Skip to content

feat(content-gate): add per-block access control for Group, Stack, and Row blocks #4646

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dkoo merged 34 commits into from
Apr 16, 2026
Merged

feat(content-gate): add per-block access control for Group, Stack, and Row blocks #4646

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
87e2a3b
feat(content-gate): add Block_Visibility class skeleton
dkoo Apr 7, 2026
4b2c0f2
test(content-gate): complete Block_Visibility hook coverage
dkoo Apr 7, 2026
bce2306
feat(content-gate): implement render_block fast path
dkoo Apr 7, 2026
e3920bb
test(content-gate): add is_admin fast path coverage
dkoo Apr 7, 2026
4479ff3
feat(content-gate): implement registration rule evaluation
dkoo Apr 7, 2026
a066381
style(content-gate): remove trailing whitespace in Block_Visibility t…
dkoo Apr 7, 2026
c572a67
test(content-gate): add access rule evaluation and caching tests
dkoo Apr 8, 2026
fe6fbe5
feat(content-gate): implement block visibility render filter
dkoo Apr 8, 2026
2dd68d6
feat(content-gate): register block attributes server-side
dkoo Apr 8, 2026
ea4eb67
feat(content-gate): enqueue block visibility editor assets
dkoo Apr 8, 2026
39954f5
fix(content-gate): use edit_others_posts cap and strip callbacks from…
dkoo Apr 8, 2026
ee8e3d0
feat(content-gate): add block visibility JS entry and attribute regis…
dkoo Apr 8, 2026
b2c8ea2
feat(content-gate): implement block visibility Inspector panel
dkoo Apr 8, 2026
9b6b327
feat(content-gate): add AccessRuleValueControl for block visibility p…
dkoo Apr 8, 2026
28a509f
fix(content-gate): handle is_boolean rules, use config.placeholder, f…
dkoo Apr 8, 2026
4b725c5
test(content-gate): add JS unit tests for block visibility attribute …
dkoo Apr 8, 2026
1af1acb
style: tweak styles for Access Control block visibility panel
dkoo Apr 8, 2026
1ea2dc8
refactor(content-gate): replace any with proper types in block-visibi…
dkoo Apr 8, 2026
323b7aa
refactor: prettier formatting
dkoo Apr 8, 2026
553a4ca
fix(content-gate): address code review issues in block visibility
dkoo Apr 8, 2026
1c141f2
fix(content-gate): address Copilot review feedback on block visibility
dkoo Apr 8, 2026
f7f2f15
fix: allow editors to bypass access requirements
dkoo Apr 8, 2026
ec7005b
test(content-gate): add editor front-end bypass and restrict tests
dkoo Apr 8, 2026
f3dccb5
refactor: allow the blocks that can get access rules to be filtered
dkoo Apr 8, 2026
e822588
docs: update docblock
dkoo Apr 8, 2026
2b50ec8
refactor: apply filter to all instances of $target_blocks
dkoo Apr 8, 2026
ff4ec4d
feat(content-gate): add gate mode to per-block access control
dkoo Apr 8, 2026
a0ee1ea
style: tweak UI in Access Control panel
dkoo Apr 8, 2026
5292632
style: replace hardcoded px with WP grid-unit tokens
thomasguillot Apr 14, 2026
e844d3a
style: keep default ToggleControl order in Access Control panel
thomasguillot Apr 14, 2026
04640ad
refactor(content-gate): tighten Access Control panel layout
thomasguillot Apr 14, 2026
3d3d276
fix(content-gate): address human review feedback on block visibility
dkoo Apr 16, 2026
fdb124a
refactor(content-gate): use TokenItem objects in FormTokenField for I…
dkoo Apr 16, 2026
e8dff42
Revert "refactor(content-gate): use TokenItem objects in FormTokenFie…
dkoo Apr 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
366 changes: 366 additions & 0 deletions includes/content-gate/class-block-visibility.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,366 @@
<?php
/**
* Newspack Block Access Control.
*
* Per-block visibility control based on content restriction rules.
*
* @package Newspack
*/

namespace Newspack;

defined( 'ABSPATH' ) || exit;

