site-kit-wp: KM metric tile report errors on view-only dashboard

Bug Description

The “Set up Banner CTA” should never be displayed for non-authenticated users, i.e. on the view-only dashboard. Furthermore, Key Metric widget tiles throw data loading errors on the view-only dashboard.

Steps to reproduce

1. Login as an authenticated admin and Set up the Key Metrics widget by answering the questionnaire. Select the “Sell products or services” answer to question 1. Complete the questionnaire.
2. This will display the four key metric tiles on the site: Top Performing Keywords, Top Traffic Source, Most Engaged Traffic Source, Top Performing Content
3. Now use the dashboard sharing permissions modal to give other roles access to both Analytics and Search-console (i.e. editors, contributors, etc.)
4. Login as one of the roles that have been given access above, say an Editor and see the set up banner CTA and errors on the dashboard for the Key Metrics Widget.

Screenshots

---

Do not alter or remove anything below. The following sections will be managed by moderators only.

Acceptance criteria

• If a view-only user has shared module access (via dashboard sharing) to search console and / or analytics, then they should be able to view the Key Metric widget tiles that rely on search console and / or analytics.

Implementation Brief

There are two main aspects of this issue that require addressing in order to satisfy the AC thereof:

1. Adding the necessary metrics and dimensions to the applicable Request classes of the affected modules.
2. Updating the callback permission(s) of endpoints within applicable REST controller classes affected by shared dashboard viewing of KMW’s.
   • This update is required because the current permission check of current_user_can( Permissions::AUTHENTICATE ) will fail for all non admin users in a view only dashboard environment, yet the correct response of this route is a requirement for rendering the KMW’s.
   • As part of this update, filtering of the author key within the 'callback' methods response should be undertaken as necessary based on the current users permissions.

Add metrics and dimensions to shared metric and dimensions validation variables

• Identify the modules, metrics and dimensions being utilized by the KMW components within the applicable module folders. At the time of writing, KMW’s are included in the following modules and locations:
  • The KMW’s located within the folder at assets/js/modules/analytics-4/components/widgets
  • The KMW’s located within the folder at assets/js/modules/search-console/components/widgets
• Once the metrics and widgets have been identified, update the applicable PHP Request class within the modules Report namespace.
• Update the Analytics_4 module as follows:
  • Within the Request class at includes/Modules/Analytics_4/Report/Request.php:
    • Locate the validate_shared_metrics() method and add the necessary metrics to the array. This should be:
      • activeUsers
      • sessionConversionRate
    • Locate the validate_shared_dimensions() method and add the necessary dimensions to the array. This should be:
      • newVsReturning,
      • sessionDefaultChannelGroup,
      • city

Update REST endpoint permissions & filtering of author key from response

• In order for KMW’s to render on shared dashboard views, the permissions for the core/user/data/user-input-settings READABLE endpoint need to be updated to be less strict and equivalent to those found for the core/user/data/key-metrics endpoint located at includes/Core/Key_Metrics/REST_Key_Metrics_Controller.php:
  • Within the current get_rest_routes() method of the REST_User_Input_Controller class located at includes/Core/User_Input/REST_User_Input_Controller.php:
  • Locate the WP_REST_Server::READABLE array entry for the core/user/data/user-input-settings endpoint:
    • Update the 'permission_callback' key value to check that the user has one of the following capabilities
      • Permissions::VIEW_SPLASH
      • Permissions::VIEW_DASHBOARD
• Filter the response data so that the {setting}.author key of each answer object is omitted if the current user lacks the list_users capability

Test Coverage

• No changes necessary

QA Brief

• Follow the steps to reproduce.
• Once the modules are shared with the view-only users, log in to the view-only SK dashboard.
• Verify that the KM widgets appear for the shared Analytics and SC without errors.
• Remove the shared settings to either one of the modules.
• Verify only the widgets connected to the shared module appear.
• Verify there is no permissions-related console (network) errors.
• Verify that the “Most popular products by pageviews” widget links are clickable. There was an existing bug that I’ve fixed in this issue. Please refer to this comment point 2.
• Verify that the “Most popular products by pageviews” widget contents are non-interactive plain texts on the view-only dashboard. Please refer to this comment point 3.

Changelog entry

• Fix issue that caused Key Metrics Widgets in view-only dashboard to appear as unusable links or cause errors.