Skip to content

feat(ui): add popup title panel to Block Editor document settings #1160

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
danieliser merged 11 commits into from
Mar 21, 2026
Merged

feat(ui): add popup title panel to Block Editor document settings #1160

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
fb0f00c
feat(ui): add popup title panel to Block Editor document settings
s-acv2 Jan 19, 2026
c36353a
feat(ui): add display title toggle to control popup title visibility
s-acv2 Mar 10, 2026
359c836
chore: update package-lock.json to sync with package.json
s-acv2 Mar 10, 2026
5127058
chore: regenerate package-lock.json for CI compatibility
s-acv2 Mar 10, 2026
5905853
refactor: extract pum_show_popup_title() conditional function
danieliser Mar 17, 2026
9d4b987
refactor: strip display_title toggle, simplify to title-only panel
danieliser Mar 21, 2026
7f49cff
docs: add changelog entry for block editor popup title panel
danieliser Mar 21, 2026
e759df8
fix: use edit_popups capability in popup_title meta auth_callback
danieliser Mar 21, 2026
f4039f1
fix: address CodeRabbit review feedback
danieliser Mar 21, 2026
e8f74ee
refactor: use imported select instead of window.wp.data cast
danieliser Mar 21, 2026
5b2b093
fix: resolve select name shadowing in useSelect callback
danieliser Mar 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

**Improvements**

- Popup title field is now editable in the Block Editor sidebar, matching the classic editor experience.
- Improved PID tracking reliability by firing template_redirect at priority 0, ensuring tracking occurs before other plugins that might redirect.
- Enhanced all Popup list views with sortable Enabled column and bulk enable/disable actions for easier management of multiple popups.
- Block library assets (CSS) loading unnecessarily on all front-end pages. WordPress now automatically loads these styles only when Popup Maker blocks are actually rendered.
Expand Down
19 changes: 19 additions & 0 deletions assets/js/src/admin/popup-editor/editor.scss
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,25 @@ Misc
margin: 0 0 3px;
background-color: #fff;
}

.pum-display-title-toggle {
display: inline-flex;
align-items: center;
gap: 6px;
margin: 8px 0 4px;
cursor: pointer;
font-size: 13px;
color: #50575e;

input[type="checkbox"] {
margin: 0;
cursor: pointer;
}

&:hover {
color: #135e96;
}
}
}

.post-type-popup {
Expand Down
19 changes: 18 additions & 1 deletion classes/Controllers/PostTypes.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,7 @@
'editor',
'revisions',
'author',
'custom-fields',
],
// Rest.
'show_in_rest' => true,
Expand Down Expand Up @@ -157,7 +158,23 @@
$popup_args = apply_filters( 'popmake_popup_post_type_args', $popup_args );

register_post_type( $this->get_type_key( 'popup' ), $popup_args );

// Register popup meta for REST API (block editor support).
register_post_meta(
$this->get_type_key( 'popup' ),
'popup_title',
[
'show_in_rest' => true,
'single' => true,
'type' => 'string',
'sanitize_callback' => 'sanitize_text_field',
'auth_callback' => function () {
return current_user_can( $this->container->get_permission( 'edit_popups' ) );
},
]
);

Comment on lines +161 to +176
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Mar 21, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify the custom capability used by popup post type
rg -nA5 "get_permission.*edit_popups" classes/

Repository: PopupMaker/Popup-Maker

Length of output: 4403

🏁 Script executed:

#!/bin/bash
# Check all register_post_meta calls in PostTypes.php to see the pattern
rg -nB2 -A15 "register_post_meta" classes/Controllers/PostTypes.php

Repository: PopupMaker/Popup-Maker

Length of output: 542

🏁 Script executed:

#!/bin/bash
# Verify the file context around the auth_callback to understand closure scope
sed -n '155,180p' classes/Controllers/PostTypes.php

Repository: PopupMaker/Popup-Maker

Length of output: 697

🏁 Script executed:

#!/bin/bash
# Check if there are other auth_callbacks in the file and how they handle permissions
rg -n "auth_callback" classes/Controllers/PostTypes.php -A3

Repository: PopupMaker/Popup-Maker

Length of output: 180

Use custom capability in auth_callback to match post type permissions.

