Parsely · acicovic · Jul 4, 2024 · Jul 3, 2024 · Jul 3, 2024 · Jul 4, 2024
@@ -1 +1 @@
-<?php return array('dependencies' => array('react', 'wp-api-fetch', 'wp-components', 'wp-data', 'wp-element', 'wp-i18n', 'wp-url'), 'version' => '2a085e2f1803cbb45764');
+<?php return array('dependencies' => array('react', 'wp-api-fetch', 'wp-components', 'wp-data', 'wp-element', 'wp-i18n', 'wp-url'), 'version' => 'f4e6e429c37dc198b4a8');
@@ -1 +1 @@
-<?php return array('dependencies' => array('react', 'wp-api-fetch', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-compose', 'wp-core-data', 'wp-data', 'wp-dom-ready', 'wp-edit-post', 'wp-editor', 'wp-element', 'wp-hooks', 'wp-i18n', 'wp-plugins', 'wp-primitives', 'wp-url'), 'version' => 'ac7a09f073a20dbbcbf8');
+<?php return array('dependencies' => array('react', 'wp-api-fetch', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-compose', 'wp-core-data', 'wp-data', 'wp-dom-ready', 'wp-edit-post', 'wp-editor', 'wp-element', 'wp-hooks', 'wp-i18n', 'wp-plugins', 'wp-primitives', 'wp-url'), 'version' => 'a29409d616774f7538c5');
@@ -1 +1 @@
-<?php return array('dependencies' => array('react', 'wp-api-fetch', 'wp-components', 'wp-data', 'wp-edit-post', 'wp-editor', 'wp-element', 'wp-hooks', 'wp-i18n', 'wp-plugins', 'wp-primitives', 'wp-url', 'wp-wordcount'), 'version' => '1c19550f70ae7ceace8b');
+<?php return array('dependencies' => array('react', 'wp-api-fetch', 'wp-components', 'wp-data', 'wp-edit-post', 'wp-editor', 'wp-element', 'wp-hooks', 'wp-i18n', 'wp-plugins', 'wp-primitives', 'wp-url', 'wp-wordcount'), 'version' => '3cb52e5742af48be073d');
@@ -24,6 +24,7 @@ declare global {
 		},
 
 		wpParselyContentHelperSettings: string;
+		wpParselyContentHelperPermissions: string;
 		wpParselyDisableAutotrack?: boolean;
 		wpParselyEmptyCredentialsMessage: string;
 		wpParselyHooks?: _Hooks;

@@ -10,10 +10,9 @@
 
 namespace Parsely\Endpoints\Content_Helper;
 
-use InvalidArgumentException;
 use Parsely\Endpoints\Base_Endpoint;
 use Parsely\Models\Smart_Link;
-use Parsely\Parsely;
+use Parsely\Permissions;
 use WP_Post;
 use WP_REST_Request;
 use WP_REST_Response;
@@ -45,18 +44,19 @@ class Smart_Linking_Endpoint extends Base_Endpoint {
 	 * @return bool
 	 */
 	public function is_available_to_current_user( $request = null ): bool {
-		if ( null === $request ) {
-			return false;
+		$post_id = false;
+		if ( $request instanceof WP_REST_Request ) {
+			$temp_post_id = $request->get_param( 'post_id' );
+			if ( is_numeric( $temp_post_id ) ) {
+				$post_id = intval( $temp_post_id );
+			}
 		}
 
-		$post_id = $request->get_param( 'post_id' );
-
-		if ( null !== $post_id ) {
-			// Check if the current user has edit capabilities for the post.
-			$can_edit = current_user_can( 'edit_post', $post_id );
-		} else {
-			$can_edit = current_user_can( 'edit_posts' );
-		}
+		$can_access_pch = Permissions::current_user_can_use_pch_feature(
+			'smart_linking',
+			$this->parsely->get_options()['content_helper'],
+			$post_id
+		);
 
 		// Check if the current user has the smart linking capability.
 		$has_capability = current_user_can(
@@ -66,7 +66,7 @@ public function is_available_to_current_user( $request = null ): bool {
 			)
 		);
 
-		return $can_edit && $has_capability;
+		return $can_access_pch && $has_capability;
 	}
 
 	/**

@@ -13,6 +13,7 @@
 
 use Parsely\Endpoints\Base_API_Proxy;
 use Parsely\Parsely;
+use Parsely\Permissions;
 use Parsely\RemoteAPI\ContentSuggestions\Suggest_Brief_API;
 use stdClass;
 use WP_REST_Request;
@@ -81,6 +82,11 @@ public function get_items( WP_REST_Request $request ) {
 			return $validation;
 		}
 
+		$pch_options = $this->parsely->get_options()['content_helper'];
+		if ( ! Permissions::current_user_can_use_pch_feature( 'excerpt_suggestions', $pch_options ) ) {
+			return new WP_Error( 'ch_access_to_feature_disabled', '', array( 'status' => 403 ) );
+		}
+
 		/**
 		 * The post content to be sent to the API.
 		 *