/**
* Block_Visibility class.
*/
class Block_Visibility {

/**
* Initialize hooks.
*/
public static function init() {
add_filter( 'render_block', [ __CLASS__, 'filter_render_block' ], 10, 2 );
add_action( 'enqueue_block_editor_assets', [ __CLASS__, 'enqueue_block_editor_assets' ] );
add_filter( 'register_block_type_args', [ __CLASS__, 'register_block_type_args' ], 10, 2 );
}

/**
* Get the list of blocks that can be configured for access control visibility.
*
* @return array
*/
private static function get_target_blocks() {
/**
* Filters the list of blocks that can be configured for access control visibility.
*
* @param array $target_blocks List of block names.
* @return array
*/
$target_blocks = apply_filters( 'newspack_content_gate_block_visibility_blocks', [ 'core/group', 'core/stack', 'core/row' ] );
return $target_blocks;
}

/**
* Filter rendered block output based on access control attributes.
*
* @param string $block_content Rendered block HTML.
* @param array $block Block data.
* @return string
*/
public static function filter_render_block( $block_content, $block ) {
if ( ! in_array( $block['blockName'] ?? '', self::get_target_blocks(), true ) ) {
return $block_content;
}

// Bypass access control in admin screens and REST requests (block renderer,
// preview, query-loop rendering inside the editor) so blocks are never hidden
// from editors during content authoring.
if ( is_admin() || ( defined( 'REST_REQUEST' ) && REST_REQUEST ) ) {
return $block_content;
}

$mode = $block['attrs']['newspackAccessControlMode'] ?? 'gate';
$visibility = $block['attrs']['newspackAccessControlVisibility'] ?? 'visible';

if ( 'gate' === $mode ) {
$gate_ids = array_filter( array_map( 'intval', $block['attrs']['newspackAccessControlGateIds'] ?? [] ) );
if ( empty( $gate_ids ) ) {
return $block_content; // No gates selected → pass-through.
}
// If every referenced gate has been deleted or unpublished, treat as
// pass-through regardless of the visibility setting. This mirrors the
// "no gates selected" case and prevents 'hidden' mode from permanently
// hiding the block after a gate is removed.
if ( ! self::has_active_gates( $gate_ids ) ) {
return $block_content;
}
} else {
// Custom mode: check whether any rules are active before going further.
$rules = $block['attrs']['newspackAccessControlRules'] ?? [];

// Defensive cast: the block parser can occasionally yield a stdClass for
// object-typed attributes (e.g. after JSON round-trips).
if ( is_object( $rules ) ) {
$rules = (array) $rules;
} elseif ( ! is_array( $rules ) ) {
$rules = [];
}

$has_registration = ! empty( $rules['registration']['active'] );
$has_access_rules = ! empty( $rules['custom_access']['active'] )
&& ! empty( $rules['custom_access']['access_rules'] );

if ( ! $has_registration && ! $has_access_rules ) {
return $block_content; // No active rules → pass-through.
}
}

// Don't restrict content for users who can edit the post it's in.
$post_id = get_the_ID();
$user_id = get_current_user_id();
if ( ! empty( $post_id ) && user_can( $user_id, 'edit_post', $post_id ) ) {
return $block_content;
}

$user_matches = ( 'gate' === $mode )
? self::evaluate_gate_rules_for_user( $gate_ids, $user_id )
: self::evaluate_rules_for_user( $rules, $user_id );

if ( 'visible' === $visibility ) {
return $user_matches ? $block_content : '';
}
// 'hidden'
return $user_matches ? '' : $block_content;
Copy link
Copy Markdown
Member

@adekbadek adekbadek Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Edge case: when all selected gates are deleted or unpublished, compute_gate_rules_match() returns true (line 306 -- "no active restriction, pass-through"). But here, $user_matches = true combined with visibility = 'hidden' returns '' -- the block is hidden from everyone.

