Add bulk soft delete action for posts#2840
Open
pfefferle wants to merge 15 commits into
Open
Conversation
- Add bulk action "Soft Delete" to post list tables for all ActivityPub-enabled post types - Add row action "Soft Delete" for individual federated posts - Unify user and post soft delete confirmation templates into one - Add proper admin notices for success/failure/no selection cases - Add removable query args filter for one-time notices - Add comprehensive test coverage for Admin bulk delete functionality Fixes #2566
There was a problem hiding this comment.
Pull request overview
This PR adds bulk and individual soft delete actions for federated posts, enabling users to remove posts from the Fediverse while keeping them on the WordPress site. The implementation unifies the confirmation template to handle both user and post deletions.
Changes:
- Added bulk action "Soft Delete" to post list tables for ActivityPub-enabled post types
- Added row action "Soft Delete" for individual federated posts with confirmation dialog
- Unified user and post soft delete confirmation into a single reusable template
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| includes/wp-admin/class-admin.php | Implements bulk and single post deletion handlers, registers bulk actions for ActivityPub-supported post types, adds admin notices and row actions for federated posts |
| templates/bulk-delete-confirmation.php | New unified template handling both user and post deletion confirmations with appropriate messaging and table layouts |
| templates/bulk-actor-delete-confirmation.php | Removed old user-specific template, replaced by unified template |
| tests/phpunit/tests/includes/wp-admin/class-test-admin.php | Comprehensive test coverage for bulk actions, row actions, permissions, and edge cases |
| .github/changelog/2840-from-description | Changelog entry documenting the new feature |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Add 13 new tests covering: - Non-existent post handling - Mixed federated/non-federated posts - Deleted and failed post states - Nonce and confirmation dialog in row actions - Complete removable query args verification - Page post type support - Empty post array handling - Draft post edge case - Title attribute verification
…late - Add 'checked' param (default: true) to control checkbox default state - Add 'cancel_label' param (default: 'Cancel') for the cancel button text - Use wp_parse_args for cleaner default handling - Pass checked=false and cancel_label='Skip' for user deletion flow to preserve original UX behavior
After successfully sending a Delete activity, set the post's activitypub_content_visibility to private. This prevents accidental re-federation while allowing users to manually re-federate by changing visibility back to public.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Mark soft-deleted posts as local-only (not private) so they stay on the site and are not re-federated; private means followers-only. - Add and verify a nonce on the bulk delete confirmation page. - Guard the add_to_outbox() return against WP_Error in both handlers. - Build the redirect URL with add_query_arg() instead of string concat. - Replace the row action's inline onclick with a data attribute and a delegated handler enqueued on edit.php (also drives the select-all checkbox), and drop the template's inline script. - Move HTML markup out of translatable strings and add an aria-label to the select-all checkbox. - Add tests for the single delete handler (local-only state, nonce).
Member
Author
|
Addressed review feedback in 5ca11e4:
Also fixed alongside (from a broader pass):
Still draft. CI re-running on the push. |
Comment on lines
+1043
to
+1047
| $query_args = array( | ||
| 'action' => 'activitypub_confirm_post_removal', | ||
| 'send_back' => \rawurlencode( $send_back ), | ||
| '_wpnonce' => \wp_create_nonce( 'activitypub-confirm-post-removal' ), | ||
| ); |
Comment on lines
+1076
to
+1079
| // phpcs:ignore WordPress.Security.ValidatedSanitizedInput | ||
| $posts = \wp_unslash( $_GET['posts'] ?? array() ); | ||
| $send_back = \urldecode( \sanitize_text_field( \wp_unslash( $_GET['send_back'] ?? '' ) ) ); | ||
|
|
Comment on lines
+1133
to
+1136
| if ( empty( $selected_posts ) ) { | ||
| \wp_safe_redirect( $send_back ); | ||
| exit; | ||
| } |
Comment on lines
+1166
to
+1172
| // Add success count to redirect URL. | ||
| $send_back = \add_query_arg( 'activitypub_deleted', $deleted_count, $send_back ); | ||
|
|
||
| // Redirect back. | ||
| \wp_safe_redirect( $send_back ); | ||
| exit; | ||
| } |
Comment on lines
+987
to
+993
| public static function register_post_bulk_actions() { | ||
| $post_types = \get_post_types_by_support( 'activitypub' ); | ||
|
|
||
| foreach ( $post_types as $post_type ) { | ||
| \add_filter( "bulk_actions-edit-{$post_type}", array( self::class, 'post_bulk_options' ) ); | ||
| \add_filter( "handle_bulk_actions-edit-{$post_type}", array( self::class, 'handle_post_bulk_request' ), 10, 3 ); | ||
| } |
Large bulk selections previously passed every post or user ID as query args in the confirmation redirect, which could exceed URL length limits. Both the post and actor delete flows now store the IDs in a short-lived, per-user transient and reference them with a one-time token. The actor confirmation page now also verifies a nonce, matching the post flow. Add tests for the bulk request token redirect and the bulk confirmation handler (Delete sent, post marked local-only, invalid nonce rejected).
…ct-all - Drop the blanket edit_posts gate from the bulk delete handlers; the per-post edit_post checks (template render loop and submit loop) are the authoritative, capability-type-aware gate, so editors of custom post types are no longer blocked from bulk soft delete while the single-row action works. - Enqueue the select-all/confirm handler on users.php as well as edit.php, so the select-all checkbox works on the user confirmation screen (rendered from users.php), not just the post screen. - Add tests for a custom-capability editor bulk delete and for the select-all handler being enqueued on the user list page.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #2566
Proposed changes:
Other information:
Testing instructions:
Testing row action:
Testing non-federated posts:
Changelog entry
Changelog Entry Details
Significance
Type
Message
Add bulk and row action to soft delete posts from the Fediverse.