WordPress.org
Get WordPress

Making WordPress.org

Opened 3 months ago

Closed 3 months ago

#8206 closed defect (bug) (fixed)

Featured plugins can't change committers

Reported by: dd32's profile dd32 Owned by: dd32's profile dd32
Milestone: Priority: normal
Component: Plugin Directory Keywords: has-patch
Cc:

Description (last modified by dd32)

In #5654 we limited the Featured/Beta plugins list to being unable to manage certain features.

This was intended as a security feature to limit the blast radius of compromised plugins.

However, the recent experiment of rotating new plugins into the featured category is creating some friction for authors, with many not understanding the reasoning.

Currently the plugins in Beta/Featured cannot:

  • Close their plugin
  • Toggle public preview
  • Transfer their plugin
  • Add/Remove committers

This is enforced by: https://github.com/WordPress/wordpress.org/blob/d02b657159750b03e2d89b8968a50f5ac75ca9c1/wordpress.org/public_html/wp-content/plugins/plugin-directory/class-capabilities.php#L92-L107

Let's:

  • Expand the existing notice to be clearer that this is due to their plugin being listed in the XXXXXXX section
  • Enable the Preview toggle
  • Allow the management of committers

Change History (3)

#1 @dd32
3 months ago

  • Description modified (diff)

Originally I suggested limiting committers to just featured, but I think we should also enable it for Beta plugins now

This ticket was mentioned in PR #561 on WordPress/wordpress.org by @dd32.
3 months ago #2

  • Keywords has-patch added

## Summary

Addresses Meta Trac #8206.

  • Committer management (add/remove): Now allowed for both Beta and Featured plugins (previously required reviewer).
  • Public preview toggle: Now allowed for both Beta and Featured plugins (previously required reviewer).
  • Close and transfer: Remain restricted to reviewers for security.
  • Notice: Now explicitly tells authors which section (Beta/Featured) their plugin is in, and only mentions the actions that are actually restricted.

## Test plan

  • [ ] Verify a Featured plugin author can add/remove committers
  • [ ] Verify a Beta plugin author can add/remove committers
  • [ ] Verify a Featured/Beta plugin author can toggle public preview
  • [ ] Verify a Featured/Beta plugin author still cannot close or transfer
  • [ ] Verify the notice displays the correct section name (Beta or Featured)
  • [ ] Verify non-beta/non-featured plugins are unaffected

🤖 Generated with Claude Code

#3 @dd32
3 months ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 14718:

Plugin Directory: Allow Featured/Beta plugin owners to manage the committers and allow all committers to toggle public preview.

This relaxes a security change introduced with #5654, so adding/removing committers of these plugins now also triggers the plugins team to be CC'd for review.

Closes https://github.com/WordPress/wordpress.org/pull/561.
Fixes #8206.

Note: See TracTickets for help on using tickets.