Fix template switching

[superdav42]

Summary by CodeRabbit

• Bug Fixes

  • Fixed input validation for field template rendering to prevent errors
  • Improved handling of missing field descriptions to prevent null-related issues

• Improvements

  • Enhanced permission system for customer panel access with more specific capability checks
  • Refined error messaging for site creation workflow clarity
  • Updated admin panel URLs for template switching access

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The changes expand AJAX endpoint routing for field template rendering, implement a capability-based access control system using 'wu_manage_membership', introduce capability grant logic for administrators, add template string validation, and make minor UI/text adjustments across multiple customer panel pages.

Changes

Cohort / File(s)	Summary
Capability Updates for Customer Panel Admin Pages inc/admin-pages/customer-panel/class-account-admin-page.php, inc/admin-pages/customer-panel/class-add-new-site-admin-page.php, inc/admin-pages/customer-panel/class-my-sites-admin-page.php	Updated $supported_panels capability mappings from 'exist' to 'wu_manage_membership' for 'admin_menu' and 'user_admin_menu' entries.
Capability Updates with Property Removal inc/admin-pages/customer-panel/class-checkout-admin-page.php, inc/admin-pages/customer-panel/class-template-switching-admin-page.php	Removed $parent property and updated $supported_panels capability mappings from 'read' to 'wu_manage_membership' for both menu types.
Capability Grant Mechanism inc/class-wp-ultimo.php	Added grant_customer_capabilities method with user_has_cap filter hook to grant 'wu_manage_membership' capability to administrators identified as Ultimate Multisite customers.
AJAX Endpoint Routing and Field Template Handling assets/js/checkout.js, inc/managers/class-field-templates-manager.php	Expanded AJAX endpoint condition to include 'wu_render_field_template' action; added template string validation ensuring minimum segment count when split by '/'.
Field and UI Updates inc/checkout/signup-fields/class-signup-field-template-selection.php, views/admin-pages/fields/field-note.php	Changed ternary null-coalescing to null-coalescing operator (?: to ??); added null coalescing for $field->desc.
Minor Updates inc/managers/class-site-manager.php, inc/ui/class-site-actions-element.php	Updated error message text; modified template_switching action URL to explicitly reference 'admin.php'.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Areas requiring extra attention:
  • inc/class-wp-ultimo.php – Verify grant_customer_capabilities logic correctly identifies Ultimate Multisite customers and properly integrates with the WordPress capability system via the user_has_cap filter.
  • inc/managers/class-field-templates-manager.php – Confirm template string validation prevents malformed requests without breaking legitimate use cases.
  • Multiple customer panel files – Ensure 'wu_manage_membership' capability requirement is consistently applied and that removal of $parent properties doesn't affect page hierarchy/display.

Possibly related PRs

• fix Activate wizard #230 – Also modifies inc/class-wp-ultimo.php and WP_Ultimo::init() initialization logic, introducing related filter/capability hooks.
• Final release for wp.org #208 – Touches field template rendering logic in inc/managers/class-field-templates-manager.php and related template flow handling.

Poem

🐰 A rabbit hops through permissions deep,
Granting 'wu_manage_membership' to keepers.
Fields now validated, templates reroute,
Admin menus shuffled on capability's route,
With null-safe checks, the flow runs true—
Our warren's access tightened anew! 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Fix template switching' is vague and does not clearly convey the specific changes made in this pull request, which include capability updates, field template validation, URL generation fixes, and null handling improvements across multiple admin pages and managers.	Consider a more descriptive title that captures the main changes, such as 'Update capabilities and fix template switching URL generation' or 'Add wu_manage_membership capability checks and field template validation'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix-template-switching

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

inc/checkout/signup-fields/class-signup-field-template-selection.php (1)

351-357: Behavioral change in category defaulting logic

Line 355 changed from the Elvis operator (?-) to null coalescing (??), which alters how missing categories are handled. The old ?- triggered the fallback for any falsy value (empty array, empty string, false, 0), whereas ?? only triggers on null or undefined. This means stored field configurations with explicitly empty category lists will now be treated as "no categories" instead of falling back to "all categories". Verify that no existing saved field configurations depend on the previous behavior where empty values implicitly meant "show all categories".

🧹 Nitpick comments (1)

assets/js/checkout.js (1)

734-742: Route wu_render_field_template through late_ajaxurl

Including wu_render_field_template in the set of actions using wu_checkout.late_ajaxurl makes its routing consistent with wu_validate_form and wu_create_order, which should help when template rendering depends on late-bound context. If more actions follow this pattern later, consider extracting the hard-coded list into a small helper/constant for maintainability.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 165ab6e and f10a1ea.

