Don't load editor AI image and media tools for secondary accounts not connected to WordPress.com#50079
Don't load editor AI image and media tools for secondary accounts not connected to WordPress.com#50079saroshaga wants to merge 5 commits into
Conversation
|
Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.
Interested in more tips and information?
|
|
Thank you for your PR! When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:
This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖 Follow this PR Review Process:
If you have questions about anything, reach out in #jetpack-developers for guidance! Jetpack plugin: The Jetpack plugin has different release cadences depending on the platform:
If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack. |
Code Coverage SummaryCoverage changed in 1 file.
|
… WordPress.com The editor's AI image and media generation tools load from a single asset that was enqueued whenever the site had a connection owner. That meant the asset also loaded for admins who had not connected their own WordPress.com account, even though they cannot use the tools and the tools error out when used. Gate enablement on the current user's own connection (always true on WordPress.com Simple and WoA, otherwise the current user must be connected), matching how the block-level AI features already behave. The asset is no longer enqueued for non-connected users, so the related editor and media-library entry points are hidden instead of shown and erroring. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The site-level enablement check does double duty: it decides whether the site offers the AI media tools (which drives the Big Sky stand-down signal and the suppression of the legacy AI image extensions) and, previously, whether to load them for the current user. Gating the whole thing on the current user's connection meant a non-connected visitor stopped Jetpack from signalling ownership, so Big Sky loaded its own copy instead. Keep the site-level check independent of the visitor and move the per-user connection gate onto the actual asset enqueue and the media-library entry point. A non-connected user now gets neither Jetpack's tools nor the Big Sky fallback, and the legacy image extensions stay suppressed. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Atomic (WoA) has per-user Jetpack connections, so a user who disconnects their own account can no longer use the AI tools. is_wpcom_platform() lumped Atomic in with Simple and treated that user as connected, so the assets still loaded. Short-circuit only Simple (no per-user connection there) and let Atomic fall through to the real is_user_connected() check, like self-hosted and VIP. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
c1e3880 to
44b7b92
Compare
There was a problem hiding this comment.
Pull request overview
This PR aligns Image Studio’s editor/media-library entry points with the existing per-user connection gating used by other AI features, preventing AI image/media tooling from loading (and erroring) for administrators who haven’t connected their own WordPress.com account.
Changes:
- Add a per-user connection helper (
is_current_user_connected()) with WordPress.com Simple short-circuit behavior. - Gate editor/admin asset enqueue and Media Library row-action registration on the current user’s connection.
- Add/extend PHPUnit coverage to verify site-level enablement remains independent of per-user gating.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| projects/plugins/jetpack/extensions/plugins/image-studio/image-studio.php | Adds per-user connection helper and uses it to gate asset loading and Media Library entry points. |
| projects/plugins/jetpack/tests/php/extensions/plugins/image-studio/Image_Studio_Test.php | Adds tests covering site-level enablement vs per-user asset/row-action gating. |
| projects/plugins/jetpack/changelog/fix-image-studio-hide-for-non-connected-users | Adds changelog entry describing the user-facing behavior change. |
| * True on WordPress.com Simple, which has no per-user Jetpack connection so every | ||
| * admin counts as connected. Atomic (WoA), self-hosted and VIP all have per-user | ||
| * connections, so there the current user must have connected their own | ||
| * WordPress.com account — a user who has disconnected is correctly treated as not | ||
| * connected. Gates the asset enqueue and the media-library entry point so |
Drop the $connection_owner_id test property and its assignment (set but never read after the test rework), and reword the is_current_user_connected() docblock so it says the current user is always treated as connected on Simple rather than implying a role check the function doesn't do. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
t-wright
left a comment
There was a problem hiding this comment.
Thanks for fixing this. Works as expected.
Proposed changes
The editor's AI image and media generation tools load from a single asset. Until now that asset was enqueued whenever the site offered the tools, so it also loaded for administrators who hadn't connected their own WordPress.com account — users who can't actually use the tools and would only hit errors. The block-level AI features already gate on the current user's own connection, so this brings the media tools in line.
is_current_user_connected()helper. It returns true on WordPress.com Simple (which has no per-user Jetpack connection, so every admin counts as connected); otherwise it requires the current user to have connected their own WordPress.com account. Atomic (WoA), self-hosted, and VIP all have per-user connections, so a user who disconnects their account is correctly treated as not connected.Does this pull request change what data or activity we track or use?
No.
Testing instructions
Use a site connected to WordPress.com by one user (the connection owner) plus a second administrator who has not connected their own WordPress.com account. This applies to self-hosted Jetpack, VIP, and Atomic (where a second user can disconnect their account).
New unit tests in
Image_Studio_Test.phpcover the split: site-level enablement stays true for a non-connected user, while the asset enqueue and the media-library row action are gated on the user's own connection.