Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
62.96% |
17 / 27 |
|
33.33% |
1 / 3 |
CRAP | |
0.00% |
0 / 1 |
| AI_Launchpad_Dev_Enable | |
65.38% |
17 / 26 |
|
33.33% |
1 / 3 |
20.01 | |
0.00% |
0 / 1 |
| register | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
| maybe_handle_request | |
0.00% |
0 / 8 |
|
0.00% |
0 / 1 |
12 | |||
| handle | |
100.00% |
17 / 17 |
|
100.00% |
1 / 1 |
9 | |||
| 1 | <?php |
| 2 | /** |
| 3 | * AI Launchpad no-CLI test-enable handler. |
| 4 | * |
| 5 | * Lets a tester turn the AI Launchpad on (and reset its state) for a site straight from the browser. |
| 6 | * |
| 7 | * Recognized query args (on any admin page, for a `manage_options` user): |
| 8 | * ?enable-ai-launchpad=1 Set wpcom_ai_launchpad_enabled to 1. |
| 9 | * ?enable-ai-launchpad=0 Delete wpcom_ai_launchpad_enabled (turn back off). |
| 10 | * ?reset-ai-launchpad=1 Clear the wizard / AI-output / dismissed / skipped / task-status options so the wizard runs fresh. |
| 11 | * |
| 12 | * Hooked on `admin_menu`, not `admin_init`: when the feature is OFF its page is unregistered and |
| 13 | * `user_can_access_admin_page()` dies before `admin_init`; `admin_menu` fires before that check, so the page's own |
| 14 | * URL can self-enable instead of dying first. |
| 15 | * |
| 16 | * Gate: `current_user_can( 'manage_options' )` only — no nonce, so the URL stays bookmarkable. This ships to |
| 17 | * production, where it lets any paid-site admin self-enable the (otherwise OFF) feature on their own site; tighten |
| 18 | * the gate before the controlled rollout if the feature must stay invisible to customers. |
| 19 | * |
| 20 | * @package automattic/jetpack-mu-wpcom |
| 21 | */ |
| 22 | |
| 23 | /** |
| 24 | * Handles the AI Launchpad test-enable / reset query params. |
| 25 | */ |
| 26 | class AI_Launchpad_Dev_Enable { |
| 27 | |
| 28 | /** |
| 29 | * The per-site enablement option, mirrored from AI_Launchpad::is_enabled_for_site(). |
| 30 | */ |
| 31 | const OPTION_ENABLED = 'wpcom_ai_launchpad_enabled'; |
| 32 | |
| 33 | /** |
| 34 | * Options cleared by a reset. |
| 35 | * |
| 36 | * The first three reference the REST controller's constants so a rename there can't leave a stale option name here. |
| 37 | */ |
| 38 | const RESET_OPTIONS = array( |
| 39 | AI_Launchpad_REST::OPTION_WIZARD, |
| 40 | AI_Launchpad_REST::OPTION_AI_OUTPUT, |
| 41 | AI_Launchpad_REST::OPTION_DISMISSED, |
| 42 | AI_Launchpad_REST::OPTION_SKIPPED, |
| 43 | AI_Launchpad_REST::OPTION_COMPLETED, |
| 44 | 'launchpad_checklist_tasks_statuses', // Shared completion option; no dedicated constant. |
| 45 | ); |
| 46 | |
| 47 | /** |
| 48 | * Redirect targets returned by handle(), kept as abstract tokens (not URLs) so handle() can be unit-tested. |
| 49 | */ |
| 50 | const REDIRECT_NONE = ''; |
| 51 | const REDIRECT_PAGE = 'page'; |
| 52 | const REDIRECT_DASHBOARD = 'dashboard'; |
| 53 | |
| 54 | /** |
| 55 | * Register the admin-request handler. |
| 56 | * |
| 57 | * @return void |
| 58 | */ |
| 59 | public static function register() { |
| 60 | add_action( 'admin_menu', array( __CLASS__, 'maybe_handle_request' ) ); |
| 61 | } |
| 62 | |
| 63 | /** |
| 64 | * Acts on the test-enable / reset query params, then redirects so a refresh does not re-fire the action. |
| 65 | * |
| 66 | * Disabling lands on the dashboard (the gated page is gone); everything else lands on the AI Launchpad page. |
| 67 | * |
| 68 | * @return void |
| 69 | */ |
| 70 | public static function maybe_handle_request() { |
| 71 | $target = self::handle(); |
| 72 | |
| 73 | if ( self::REDIRECT_NONE === $target ) { |
| 74 | return; |
| 75 | } |
| 76 | |
| 77 | $url = self::REDIRECT_DASHBOARD === $target |
| 78 | ? admin_url() |
| 79 | : admin_url( 'admin.php?page=' . \Automattic\Jetpack\Jetpack_Mu_Wpcom\AI_Launchpad::MENU_SLUG ); |
| 80 | |
| 81 | wp_safe_redirect( $url ); |
| 82 | exit; |
| 83 | } |
| 84 | |
| 85 | /** |
| 86 | * Applies the requested option changes and returns where to send the user, as one of the REDIRECT_* tokens. |
| 87 | * |
| 88 | * Split from the redirect/exit so it can be unit-tested in isolation. |
| 89 | * |
| 90 | * @return string One of the REDIRECT_* constants (REDIRECT_NONE when there is |
| 91 | * nothing to do: no recognized param, or no capability). |
| 92 | */ |
| 93 | public static function handle() { |
| 94 | // phpcs:disable WordPress.Security.NonceVerification.Recommended -- Intentional no-nonce toggle, see file docblock; cap-gated below. |
| 95 | $enable = isset( $_GET['enable-ai-launchpad'] ); |
| 96 | $reset = isset( $_GET['reset-ai-launchpad'] ); |
| 97 | |
| 98 | if ( ! $enable && ! $reset ) { |
| 99 | return self::REDIRECT_NONE; |
| 100 | } |
| 101 | |
| 102 | if ( ! current_user_can( 'manage_options' ) ) { |
| 103 | return self::REDIRECT_NONE; |
| 104 | } |
| 105 | |
| 106 | $disabling = false; |
| 107 | |
| 108 | if ( $enable ) { |
| 109 | $value = sanitize_text_field( wp_unslash( $_GET['enable-ai-launchpad'] ) ); |
| 110 | if ( '0' === $value ) { |
| 111 | delete_option( self::OPTION_ENABLED ); |
| 112 | $disabling = true; |
| 113 | } else { |
| 114 | update_option( self::OPTION_ENABLED, 1 ); |
| 115 | } |
| 116 | } |
| 117 | |
| 118 | if ( $reset ) { |
| 119 | foreach ( self::RESET_OPTIONS as $option ) { |
| 120 | delete_option( $option ); |
| 121 | } |
| 122 | } |
| 123 | // phpcs:enable WordPress.Security.NonceVerification.Recommended |
| 124 | |
| 125 | // Disabling removes the gated launchpad page, so land on the dashboard rather than the now-inaccessible page. |
| 126 | return $disabling ? self::REDIRECT_DASHBOARD : self::REDIRECT_PAGE; |
| 127 | } |
| 128 | } |
| 129 | |
| 130 | AI_Launchpad_Dev_Enable::register(); |