From 4b38fdf427fd587aa65cd02376f680f88035e020 Mon Sep 17 00:00:00 2001 From: Rebecca Hum Date: Wed, 14 Aug 2024 14:56:11 -0600 Subject: [PATCH] ACL: Default to restricting all on non-prod if ACL is enabled but no options are set (#5796) --- files/acl/acl.php | 24 ++++++++++++++++++------ tests/files/acl/test-acl.php | 6 +++--- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/files/acl/acl.php b/files/acl/acl.php index 4d177e706c..c61de59136 100644 --- a/files/acl/acl.php +++ b/files/acl/acl.php @@ -18,8 +18,9 @@ function maybe_load_restrictions() { $is_files_acl_enabled = defined( 'VIP_FILES_ACL_ENABLED' ) && true === constant( 'VIP_FILES_ACL_ENABLED' ); - $is_restrict_all_enabled = get_option_as_bool( 'vip_files_acl_restrict_all_enabled' ); - $is_restrict_unpublished_enabled = get_option_as_bool( 'vip_files_acl_restrict_unpublished_enabled' ); + $is_restrict_all_enabled = get_option_as_bool_if_exists( 'vip_files_acl_restrict_all_enabled' ); + $is_restrict_unpublished_enabled = get_option_as_bool_if_exists( 'vip_files_acl_restrict_unpublished_enabled' ); + $no_option_set = null === $is_restrict_all_enabled && null === $is_restrict_unpublished_enabled; if ( ! $is_files_acl_enabled ) { // Throw warning if restrictions are enabled but ACL constant is not set. @@ -32,11 +33,11 @@ function maybe_load_restrictions() { return; } - if ( $is_restrict_all_enabled ) { + if ( true === $is_restrict_all_enabled || ( $no_option_set && ( defined( 'VIP_GO_ENV' ) && 'production' !== VIP_GO_ENV ) ) ) { require_once __DIR__ . '/restrict-all-files.php'; add_filter( 'vip_files_acl_file_visibility', __NAMESPACE__ . '\Restrict_All_Files\check_file_visibility', 10, 2 ); - } elseif ( $is_restrict_unpublished_enabled ) { + } elseif ( true === $is_restrict_unpublished_enabled ) { require_once __DIR__ . '/restrict-unpublished-files.php'; add_filter( 'vip_files_acl_file_visibility', __NAMESPACE__ . '\Restrict_Unpublished_Files\check_file_visibility', 10, 2 ); @@ -45,8 +46,19 @@ function maybe_load_restrictions() { } } -function get_option_as_bool( $option_name ) { - $value = get_option( $option_name, false ); +/** + * Get an option as a boolean if it exists. If it does not exist, return null. + * + * @param string $option_name The name of the option to get. + * + * @return boolean|null The option value as a boolean, or null if the option does not exist. + */ +function get_option_as_bool_if_exists( $option_name ) { + $value = get_option( $option_name, null ); + + if ( null === $value ) { + return $value; + } return in_array( $value, [ true, diff --git a/tests/files/acl/test-acl.php b/tests/files/acl/test-acl.php index 156479154d..e2948cc90c 100644 --- a/tests/files/acl/test-acl.php +++ b/tests/files/acl/test-acl.php @@ -111,9 +111,9 @@ public function test__maybe_load_restrictions__constant_and_restrict_unpublished } public function test__get_option_as_bool__option_not_exists() { - $actual_value = get_option_as_bool( 'my_test_get_option_as_bool_option_not_exists' ); + $actual_value = get_option_as_bool_if_exists( 'my_test_get_option_as_bool_option_not_exists' ); - $this->assertEquals( false, $actual_value ); + $this->assertEquals( null, $actual_value ); } public function data_provider__get_option_as_bool__option_exists() { @@ -166,7 +166,7 @@ public function data_provider__get_option_as_bool__option_exists() { public function test__get_option_as_bool__option_exists( $option_value, $expected_value ) { update_option( 'my_test_get_option_as_bool_option', $option_value ); - $actual_value = get_option_as_bool( 'my_test_get_option_as_bool_option' ); + $actual_value = get_option_as_bool_if_exists( 'my_test_get_option_as_bool_option' ); $this->assertEquals( $expected_value, $actual_value ); }