@@ -13,6 +13,7 @@
 
 use Parsely\Endpoints\Base_API_Proxy;
 use Parsely\Parsely;
+use Parsely\Permissions;
 use Parsely\RemoteAPI\ContentSuggestions\Suggest_Headline_API;
 use stdClass;
 use WP_REST_Request;
@@ -81,6 +82,11 @@ public function get_items( WP_REST_Request $request ) {
 			return $validation;
 		}
 
+		$pch_options = $this->parsely->get_options()['content_helper'];
+		if ( ! Permissions::current_user_can_use_pch_feature( 'title_suggestions', $pch_options ) ) {
+			return new WP_Error( 'ch_access_to_feature_disabled', '', array( 'status' => 403 ) );
+		}
+
 		/**
 		 * The post content to be sent to the API.
 		 *

@@ -13,6 +13,7 @@
 
 use Parsely\Endpoints\Base_API_Proxy;
 use Parsely\Parsely;
+use Parsely\Permissions;
 use Parsely\RemoteAPI\ContentSuggestions\Suggest_Linked_Reference_API;
 use stdClass;
 use WP_REST_Request;
@@ -80,6 +81,11 @@ public function get_items( WP_REST_Request $request ) {
 			return $validation;
 		}
 
+		$pch_options = $this->parsely->get_options()['content_helper'];
+		if ( ! Permissions::current_user_can_use_pch_feature( 'smart_linking', $pch_options ) ) {
+			return new WP_Error( 'ch_access_to_feature_disabled', '', array( 'status' => 403 ) );
+		}
+
 		/**
 		 * The post content to be sent to the API.
 		 *

@@ -78,7 +78,7 @@
  *
  * @phpstan-type Parsely_Settings_Options_Content_Helper_Feature array{
  *   enabled?: bool,
- *   allowed_user_roles?: string[],
+ *   allowed_user_roles?: array<string, string>|array<string, bool>
  * }
  *
  * @phpstan-import-type Parsely_Options from Parsely

@@ -34,7 +34,7 @@
  *   track_post_types: string[],
  *   track_page_types: string[],
  *   track_post_types_as?: array<string, string>,
- *   full_metadata_in_non_posts: ?bool,
+ *   full_metadata_in_non_posts: bool,
  *   disable_javascript: bool,
  *   disable_amp: bool,
  *   meta_type: string,
@@ -95,15 +95,15 @@ class Parsely {
 			'ai_features_enabled' => true,
 			'smart_linking'       => array(
 				'enabled'            => true,
-				'allowed_user_roles' => array(),
+				'allowed_user_roles' => array( 'administrator' ),
 			),
 			'title_suggestions'   => array(
 				'enabled'            => true,
-				'allowed_user_roles' => array(),
+				'allowed_user_roles' => array( 'administrator' ),
 			),
 			'excerpt_suggestions' => array(
 				'enabled'            => true,
-				'allowed_user_roles' => array(),
+				'allowed_user_roles' => array( 'administrator' ),
 			),
 		),
 		'track_authenticated_users'  => false,
@@ -433,10 +433,19 @@ public function get_options() {
 		 */
 		$options = get_option( self::OPTIONS_KEY, null );
 
+		// @phpstan-ignore isset.offset, booleanAnd.alwaysFalse
 		if ( is_array( $options ) && ! isset( $options['full_metadata_in_non_posts'] ) ) {
+			// Existing plugin installation without full metadata option.
 			$this->set_default_full_metadata_in_non_posts();
 		}
 
+		// @phpstan-ignore isset.offset, booleanAnd.alwaysFalse
+		if ( is_array( $options ) && ! isset( $options['content_helper'] ) ) {
+			// Existing plugin installation without Content Helper options.
+			$this->set_default_content_helper_settings_values();
+		}
+
+		// New plugin installation that hasn't saved its options yet.
 		if ( ! is_array( $options ) ) {
 			$this->set_default_track_as_values();
 			$this->set_default_full_metadata_in_non_posts();
@@ -532,6 +541,22 @@ public function set_default_full_metadata_in_non_posts(): void {
 		}
 	}
 
+	/**
+	 * Sets the default values for Content Helper options.
+	 *
+	 * Gives PCH access to all users having the edit_posts capability, to keep
+	 * consistent behavior with plugin versions prior to 3.16.0.
+	 *
+	 * @since 3.16.0
+	 */
+	public function set_default_content_helper_settings_values(): void {
+		$this->option_defaults['content_helper'] =
+		Permissions::build_pch_permissions_settings_array(
+			true,
+			array_keys( Permissions::get_user_roles_with_edit_posts_cap() )
+		);
+	}
+
 	/**
 	 * Gets the URL of the plugin's settings page.
 	 *

