Make desktop_mode_is_enabled() honor the desktop_mode_mode_enabled filter#106
Open
Make desktop_mode_is_enabled() honor the desktop_mode_mode_enabled filter#106
Conversation
The central helper used by render-time gates (chromeless detection, shell payloads, recycle-bin REST callback, presence, PWA, admin-bar toggle) only read user meta. The documented filter was enforced at the AJAX save and portal entry only, so a user whose meta was already '1' could keep seeing chromeless renders even when a filter denied them. The helper now ANDs the meta check with apply_filters( 'desktop_mode_mode_enabled', true, $user_id ). Adds an optional $user_id argument (default: current user) so the filter can be consulted for any user. Tests cover: filter-false overrides positive meta, filter-true with positive meta, meta gate not bypassable by filter, $user_id forwarding. Hooks reference and gate-by-role example restored to describe central enforcement; readme.txt 0.7.3 entry calls out the behavior change for sites already using the filter. Closes #105
✅ WordPress Plugin Check Report
📊 ReportAll checks passed! No errors or warnings found. 🤖 Generated by WordPress Plugin Check Action • Learn more about Plugin Check |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
desktop_mode_is_enabled()now ANDs the user-meta gate withapply_filters( 'desktop_mode_mode_enabled', true, $user_id ).$user_idarg (default current user) so the filter can be consulted for any user.Changes
includes/helpers.php— helper rewritten;@since 0.7.3note on the new filter behavior +$user_idarg.tests/phpunit/tests/desktopMode.php— four new helper tests (filter-false overrides positive meta, filter-true with positive meta, meta gate not bypassable,$user_idforwarding);remove_all_filters( 'desktop_mode_mode_enabled' )in tearDown.docs/hooks-reference.md—desktop_mode_mode_enabledentry updated to describe central enforcement, lists consulting render-time gates, calls out the 0.7.3 change.docs/examples/gate-by-role.md— restores the central-helper claim with a since-0.7.3 note.readme.txt— 0.7.3 changelog entry with explicit behavior-change call-out.Behavior change
Sites already using the
desktop_mode_mode_enabledfilter to deny a user: previously, if that user'sdesktop_mode_modeuser-meta had been set to'1'before the filter was added, render-time gates still treated them as enabled. After this change, every gate that consultsdesktop_mode_is_enabled()honors the filter denial. The user is rendered as classic admin with the toggle visible but inert (AJAX continues to deny). To preserve the pre-0.7.3 leaky behavior, leave the filter off and clear user meta directly when revoking access.Verified
npm run buildpassing (all 6 vite targets).npm run lintpassing.tsc --noEmitpassing.npm run test:js: 803/803 passing.npm run test:phpnot run locally (wp-env port conflict with another worktree); relying on CI.Carve-out audit
Trunk's
includes/admin-bar.phpdoes not yet contain PR #102's carve-out (PR #102 is the parent of this work in spirit but unmerged). The toggle's "active" label usesdesktop_mode_is_enabled(). After this change, a filter-denied user with stalemeta=1sees the toggle as "Switch to Desktop Mode" (label flips because helper returns false) and is rendered as classic admin; clicking still hits the AJAX filter and is denied. No regression vs trunk: pre-this-change, the same user was already trapped because the AJAX filter blocks both enable and disable.When PR #102 merges, its carve-out will need its own direct user-meta query rather than
desktop_mode_is_enabled()for the "already inside the shell, allow exit" affordance.Open question (out of scope)
The AJAX endpoint runs the filter unconditionally on both enable and disable, which means filter-denied users with stale
meta=1cannot disable through the toggle. Worth a separate carve-out (let a denied user clear their own meta on the way out).Closes #105