📒 Files selected for processing (12)

• assets/js/checkout.js (1 hunks)
• inc/admin-pages/customer-panel/class-account-admin-page.php (1 hunks)
• inc/admin-pages/customer-panel/class-add-new-site-admin-page.php (1 hunks)
• inc/admin-pages/customer-panel/class-checkout-admin-page.php (1 hunks)
• inc/admin-pages/customer-panel/class-my-sites-admin-page.php (1 hunks)
• inc/admin-pages/customer-panel/class-template-switching-admin-page.php (1 hunks)
• inc/checkout/signup-fields/class-signup-field-template-selection.php (1 hunks)
• inc/class-wp-ultimo.php (2 hunks)
• inc/managers/class-field-templates-manager.php (1 hunks)
• inc/managers/class-site-manager.php (1 hunks)
• inc/ui/class-site-actions-element.php (1 hunks)
• views/admin-pages/fields/field-note.php (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (4)

views/admin-pages/fields/field-note.php (1)

inc/functions/helper.php (1)

• wu_kses_allowed_html (326-589)

inc/class-wp-ultimo.php (1)

inc/functions/customer.php (1)

• wu_get_customer_by_user_id (97-100)

inc/checkout/signup-fields/class-signup-field-template-selection.php (1)

inc/models/class-site.php (2)

• Site (26-1915)
• get_all_categories (1840-1884)

inc/ui/class-site-actions-element.php (4)

inc/admin-pages/class-base-admin-page.php (1)

• get_id (236-239)

inc/limitations/class-limit.php (1)

• get_id (168-171)

inc/ui/class-base-element.php (1)

• get_id (961-964)

inc/models/class-base-model.php (1)

• get_id (427-430)

🪛 PHPMD (2.15.0)

inc/class-wp-ultimo.php

969-969: Avoid unused parameters such as '$args'. (undefined)

(UnusedFormalParameter)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: cypress (8.1, chrome)
• GitHub Check: cypress (8.2, chrome)

🔇 Additional comments (11)

inc/managers/class-site-manager.php (1)

170-172: Clearer not-owner error message

The updated copy (“add a site to this membership”) is grammatically clearer and better reflects the action, with no behavioral impact.

views/admin-pages/fields/field-note.php (1)

29-32: Safer handling of optional field description

Defaulting $field->desc to an empty string before passing to wp_kses() makes this view more robust when desc is null or unset, without changing output semantics when it is set.

inc/admin-pages/customer-panel/class-my-sites-admin-page.php (1)

71-74: My Sites page now gated by wu_manage_membership

Switching both admin_menu and user_admin_menu to require wu_manage_membership aligns this page with the new capability model and centralizes access control. Please confirm that all intended customer/admin roles receive this capability so existing users don’t unexpectedly lose access to the My Sites page.

inc/admin-pages/customer-panel/class-add-new-site-admin-page.php (1)

87-90: Add New Site page now restricted to wu_manage_membership

Requiring wu_manage_membership for both admin and user panels is consistent with the rest of the customer-panel changes and clearly ties “add site” to membership management. Please verify that customers who should be able to add sites are granted this capability, or they’ll lose access to this page.

inc/admin-pages/customer-panel/class-account-admin-page.php (1)

71-74: Account page now requires wu_manage_membership

Using wu_manage_membership for both admin_menu and user_admin_menu standardizes access control for the Account page with the rest of the customer panel. Please confirm that the new capability grant logic covers all users who should still see their Account page in wp-admin.

inc/admin-pages/customer-panel/class-template-switching-admin-page.php (1)

61-64: Template Switching page aligned with wu_manage_membership capability

Requiring wu_manage_membership for both user and admin menus brings the Template Switching page in line with the rest of the membership-driven customer panel. Ensure that any users who previously could switch templates (via the old read gating) are correctly granted wu_manage_membership so they retain access.

inc/class-wp-ultimo.php (2)

214-214: LGTM! Filter hook correctly registered.

The user_has_cap filter is properly registered to enable dynamic capability granting for the wu_manage_membership capability.

---

954-986: Caching is already implemented via the Query class.

The customer lookup already benefits from WordPress object caching. The Customer_Query class (which handles customer lookups via get_by()) is configured with cache_group = 'customers' and global_cache = true. The parent Query class registers these groups with wp_cache_add_global_groups() in its constructor, so database queries are cached at the WordPress object cache level.

No additional caching layer is needed.

inc/ui/class-site-actions-element.php (1)

373-382: LGTM! URL construction improved.

The addition of 'admin.php' as the second parameter to get_admin_url() makes the URL construction more explicit and ensures the template switching link targets the correct admin page structure.

inc/managers/class-field-templates-manager.php (1)

62-64: LGTM! Essential input validation added.

This validation properly guards against malformed template names that would cause array index errors on lines 66 and 72. The check ensures the template string contains the required format (e.g., field_type/template_id) before proceeding with rendering.

inc/admin-pages/customer-panel/class-checkout-admin-page.php (1)

61-64: Capability change is properly gated and allows legitimate access.

The grant_customer_capabilities() method in inc/class-wp-ultimo.php correctly handles the new 'wu_manage_membership' requirement. The logic grants this capability only to users who:

• Have the 'manage_options' capability (administrators)
• Are registered as Ultimate Multisite customers

All administrators who are customers will receive access as intended. Non-admin customers and non-customer administrators are properly denied access, which is the intended behavior.