Allow Super Admins to use any PCH features unless they are explicitly…

… disabled (#2895) * Allow super admins to user any PCH features unless they are disabled * Add extra `is_multisite` validation * Fixed failing test, and added two new tests --------- Co-authored-by: Alex Cicovic <[email protected]>
Parsely · Nov 4, 2024 · e7562bd · e7562bd
1 parent a92c539
commit e7562bd
Show file tree

Hide file tree

Showing 2 changed files with 89 additions and 1 deletion.
diff --git a/src/class-permissions.php b/src/class-permissions.php
@@ -115,6 +115,11 @@ public static function current_user_can_use_pch_feature(
 			return false;
 		}
 
+		// If the user is a super admin, they can access the feature.
+		if ( is_multisite() && is_super_admin( $current_user->ID ) ) {
+			return true;
+		}
+
 		// Current user's role is not yet set.
 		if ( 0 === count( $user_roles ) ) {
 			return false;

diff --git a/tests/Integration/PermissionsTest.php b/tests/Integration/PermissionsTest.php
@@ -154,9 +154,11 @@ public function test_allowed_user_role_attempts_to_access_enabled_pch_features()
 	public function test_disallowed_user_role_attempts_to_access_enabled_pch_features(): void {
 		$user_disallowed = Permissions::build_pch_permissions_settings_array(
 			true,
-			array( 'editor' )
+			array( 'administrator' )
 		);
 
+		self::set_current_user_to( 'editor', 'editor' );
+
 		foreach ( $this->features_to_test as $feature ) {
 			self::assertFalse(
 				Permissions::current_user_can_use_pch_feature(
@@ -177,6 +179,87 @@ public function test_disallowed_user_role_attempts_to_access_enabled_pch_feature
 		}
 	}
 
+	/**
+	 * Verifies that permissions are correct when a super admin tries to access
+	 * disabled Content Helper features.
+	 *
+	 * @since 3.17.0
+	 *
+	 * @covers \Parsely\Permissions::current_user_can_use_pch_feature
+	 * @uses \Parsely\Permissions::build_pch_permissions_settings_array
+	 * @uses \Parsely\Permissions::get_user_roles_with_edit_posts_cap
+	 */
+	public function test_super_admin_attempts_to_access_disabled_pch_features(): void {
+		$features_disabled = Permissions::build_pch_permissions_settings_array(
+			false,
+			array( 'administrator' )
+		);
+
+		foreach ( $this->features_to_test as $feature ) {
+			self::assertFalse(
+				Permissions::current_user_can_use_pch_feature(
+					$feature,
+					$features_disabled
+				)
+			);
+
+			$this->assert_current_user_access_to_pch_feature_with_filter(
+				$feature,
+				$features_disabled
+			);
+
+			$this->assert_current_user_access_to_pch_feature_with_unset_options(
+				$feature,
+				$features_disabled
+			);
+		}
+	}
+
+	/**
+	 * Verifies that permissions are correct when a super admin tries to access
+	 * enabled Content Helper features, but with all the roles disallowed.
+	 *
+	 * @since 3.17.0
+	 *
+	 * @covers \Parsely\Permissions::current_user_can_use_pch_feature
+	 * @uses \Parsely\Permissions::build_pch_permissions_settings_array
+	 * @uses \Parsely\Permissions::get_user_roles_with_edit_posts_cap
+	 */
+	public function test_super_admin_attempts_to_access_enabled_pch_features_without_permissions(): void {
+		$features_enabled = Permissions::build_pch_permissions_settings_array(
+			true,
+			array()
+		);
+
+		foreach ( $this->features_to_test as $feature ) {
+			if ( is_multisite() ) {
+				self::assertTrue(
+					Permissions::current_user_can_use_pch_feature(
+						$feature,
+						$features_enabled
+					)
+				);
+			} else {
+				self::assertFalse(
+					Permissions::current_user_can_use_pch_feature(
+						$feature,
+						$features_enabled
+					)
+				);
+			}
+
+			$this->assert_current_user_access_to_pch_feature_with_filter(
+				$feature,
+				$features_enabled
+			);
+
+			$this->assert_current_user_access_to_pch_feature_with_unset_options(
+				$feature,
+				$features_enabled
+			);
+		}
+	}
+
 	/**
 	 * Verifies that permissions are correct when an allowed User Role tries to
 	 * access disabled Content Helper features.