Better error handling + fix for delete note permissions checks

assets/js/notes-metabox.js

@@ -1,85 +1,90 @@
 /*global pixelgrade_wppostnotes_metabox */
-jQuery( function ( $ ) {
+jQuery(function ($) {
 
 	/**
 	 * Post Notes Metabox
 	 */
 	var pixelgrade_post_notes_metabox = {
-		init: function() {
-			$( '#pixelgrade_wppostnotes-metabox' )
-				.on( 'click', 'button.add_note', this.add_post_note )
-				.on( 'click', 'a.delete_note', this.delete_post_note )
-				.on( 'init_tooltips', function() {
+		init: function () {
+			$('#pixelgrade_wppostnotes-metabox')
+				.on('click', 'button.add_note', this.add_post_note)
+				.on('click', 'a.delete_note', this.delete_post_note)
+				.on('init_tooltips', function () {
 
-					$( '.pixelgrade_wppostnotes-help-tip' ).tipTip( {
+					$('.pixelgrade_wppostnotes-help-tip').tipTip({
 						'attribute': 'data-tip',
 						'fadeIn': 50,
 						'fadeOut': 50,
 						'delay': 200,
 						'keepAlive': true
-					} );
-				});
+					})
+				})
 
-			$( '#pixelgrade_wppostnotes-metabox' ).trigger( 'init_tooltips' );
+			$('#pixelgrade_wppostnotes-metabox').trigger('init_tooltips')
 		},
 
-		add_post_note: function() {
-			if ( ! $( 'textarea#post_note_content' ).val() ) {
-				return;
+		add_post_note: function () {
+			if (!$('textarea#post_note_content').val()) {
+				return
 			}
 
-			$( '#pixelgrade_wppostnotes-metabox' ).block({
+			$('#pixelgrade_wppostnotes-metabox').block({
 				message: null,
 				overlayCSS: {
 					background: '#fff',
 					opacity: 0.6
 				}
-			});
+			})
 
 			var data = {
-				action:    'pixelgrade_wppostnotes_add_post_note',
-				post_id:   pixelgrade_wppostnotes_metabox.post_id,
-				note:      $( 'textarea#post_note_content' ).val(),
-				note_type: $( 'select#post_note_type' ).val(),
-				security:  pixelgrade_wppostnotes_metabox.add_post_note_nonce
-			};
+				action: 'pixelgrade_wppostnotes_add_post_note',
+				post_id: pixelgrade_wppostnotes_metabox.post_id,
+				note: $('textarea#post_note_content').val(),
+				note_type: $('select#post_note_type').val(),
+				security: pixelgrade_wppostnotes_metabox.add_post_note_nonce
+			}
 
-			$.post( pixelgrade_wppostnotes_metabox.ajax_url, data, function( response ) {
-				$( 'ul.post_notes .no-items' ).remove();
-				$( 'ul.post_notes' ).prepend( response );
-				$( '#pixelgrade_wppostnotes-metabox' ).unblock();
-				$( '#post_note_content' ).val( '' );
-			});
+			$.post(pixelgrade_wppostnotes_metabox.ajax_url, data, function (response) {
+				$('ul.post_notes .no-items').remove()
+				$('ul.post_notes').prepend(response)
+				$('#pixelgrade_wppostnotes-metabox').unblock()
+				$('#post_note_content').val('')
+			})
 
-			return false;
+			return false
 		},
 
-		delete_post_note: function() {
-			if ( window.confirm( pixelgrade_wppostnotes_metabox.i18n_delete_note_confirm ) ) {
-				var note = $( this ).closest( 'li.note' );
+		delete_post_note: function () {
+			if (window.confirm(pixelgrade_wppostnotes_metabox.i18n_delete_note_confirm)) {
+				var note = $(this).closest('li.note')
+				var $note = $(note)
 
-				$( note ).block({
+				$note.block({
 					message: null,
 					overlayCSS: {
 						background: '#fff',
 						opacity: 0.6
 					}
-				});
+				})
 
 				var data = {
-					action:   'pixelgrade_wppostnotes_delete_post_note',
-					note_id:  $( note ).attr( 'rel' ),
+					action: 'pixelgrade_wppostnotes_delete_post_note',
+					note_id: $note.attr('rel'),
 					security: pixelgrade_wppostnotes_metabox.delete_post_note_nonce
-				};
+				}
 
-				$.post( pixelgrade_wppostnotes_metabox.ajax_url, data, function() {
-					$( note ).remove();
-				});
+				$.post(pixelgrade_wppostnotes_metabox.ajax_url, data)
+					.done(function () {
+						$note.slideUp(400, function(){ $note.remove(); })
+					})
+					.fail(function () {
+						$note.unblock().effect('shake', { distance: 7 });
+					})
 			}
 
-			return false;
+			return false
 		}
-	};
+	}
 
-	pixelgrade_post_notes_metabox.init();
-});
+	pixelgrade_post_notes_metabox.init()
+})

composer.json

@@ -1,6 +1,6 @@
 {
     "name": "pixelgrade/wp-post-notes",
-  	"version": "0.5.1",
+  	"version": "0.6.0",
     "description": "WordPress library for adding internal, private or public notes to posts, pages, or any custom post type.",
 	"keywords": [
 	  "pixelgradelt",

src/Ajax.php

@@ -44,8 +44,8 @@ public function init( PostNotes $post_notes ) {
 	public function add_ajax_events() {
 
 		$ajax_events = [
-				'add_post_note',
-				'delete_post_note',
+			'add_post_note',
+			'delete_post_note',
 		];
 
 		foreach ( $ajax_events as $ajax_event ) {
@@ -62,7 +62,7 @@ public function add_post_note() {
 		check_ajax_referer( 'add-post-note', 'security' );
 
 		if ( ! isset( $_POST['post_id'], $_POST['note'], $_POST['note_type'] ) || ! current_user_can( 'edit_post', absint( $_POST['post_id'] ) ) ) {
-			wp_die( - 1 );
+			wp_die( -1, 403 );
 		}
 
 		$post_id   = absint( $_POST['post_id'] );
@@ -89,8 +89,8 @@ public function add_post_note() {
 	public function delete_post_note() {
 		check_ajax_referer( 'delete-post-note', 'security' );
 
-		if ( ! isset( $_POST['note_id'] ) || ! current_user_can( 'edit_post', absint( $_POST['note_id'] ) ) ) {
-			wp_die( - 1 );
+		if ( ! isset( $_POST['note_id'] ) || ! current_user_can( 'edit_comment', absint( $_POST['note_id'] ) ) ) {
+			wp_die( -1, 403 );
 		}
 
 		$note_id = absint( $_POST['note_id'] );

src/PostNotes.php

@@ -223,7 +223,7 @@ public function register_assets() {
 		wp_register_script(
 			'pixelgrade_wppostnotes-metabox',
 			\path_join( URL, 'assets/js/notes-metabox.js' ),
-			[ 'jquery', 'jquery-blockui', 'jquery-tiptip', ],
+			[ 'jquery', 'jquery-blockui', 'jquery-tiptip', 'jquery-effects-shake' ],
 			'20210805',
 			true
 		);