Merge branch 'trunk' into skip-page-builder-dip

Author: adamsilverstein

src/wp-includes/collaboration/class-wp-http-polling-sync-server.php

@@ -181,10 +181,25 @@ public function check_permissions( WP_REST_Request $request ) {
 			);
 		}
 
-		$rooms = $request['rooms'];
+		$rooms      = $request['rooms'];
+		$wp_user_id = get_current_user_id();
 
 		foreach ( $rooms as $room ) {
-			$room         = $room['room'];
+			$client_id = $room['client_id'];
+			$room      = $room['room'];
+
+			// Check that the client_id is not already owned by another user.
+			$existing_awareness = $this->storage->get_awareness_state( $room );
+			foreach ( $existing_awareness as $entry ) {
+				if ( $client_id === $entry['client_id'] && $wp_user_id !== $entry['wp_user_id'] ) {
+					return new WP_Error(
+						'rest_cannot_edit',
+						__( 'Client ID is already in use by another user.' ),
+						array( 'status' => rest_authorization_required_code() )
+					);
+				}
+			}
+
 			$type_parts   = explode( '/', $room, 2 );
 			$object_parts = explode( ':', $type_parts[1] ?? '', 2 );
 
@@ -346,6 +361,7 @@ private function process_awareness_update( string $room, int $client_id, ?array
 				'client_id'  => $client_id,
 				'state'      => $awareness_update,
 				'updated_at' => $current_time,
+				'wp_user_id' => get_current_user_id(),
 			);
 		}
 
@@ -407,7 +423,10 @@ private function process_sync_update( string $room, int $client_id, int $cursor,
 
 					return $this->add_update( $room, $client_id, $type, $data );
 				}
-				break;
+
+				// Reaching this point means there's a newer compaction, so we can
+				// silently ignore this one.
+				return true;
 
 			case self::UPDATE_TYPE_SYNC_STEP1:
 			case self::UPDATE_TYPE_SYNC_STEP2:

src/wp-includes/css/buttons.css

@@ -208,8 +208,8 @@ TABLE OF CONTENTS:
 .wp-core-ui .button-secondary:disabled,
 .wp-core-ui .button-secondary.disabled,
 .wp-core-ui .button-disabled {
-	color: #949494 !important;
-	border-color: #dddddd !important;
+	color: #8a8a8a !important;
+	border-color: #d8d8d8 !important;
 	background: transparent !important;
 	box-shadow: none !important;
 	cursor: default;
@@ -312,9 +312,9 @@ TABLE OF CONTENTS:
 .wp-core-ui .button-primary:disabled,
 .wp-core-ui .button-primary-disabled,
 .wp-core-ui .button-primary.disabled {
-	color: #949494 !important;
-	background: #f0f0f0 !important;
-	border-color: #f0f0f0 !important;
+	color: #8a8a8a !important;
+	background: #e2e2e2 !important;
+	border-color: #e2e2e2 !important;
 	box-shadow: none !important;
 	text-shadow: none !important;
 	cursor: default;

tests/phpunit/tests/rest-api/rest-sync-server.php

@@ -623,6 +623,63 @@ public function test_sync_should_compact_is_false_for_non_compactor() {
 		$this->assertFalse( $data['rooms'][0]['should_compact'] );
 	}
 
+	public function test_sync_stale_compaction_succeeds_when_newer_compaction_exists() {
+		wp_set_current_user( self::$editor_id );
+
+		$room   = $this->get_post_room();
+		$update = array(
+			'type' => 'update',
+			'data' => 'dGVzdA==',
+		);
+
+		// Client 1 sends an update to seed the room.
+		$response = $this->dispatch_sync(
+			array(
+				$this->build_room( $room, 1, 0, array( 'user' => 'c1' ), array( $update ) ),
+			)
+		);
+
+		$end_cursor = $response->get_data()['rooms'][0]['end_cursor'];
+
+		// Client 2 sends a compaction at the current cursor.
+		$compaction = array(
+			'type' => 'compaction',
+			'data' => 'Y29tcGFjdGVk',
+		);
+
+		$this->dispatch_sync(
+			array(
+				$this->build_room( $room, 2, $end_cursor, array( 'user' => 'c2' ), array( $compaction ) ),
+			)
+		);
+
+		// Client 3 sends a stale compaction at cursor 0. The server should find
+		// client 2's compaction in the updates after cursor 0 and silently discard
+		// this one.
+		$stale_compaction = array(
+			'type' => 'compaction',
+			'data' => 'c3RhbGU=',
+		);
+		$response         = $this->dispatch_sync(
+			array(
+				$this->build_room( $room, 3, 0, array( 'user' => 'c3' ), array( $stale_compaction ) ),
+			)
+		);
+
+		$this->assertSame( 200, $response->get_status() );
+
+		// Verify the newer compaction is preserved and the stale one was not stored.
+		$response    = $this->dispatch_sync(
+			array(
+				$this->build_room( $room, 4, 0, array( 'user' => 'c4' ) ),
+			)
+		);
+		$update_data = wp_list_pluck( $response->get_data()['rooms'][0]['updates'], 'data' );
+
+		$this->assertContains( 'Y29tcGFjdGVk', $update_data, 'The newer compaction should be preserved.' );
+		$this->assertNotContains( 'c3RhbGU=', $update_data, 'The stale compaction should not be stored.' );
+	}
+
 	/*
 	 * Awareness tests.
 	 */
@@ -697,6 +754,31 @@ public function test_sync_awareness_updates_existing_client() {
 		$this->assertSame( array( 'cursor' => 'updated' ), $awareness[1] );
 	}
 
+	public function test_sync_awareness_client_id_cannot_be_used_by_another_user() {
+		wp_set_current_user( self::$editor_id );
+
+		$room = $this->get_post_room();
+
+		// Editor establishes awareness with client_id 1.
+		$this->dispatch_sync(
+			array(
+				$this->build_room( $room, 1, 0, array( 'name' => 'Editor' ) ),
+			)
+		);
+
+		// A different user tries to use the same client_id.
+		$editor_id_2 = self::factory()->user->create( array( 'role' => 'editor' ) );
+		wp_set_current_user( $editor_id_2 );
+
+		$response = $this->dispatch_sync(
+			array(
+				$this->build_room( $room, 1, 0, array( 'name' => 'Impostor' ) ),
+			)
+		);
+
+		$this->assertErrorResponse( 'rest_cannot_edit', $response, 403 );
+	}
+
 	/*
 	 * Multiple rooms tests.
 	 */