The intent of "all gates gone = no restriction" should mean the block always renders, regardless of visibility mode. Consider returning $block_content early (before the visibility check) when the gate-mode evaluation determines there are no active gates, similar to how no-gates-selected is handled on line 69:

if ( 'gate' === $mode && ! self::has_active_gates( $gate_ids ) ) {
    return $block_content;
}

Copy link
Copy Markdown
Contributor Author

@dkoo dkoo Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

3d3d276 addresses this by bailing early if the block attribute value contains no active gates.

}

/**
* Register block attributes server-side for target block types.
*
* @param array $args Block type arguments.
* @param string $block_type Block type name.
* @return array
*/
public static function register_block_type_args( $args, $block_type ) {
if ( ! in_array( $block_type, self::get_target_blocks(), true ) ) {
return $args;
}

$args['attributes'] = array_merge(
$args['attributes'] ?? [],
[
'newspackAccessControlVisibility' => [
'type' => 'string',
'default' => 'visible',
],
'newspackAccessControlMode' => [
'type' => 'string',
'default' => 'gate',
],
'newspackAccessControlGateIds' => [
'type' => 'array',
'default' => [],
'items' => [
'type' => 'integer',
],
],
'newspackAccessControlRules' => [
'type' => 'object',
'default' => (object) [],
],
]
);
return $args;
}

/**
* Enqueue block editor assets.
*/
public static function enqueue_block_editor_assets() {
if ( ! current_user_can( 'edit_others_posts' ) ) {
return;
}

$available_post_types = array_column(
Content_Restriction_Control::get_available_post_types(),
'value'
);
// get_post_type() returns false in the Site Editor / widget screens where
// no post is in context — in_array( false, [...], true ) is false, so the
// asset is correctly suppressed. This mirrors the guard in Content_Gate.
if ( ! in_array( get_post_type(), $available_post_types, true ) ) {
return;
}

$asset_file = dirname( NEWSPACK_PLUGIN_FILE ) . '/dist/content-gate-block-visibility.asset.php';
if ( ! file_exists( $asset_file ) ) {
return;
}
$asset = require $asset_file;

wp_enqueue_script(
'newspack-content-gate-block-visibility',
Newspack::plugin_url() . '/dist/content-gate-block-visibility.js',
$asset['dependencies'],
$asset['version'],
true
);

wp_localize_script(
'newspack-content-gate-block-visibility',
'newspackBlockVisibility',
[
'target_blocks' => self::get_target_blocks(),
'available_access_rules' => array_map(
function( $rule ) {
unset( $rule['callback'] );
return $rule;
},
Access_Rules::get_access_rules()
),
'available_gates' => array_values(
array_map(
function( $gate ) {
return [
'id' => $gate['id'],
'title' => $gate['title'],
];
},
Content_Gate::get_gates( Content_Gate::GATE_CPT, 'publish' )
)
),
]
);
}

/**
* Per-request cache: keyed by "{user_id}:{md5(rules)}" or "gate:{user_id}:{md5(gate_ids)}".
*
* @var bool[]
*/
private static $rules_match_cache = [];

/**
* Reset the per-request cache. Used in unit tests only.
*/
public static function reset_cache_for_tests() {
self::$rules_match_cache = [];
}

/**
* Public wrapper for tests. Calls evaluate_rules_for_user().
*
* @param array $rules Rules array.
* @param int $user_id User ID.
* @return bool
*/
public static function evaluate_rules_for_user_public( $rules, $user_id ) {
return self::evaluate_rules_for_user( $rules, $user_id );
}

/**
* Evaluate whether a user matches the block's custom access rules (with caching).
*
* @param array $rules Parsed newspackAccessControlRules attribute.
* @param int $user_id User ID (0 for logged-out).
* @return bool True if user matches (should be treated as "matching reader").
*/
private static function evaluate_rules_for_user( $rules, $user_id ) {
$cache_key = $user_id . ':' . md5( wp_json_encode( $rules ) );
if ( isset( self::$rules_match_cache[ $cache_key ] ) ) {
return self::$rules_match_cache[ $cache_key ];
}

$result = self::compute_rules_match( $rules, $user_id );
self::$rules_match_cache[ $cache_key ] = $result;
return $result;
}