The popup post type defines custom capabilities via get_permission('edit_popups') (lines 136-138), but the auth_callback for popup_title meta uses edit_posts. This creates a permission inconsistency where users with generic edit_posts capability could access the meta field when they lack edit_popups, or vice versa.

Suggested fix 
 		register_post_meta(
 			$this->get_type_key( 'popup' ),
 			'popup_title',
 			[
 				'show_in_rest'      => true,
 				'single'            => true,
 				'type'              => 'string',
 				'sanitize_callback' => 'sanitize_text_field',
 				'auth_callback'     => function () {
-					return current_user_can( 'edit_posts' );
+					return current_user_can( $this->container->get_permission( 'edit_popups' ) );
 				},
 			]
 		);
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
// Register popup meta for REST API (block editor support).
register_post_meta(
$this->get_type_key( 'popup' ),
'popup_title',
[
'show_in_rest' => true,
'single' => true,
'type' => 'string',
'sanitize_callback' => 'sanitize_text_field',
'auth_callback' => function () {
return current_user_can( 'edit_posts' );
},
]
);
// Register popup meta for REST API (block editor support).
register_post_meta(
$this->get_type_key( 'popup' ),
'popup_title',
[
'show_in_rest' => true,
'single' => true,
'type' => 'string',
'sanitize_callback' => 'sanitize_text_field',
'auth_callback' => function () {
return current_user_can( $this->container->get_permission( 'edit_popups' ) );
},
]
);
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@classes/Controllers/PostTypes.php` around lines 161 - 176, The auth_callback
used in the register_post_meta call for the popup meta (register_post_meta on
get_type_key('popup') for 'popup_title') checks current_user_can('edit_posts')
which mismatches the popup post type's custom capability; change the
auth_callback to check the post-type specific permission by calling
current_user_can( $this->get_permission('edit_popups') ) (or equivalent method
call) so meta access aligns with the popup post type capability definitions used
elsewhere.

✅ Addressed in commit 7ec05ff

}

Check failure on line 177 in classes/Controllers/PostTypes.php

View workflow job for this annotation

GitHub Actions / PHP 8.2 - Code Quality 

Function closing brace must go on the next line following the body; found 1 blank lines before brace

/**
* Register `popup_theme` post type.
Expand Down Expand Up @@ -543,7 +560,7 @@
*
* @param bool $replace Whether to replace the editor.
* @param WP_Post $post The post object.
* @return void
* @return bool Whether to replace the editor.
*/
public function replace_editor( $replace, $post ) {
// Only handle our post types.
Expand Down
22 changes: 22 additions & 0 deletions classes/Controllers/RestAPI.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -354,6 +354,28 @@ public function register_popup_rest_fields() {
},
] );

// Register popup_title as REST field with explicit update_callback.
// This ensures saves work correctly with custom REST namespace.
register_rest_field( $post_type, 'popup_title', [
'get_callback' => function ( $obj ) {
$popup = pum_get_popup( $obj['id'] );
return $popup ? $popup->get_meta( 'popup_title' ) : '';
},
'update_callback' => function ( $value, $obj ) {
$popup = pum_get_popup( $obj->ID );
if ( $popup ) {
$popup->update_meta( 'popup_title', sanitize_text_field( $value ) );
}
},
'schema' => [
'type' => 'string',
'description' => __( 'The popup title displayed inside the popup.', 'popup-maker' ),
],
'permission_callback' => function () use ( $edit_permission ) {
return current_user_can( $edit_permission );
},
] );
Comment thread
coderabbitai[bot] marked this conversation as resolved.

register_rest_field( $post_type, 'settings', [
'get_callback' => function ( $obj, $field, $request ) {
$popup = pum_get_popup( $obj['id'] );
Expand Down
Loading
Loading