@@ -14,6 +14,9 @@
  * Class implementing user/role permissions functionality.
  *
  * @since 3.16.0
+ *
+ * @phpstan-import-type Parsely_Options_Content_Helper from Parsely
+ * @phpstan-import-type Parsely_Options_Content_Helper_Feature from Parsely
  */
 class Permissions {
 	/**
@@ -39,4 +42,127 @@ public static function get_user_roles_with_edit_posts_cap(): array {
 
 		return $result;
 	}
+
+	/**
+	 * Returns whether the current user has the permission to access the
+	 * specified Content Helper feature.
+	 *
+	 * @since 3.16.0
+	 *
+	 * @param string                         $feature_name The feature's name.
+	 * @param Parsely_Options_Content_Helper $pch_options The Content Helper options.
+	 * @param int|false                      $post_id The post ID, if the check is for a specific post.
+	 * @return bool Whether the current user can access the specified feature.
+	 */
+	public static function current_user_can_use_pch_feature(
+		string $feature_name,
+		$pch_options,
+		$post_id = false
+	): bool {
+		if ( isset( $pch_options[ $feature_name ] ) ) {
+			/**
+			 * The feature's options.
+			 *
+			 * @var Parsely_Options_Content_Helper_Feature $feature_options
+			 */
+			$feature_options = $pch_options[ $feature_name ];
+		} else {
+			return false;
+		}
+
+		// All AI features are disabled.
+		if ( true !== $pch_options['ai_features_enabled'] ) {
+			return false;
+		}
+
+		// The specific AI feature is disabled.
+		if ( true !== $feature_options['enabled'] ) {
+			return false;
+		}
+
+		// Current user's role is not yet set.
+		$current_user = wp_get_current_user();
+		if ( 0 === count( $current_user->roles ) ) {
+			return false;
+		}
+
+		// Check that the user's role has the capability to edit posts.
+		$current_user_role = $current_user->roles[0];
+		$valid_roles       = array_keys( self::get_user_roles_with_edit_posts_cap() );
+		if ( ! in_array( $current_user_role, $valid_roles, true ) ) {
+			return false;
+		}
+
+		// Check that the user's role has access to the specific feature/post.
+		$allowed_roles = $feature_options['allowed_user_roles'];
+		if ( in_array( $current_user_role, $allowed_roles, true ) ) {
+			if ( (int) $post_id > 0 ) {
+				return current_user_can( 'edit_post', $post_id );
+			}
+
+			return true;
+		}
+
+		return false;
+	}
+
+	/**
+	 * Returns a JSON-encoded string with the Content Helper permissions for the
+	 * current user.
+	 *
+	 * @since 3.16.0
+	 *
+	 * @param Parsely_Options_Content_Helper $pch_options The options to check against.
+	 * @return string The JSON-encoded permissions string.
+	 */
+	public static function get_pch_permissions_json( $pch_options ): string {
+		$permissions = array();
+		$features    = array(
+			'SmartLinking'     => 'smart_linking',
+			'TitleSuggestions' => 'title_suggestions',
+		);
+
+		foreach ( $features as $key => $value ) {
+			$permissions[ $key ] = self::current_user_can_use_pch_feature(
+				$value,
+				$pch_options,
+				get_the_ID()
+			);
+		}
+
+		$result = wp_json_encode( $permissions );
+
+		return is_string( $result ) ? $result : '';
+	}
+
+	/**
+	 * Builds and returns a permissions settings array for the Content Helper,
+	 * based on the passed values.
+	 *
+	 * @since 3.16.0
+	 *
+	 * @param bool               $enabled Whether to enable the features.
+	 * @param array<int, string> $allowed_user_roles The allowed user roles.
+	 * @return Parsely_Options_Content_Helper The resulting permissions settings.
+	 */
+	public static function build_pch_permissions_settings_array(
+		bool $enabled,
+		array $allowed_user_roles
+	) {
+		return array(
+			'ai_features_enabled' => $enabled,
+			'smart_linking'       => array(
+				'enabled'            => $enabled,
+				'allowed_user_roles' => $allowed_user_roles,
+			),
+			'title_suggestions'   => array(
+				'enabled'            => $enabled,
+				'allowed_user_roles' => $allowed_user_roles,
+			),
+			'excerpt_suggestions' => array(
+				'enabled'            => $enabled,
+				'allowed_user_roles' => $allowed_user_roles,
+			),
+		);
+	}
 }
@@ -11,6 +11,7 @@
 namespace Parsely\Content_Helper;
 
 use Parsely\Parsely;
+use Parsely\Permissions;
 use WP_REST_Request;
 
 /**
@@ -128,6 +129,17 @@ protected function inject_inline_scripts(
 		$are_credentials_set = $this->parsely->site_id_is_set() &&
 			$this->parsely->api_secret_is_set();
 
+		// Inject Content Helper permissions.
+		$permissions_json = Permissions::get_pch_permissions_json(
+			$this->parsely->get_options()['content_helper']
+		);
+		wp_add_inline_script(
+			static::get_script_id(),
+			"window.wpParselyContentHelperPermissions = '$permissions_json';",
+			'before'
+		);
+
+		// Inject a message if the required credentials are not set.
 		if ( ! $are_credentials_set ) {
 			$message = $this->get_credentials_not_set_message();