Skip to content

[Feature] Implement plugin permissions management system#343

Draft
HILAYTRIVEDI wants to merge 2 commits intoWordPress:developfrom
HILAYTRIVEDI:feature/permisson-controls-for-connectors
Draft

[Feature] Implement plugin permissions management system#343
HILAYTRIVEDI wants to merge 2 commits intoWordPress:developfrom
HILAYTRIVEDI:feature/permisson-controls-for-connectors

Conversation

@HILAYTRIVEDI
Copy link
Copy Markdown

@HILAYTRIVEDI HILAYTRIVEDI commented Mar 26, 2026
edited by github-actions bot
Loading

What?

Closes #342

Why?

The plugin-level permissions and provider routing feature introduced three new production classes (Permissions_Manager, Plugin_Registry) and extended AI_Service, Settings_Page, Settings_Registration, bootstrap.php, and helpers.php with no test coverage. Without tests, regressions in access control logic e.g. the global toggle blocking all access, the opt-in default, provider preference filtering would go undetected.

What changed?

Production code

  • includes/Permissions/Permissions_Manager.php (new) Singleton that gates plugin AI access (plugin_has_access()), stores and retrieves per-plugin provider routing preferences (get_plugin_provider_preferences()), and sanitizes plugin IDs for use as option-name suffixes (sanitize_option_key()). Fires the wpai_register_plugins action on initialize().

  • includes/Permissions/Plugin_Registry.php (new) In-memory registry for plugins that declare themselves as AI consumers via wpai_register_plugins. Exposes register_plugin() (no-op on duplicate), get_all_plugins(), get_plugin(), and has_plugin().

  • includes/Services/AI_Service.php Added create_textgen_prompt_for_plugin(): performs an access check via Permissions_Manager, then builds a prompt scoped to the plugin's provider preferences (falls back to global if none configured).

  • includes/Settings/Settings_Page.php Added render_plugin_permissions_section(): renders an admin UI card with per-plugin access toggles and provider routing text inputs. Section is hidden when no plugins are registered; inputs are disabled when the global AI toggle is off.

  • includes/Settings/Settings_Registration.php Added register_plugin_permission_settings() (registers wpai_plugin_access_* and wpai_plugin_providers_* options per plugin) and sanitize_provider_preferences()
    (sanitizes comma-separated provider slug lists via sanitize_key()).

  • includes/bootstrap.php Calls Permissions_Manager::get_instance()->initialize() during plugin load so registrations via wpai_register_plugins are processed in time.

  • includes/helpers.php Added the public helper plugin_has_ai_access( $plugin_id ) as a thin wrapper around Permissions_Manager::plugin_has_access().

Tests

Added two new integration test files and extended the existing AI_ServiceTest:

  • tests/Integration/Includes/Permissions/Plugin_RegistryTest.php 11 tests covering register_plugin() (data storage, name/description defaults, duplicate no-op, XSS sanitization via sanitize_text_field/sanitize_textarea_field), get_all_plugins(), get_plugin(), and has_plugin().

  • tests/Integration/Includes/Permissions/Permissions_ManagerTest.php 17 tests covering the singleton (get_instance()), initialize() idempotency and action firing, plugin_has_access() (global toggle off, unregistered plugin, not granted, granted, filter override, filter receives correct plugin ID), get_plugin_provider_preferences() (empty default, stored slugs, whitespace trimming, empty segment pruning, filter override), and sanitize_option_key() (lowercasing, special-character replacement, valid-character preservation).

  • tests/Integration/Includes/Services/AI_ServiceTest.php 5 new tests for create_textgen_prompt_for_plugin() covering all denial paths (unregistered plugin, global AI disabled, access not granted) and the success paths (access granted with prompt string, access granted with null prompt).

  • All tests follow the project's WP_UnitTestCase conventions: WordPress update_option/delete_option for state, @covers tags, @since 1.0.0 aligned with the production code, and action/filter hooks cleaned up after each assertion to ensure determinism.

Testing Instructions

  1. Ensure the WordPress test environment is configured (WP_TESTS_DIR or equivalent).
  2. Run the PHP integration test suite: 
    composer test
  3. Confirm all new tests in tests/Integration/Includes/Permissions/ pass with no
    failures or warnings.
  4. Confirm no regressions in tests/Integration/Includes/Services/AI_ServiceTest.php.

Use of AI Tools

AI assistance: Yes
Tool(s): Claude Code
Used for: Initial test scaffolding (method names, assertion structure,
setUp/tearDown shape). Final tests were reviewed line-by-line, corrected for hook
cleanup (leaked add_action callbacks replaced with stored references +
remove_action), docblock style aligned to project conventions (Tests that…
descriptions, @covers, third-person setUp/tearDown descriptions), and verified
against all production source files before submission.

Testing Instructions for Keyboard

N/A no UI changes.

Screenshots or screencast

N/A test-only change.

Open WordPress Playground Preview

@codecov
Copy link
Copy Markdown

codecov bot commented Mar 26, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 32.77778% with 121 lines in your changes missing coverage. Please review.
✅ Project coverage is 56.60%. Comparing base (32c5e2d) to head (c7fa77a).

Files with missing lines Patch % Lines
includes/Settings/Settings_Page.php 0.00% 77 Missing ⚠️
includes/Settings/Settings_Registration.php 0.00% 30 Missing ⚠️
includes/Services/AI_Service.php 52.17% 11 Missing ⚠️
includes/bootstrap.php 0.00% 2 Missing ⚠️
includes/helpers.php 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@              Coverage Diff              @@
##             develop     #343      +/-   ##
=============================================
- Coverage      57.85%   56.60%   -1.25%     
- Complexity       615      652      +37     
=============================================
  Files             46       48       +2     
  Lines           3165     3339     +174     
=============================================
+ Hits            1831     1890      +59     
- Misses          1334     1449     +115
Flag Coverage Δ
unit 56.60% <32.77%> (-1.25%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@HILAYTRIVEDI HILAYTRIVEDI changed the title Implement plugin permissions management system [Feature] Implement plugin permissions management system Mar 26, 2026
@jeffpaul jeffpaul added this to the 1.0.0 milestone Mar 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@HILAYTRIVEDI HILAYTRIVEDI

Labels

None yet

Projects

None yet

Milestone

1.0.0

Development

Successfully merging this pull request may close these issues.

Add permission controls for plugins to use a connected provider

2 participants

@HILAYTRIVEDI @jeffpaul