Skip to content

Fix: permission callback for email-reporting EDITABLE route#12342

Open
mrtori161 wants to merge 1 commit intogoogle:developfrom
mrtori161:bug/issues-12341
Open

Fix: permission callback for email-reporting EDITABLE route#12342
mrtori161 wants to merge 1 commit intogoogle:developfrom
mrtori161:bug/issues-12341

Conversation

@mrtori161
Copy link

@mrtori161 mrtori161 commented Mar 18, 2026

Summary

Addresses issue:

Relevant technical choices

The core/site/data/email-reporting EDITABLE route's permission_callback is changed from $can_access to $can_manage, matching every other write route in REST_Email_Reporting_Controller:

- 'permission_callback' => $can_access,                                                                                                                                                                                                     
+ 'permission_callback' => $can_manage,                                                                                                                                                                                                       
                                                                                                                                                                                                                                            
The $can_access closure checks VIEW_SPLASH / VIEW_DASHBOARD, which shared dashboard users (Subscribers, Contributors) satisfy. The $can_manage closure checks MANAGE_OPTIONS, restricting modification of the global email reporting setting  
to administrators — consistent with email-reporting-invite-user, email-reporting-eligible-subscribers, and email-reporting-errors.
                                                                                                                                                                                                                                              
PR Author Checklist                                                                                                                                                                                                                         
                                                                                                                                                                                                                                            
- My code is tested and passes existing unit tests.
- My code has an appropriate set of unit tests which all pass.
- My code is backward-compatible with WordPress 5.2 and PHP 7.4.
- My code follows the WordPress coding standards.                                                                                                                                                                                             
- My code has proper inline documentation.
- I have added a QA Brief on the issue linked above.                                                                                                                                                                                          
- I have signed the Contributor License Agreement (see https://cla.developers.google.com/).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mrtori161