. For now, excluding the `WP.Capabilities` unit test file from the fixer conflict check will fix the build.
grappler
changed the title
|
Further on #1364 (comment) :
The upstream PR has been merged, so my earlier commit to ignore this sniff for the fixer check can now be reverted. |
|
@grappler Just checking in: will you have time over the next few days to update the PR so it's ready for a final review ? |
|
@grappler Any chance that this PR will get some final love anytime soon ? Would be great to be able to add it to WPCS! |
|
@grappler Just wondering if you'll have a chance to finish this off in the near future. If you haven't got time or lost interest, please let us know and we'll see if we can find someone to take over. |
This comes from WPTT/WPThemeReview#36 This was initially worked on for the theme review ruleset but we realised it would be better for WPCS.
I kept the first commit to give props where props are due.