/**
* Return true if at least one gate in the list is published and accessible.
*
* Used as an early-exit guard in filter_render_block() so that a block whose
* only gates have all been deleted or unpublished is treated as unrestricted,
* regardless of the block's visibility setting.
*
* @param int[] $gate_ids Array of np_content_gate post IDs.
* @return bool
*/
private static function has_active_gates( $gate_ids ) {
foreach ( $gate_ids as $gate_id ) {
$gate = Content_Gate::get_gate( $gate_id );
if ( ! \is_wp_error( $gate ) && 'publish' === $gate['status'] ) {
return true;
}
}
return false;
}

/**
* Evaluate whether a user matches any of the given gate's access rules (with caching).
*
* Assumes at least one gate in $gate_ids is active; call has_active_gates() first
* when a pass-through fallback is needed for fully-inactive gate lists.
*
* @param int[] $gate_ids Array of np_content_gate post IDs.
* @param int $user_id User ID (0 for logged-out).
* @return bool
*/
private static function evaluate_gate_rules_for_user( $gate_ids, $user_id ) {
$cache_key = 'gate:' . $user_id . ':' . md5( wp_json_encode( $gate_ids ) );
if ( isset( self::$rules_match_cache[ $cache_key ] ) ) {
return self::$rules_match_cache[ $cache_key ];
}

$result = self::compute_gate_rules_match( $gate_ids, $user_id );
self::$rules_match_cache[ $cache_key ] = $result;
return $result;
}

/**
* Compute whether a user matches the access rules of any of the given gates (uncached).
*
* @param int[] $gate_ids Array of np_content_gate post IDs.
* @param int $user_id User ID (0 for logged-out).
* @return bool
*/
private static function compute_gate_rules_match( $gate_ids, $user_id ) {
$has_active_gate = false;

foreach ( $gate_ids as $gate_id ) {
$gate = Content_Gate::get_gate( $gate_id );

// Deleted gate: Content_Gate::get_gate() returns WP_Error when the post
// doesn't exist. Unpublished gates have status !== 'publish'. Both are
// skipped so only currently-active gates impose restrictions.
if ( \is_wp_error( $gate ) || 'publish' !== $gate['status'] ) {
continue;
}

$has_active_gate = true;

$rules = [
'registration' => $gate['registration'],
'custom_access' => $gate['custom_access'],
];

// OR logic: the user passes if they satisfy any single active gate's rules.
if ( self::compute_rules_match( $rules, $user_id ) ) {
return true;
}
}

// All gates were deleted or unpublished → no active restriction → pass-through.
return ! $has_active_gate;
}

/**
* Compute whether a user matches the block's access rules (uncached).
*
* @param array $rules Parsed newspackAccessControlRules attribute.
* @param int $user_id User ID (0 for logged-out).
* @return bool
*/
private static function compute_rules_match( $rules, $user_id ) {
$registration = $rules['registration'] ?? [];
$custom_access = $rules['custom_access'] ?? [];

$registration_passes = true;
if ( ! empty( $registration['active'] ) ) {
if ( ! $user_id ) {
$registration_passes = false;
} elseif ( ! empty( $registration['require_verification'] ) ) {
$registration_passes = (bool) get_user_meta( $user_id, Reader_Activation::EMAIL_VERIFIED, true );
}
}

$access_passes = true;
if ( ! empty( $custom_access['active'] ) && ! empty( $custom_access['access_rules'] ) ) {
$access_passes = Access_Rules::evaluate_rules( $custom_access['access_rules'], $user_id );
}

// AND logic: both must pass when both are configured.
return $registration_passes && $access_passes;
}
}
Block_Visibility::init();
1 change: 1 addition & 0 deletions includes/content-gate/class-content-gate.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,7 @@ public static function init() {
include __DIR__ . '/class-institution.php';
include __DIR__ . '/class-user-gate-access.php';
include __DIR__ . '/class-premium-newsletters.php';
include __DIR__ . '/class-block-visibility.php';
}

/**
Expand Down
Loading
Loading