Add a secondary capability for search-purposes, and more verbose notices if editing (and now searching) are unavailable due to missing capabilities.

Author: Clorith

includes/Base/class-rest.php

@@ -28,7 +28,7 @@ public function __construct() {
 	 * @return bool
 	 */
 	public function permission_callback() {
-		return current_user_can( String_Locator::$default_capability );
+		return current_user_can( String_Locator::$search_capability );
 	}
 
 }

includes/class-string-locator.php

@@ -20,6 +20,20 @@ class String_Locator {
 	 */
 	public static $default_capability = 'edit_themes';
 
+	/**
+	 * The capability required to perform searches, but not necessarily edit files.
+	 *
+	 * We use the `edit_users` capability here, although this is not technically the most ideal,
+	 * all other relevant capabilities are disabled in one way or another when certain features
+	 * are used to disable things like the plugin or theme editing.
+	 *
+	 * The use of `edit_users` may also cause other problems, but we do not want to allow any user
+	 * access to search the entire filesystem, or database, without some sort of restriction.
+	 *
+	 * @var string
+	 */
+	public static $search_capability = 'edit_users';
+
 	/**
 	 * An array containing all notices to display.
 	 *

views/search.php

@@ -40,7 +40,7 @@
 
 	<?php do_action( 'string_locator_view_search_pre_form' ); ?>
 
-	<?php if ( ! current_user_can( 'edit_themes' ) ) : ?>
+	<?php if ( ! current_user_can( String_Locator::$default_capability ) ) : ?>
 		<div class="notice notice-warning inline">
 			<p>
 				<strong>
@@ -50,6 +50,26 @@
 			<p>
 				<?php esc_html_e( 'Because this site is configured to not allow direct file editing, the String Locator plugin has limited functionality and may noy allow you to directly edit files with your string in them.', 'string-locator' ); ?>
 			</p>
+			<p>
+				<?php esc_html_e( sprintf( 'To edit files, you need to have the `%s` capability.', String_Locator::$default_capability ), 'string-locator' ); ?>
+			</p>
+		</div>
+	<?php endif; ?>
+
+	<?php if ( ! current_user_can( String_Locator::$search_capability ) ) : ?>
+		<div class="notice notice-warning inline">
+			<p>
+				<strong>
+					<?php esc_html_e( 'String Locator is restricted.', 'string-locator' ); ?>
+				</strong>
+			</p>
+			<p>
+				<?php esc_html_e( 'Your user does not have the needed capabilities to edit, or search through files on this site.', 'string-locator' ); ?>
+			</p>
+
+			<p>
+				<?php esc_html_e( sprintf( 'To use the search feature, you need to have the `%s` capability.', String_Locator::$search_capability ), 'string-locator' ); ?>
+			</p>
 		</div>
 	<?php endif; ?>