Controlling WordPress user access to AI

[felixarntz]

With this SDK, specifically with exposing the REST API endpoint, by definition we have to touch user permissions for using AI in WordPress (see e.g. https://github.com/WordPress/wp-ai-client/pull/8/files#diff-8eeed5301b6cc0c14553d0b37c4bbaa414b21ba62b35c0dfe6e1496c05de0d6bR662).

I don't think putting any Core capability in there is the right approach. We'll need to have a custom capability that can be mapped to a Core capability, to allow other code running in WordPress to control which kinds of users to grant this custom capability to. By default this needs to be limited to admins, from a security perspective, since only admins can configure the AI provider credentials, and it would not be appropriate to allow other users with fewer capabilities to use those credentials without the admin explicitly allowing that.

This is the easy part.

Now, the question is how much control do we want to provide in this package itself? Or do we leave it to each plugin to implement?

Two options:

• Either we grant the custom capability only to admins by default (e.g. based on manage_options), and that's it. Plugins can change it.
• Or we grant the custom capability to admins by default, and include a dropdown in the settings screen where the admin can select which minimum user role to grant the capability for.

[Ref34t]

Seeing your question and 2 options, I believe the first one is the better here because it is cleaner for the core library - keeps the REST API focused on its job

so I went on and updated the PR already with the implementation 365a2c3

@felixarntz What do you think?

[felixarntz]

@Ref34t Looking at the PR, this isn't the proper way to handle capabilities. The WordPress Capabilities API provides a system for introducing custom capabilities and dynamically granting them.

I'd say for your PR, please simply use manage_options, and we can iterate on it in a separate PR after discussing this here.

[Ref34t]

@felixarntz I've restored it, pardon the excitement!