FBE: Use of recommended delete connection endpoint over delete permis…

…sion endpoint (#2844)

Summary:
### Changes proposed in this Pull Request:

**Problem:**

1. The Delete Permission User API only removed Meta connection assets from the WooCommerce database, leaving asset-related data enabled on Meta surfaces.
2. If a user disconnected the connection before uninstalling assets from Meta surfaces using Managed Connection; the UI for Managed Connection was also removed, making it difficult for users to uninstall this feature from Meta surface.

**Solution:**

1. Replaced the Delete Permission User API with the recommended Delete FBE Connection endpoint, which uninstalls assets from Meta surfaces and removes their permissions.
2. Removed the Managed Connection UI button for uninstalling FBE from Meta surfaces, as the Delete Connection endpoint now handles this functionality.

### Screenshots:

**Before:**

<img width="784" alt="image" src="https://github.com/user-attachments/assets/76bf6364-2af8-4657-a043-8e79aaff99c6">

**After:**

<img width="803" alt="image" src="https://github.com/user-attachments/assets/45e7ebc8-4a74-4589-a9e3-0e4fff1f4f20">

![Screenshot 2025-02-04 at 15 29 54](https://github.com/user-attachments/assets/77e02cba-ca89-42f9-a016-85c50e4b02fc)

<img width="797" alt="image" src="https://github.com/user-attachments/assets/f4d215b0-0959-4ee8-8347-16c64afe3460">

### Detailed test instructions:

1. Run new tests: `./vendor/bin/phpunit --filter test_delete_mbe_connection_deletes_user_permission_request`
2. Run all tests : `npm run test:php`
3. Lint: `./vendor/bin/phpcs`
4. Manual testing: I have tested new Disconnect UI flow; it uninstall FBE connection from WooCommerce as well as from Meta surface

### Changelog entry

- **Removed:** Delete Permission User API

- **Added:** Delete FBE Connection endpoint to uninstall assets from Meta surfaces and remove permissions

- **Removed:** Managed Connection UI button for uninstalling FBE from Meta surfaces (now handled by Delete Connection endpoint)

Pull Request resolved: #2844

Reviewed By: halilozanakgul

Differential Revision: D68972713

Pulled By: atuld123

fbshipit-source-id: b19ee8351b4852c69192449f9af2644960a55307

.github/workflows/php-unit-tests.yml

@@ -23,7 +23,7 @@ concurrency:
 
 jobs:
   UnitTests:
-    name: PHP unit tests - PHP ${{ matrix.php }}, WP ${{ matrix.wp-version }}
+    name: PHP unit tests - PHP ${{ matrix.php }}, WP ${{ matrix.wp-version }}, WC ${{ matrix.wc-version }}
     runs-on: ubuntu-latest
     env:
       WP_CORE_DIR: "/tmp/wordpress/src"
@@ -32,6 +32,7 @@ jobs:
       matrix:
         php: [7.4, 8.3]
         wp-version: [latest]
+        wc-version: [latest]
 
     steps:
       - name: Install SVN
@@ -49,7 +50,9 @@ jobs:
         uses: woocommerce/grow/prepare-mysql@actions-v1
 
       - name: Install WP tests
-        run: ./bin/install-wp-tests.sh wordpress_test root root localhost ${{ matrix.wp-version }}
+        run: |
+          chmod +x ./bin/install-wp-tests.sh
+          ./bin/install-wp-tests.sh wordpress_test root root localhost ${{ matrix.wp-version }} ${{ matrix.wc-version }}
 
       - name: Run PHP unit tests
         run: composer test-unit

includes/API.php

@@ -250,18 +250,17 @@ public function get_user( string $user_id = '' ): API\User\Response {
 
 
 	/**
-	 * Deletes user API permission.
+	 * Deletes FBE/MBE connection API.
 	 *
 	 * This is their form of "revoke".
 	 *
-	 * @param string $user_id user ID. Defaults to the currently authenticated user
-	 * @param string $permission permission to delete
-	 * @return API\Response|API\User\Permissions\Delete\Response
+	 * @param string $external_business_id external business ID
+	 * @return API\Response|API\FBE\Installation\Delete\Response
 	 * @throws ApiException
 	 */
-	public function delete_user_permission( string $user_id, string $permission ): API\User\Permissions\Delete\Response {
-		$request = new API\User\Permissions\Delete\Request( $user_id, $permission );
-		$this->set_response_handler( API\User\Permissions\Delete\Response::class );
+	public function delete_mbe_connection( string $external_business_id): API\FBE\Installation\Delete\Response {
+		$request = new API\FBE\Installation\Delete\Request( $external_business_id);
+		$this->set_response_handler( API\FBE\Installation\Delete\Response::class );
 		return $this->perform_request( $request );
 	}
 

includes/API/FBE/Installation/Delete/Request.php

@@ -0,0 +1,35 @@
+<?php
+/**
+ * Copyright (c) Facebook, Inc. and its affiliates. All Rights Reserved
+ *
+ * This source code is licensed under the license found in the
+ * LICENSE file in the root directory of this source tree.
+ *
+ * @package FacebookCommerce
+ */
+
+namespace WooCommerce\Facebook\API\FBE\Installation\Delete;
+
+defined( 'ABSPATH' ) || exit;
+
+use WooCommerce\Facebook\API\FBE\Installation;
+
+/**
+ * FBE installation API delete request object.
+ *
+ * @since 3.3.3
+ */
+class Request extends Installation\Request {
+	/**
+	 * API request constructor.
+	 *
+	 * @since 3.3.3
+	 *
+	 * @param string $external_business_id external business_id
+	 */
+	public function __construct( $external_business_id ) {
+		// include the business ID in the request body
+		parent::__construct( 'fbe_installs', 'DELETE' );
+		$this->data['fbe_external_business_id'] = $external_business_id;
+	}
+}

includes/API/FBE/Installation/Delete/Response.php

@@ -0,0 +1,13 @@
+<?php
+declare( strict_types=1 );
+
+namespace WooCommerce\Facebook\API\FBE\Installation\Delete;
+
+defined( 'ABSPATH' ) || exit;
+
+use WooCommerce\Facebook\API;
+
+/**
+ * FBE Installation API delete response object.
+ */
+class Response extends API\Response {}

includes/Admin/Settings_Screens/Connection.php

@@ -288,13 +288,14 @@ private function render_facebook_box( $is_connected ) {
 
 				<?php if ( $is_connected ) : ?>
 
-					<a href="<?php echo esc_url( facebook_for_woocommerce()->get_connection_handler()->get_manage_url() ); ?>" class="button button-primary">
-						<?php esc_html_e( 'Manage Connection', 'facebook-for-woocommerce' ); ?>
-					</a>
-
-					<a href="<?php echo esc_url( facebook_for_woocommerce()->get_connection_handler()->get_disconnect_url() ); ?>" class="uninstall">
+					<a href="<?php echo esc_url( facebook_for_woocommerce()->get_connection_handler()->get_disconnect_url() ); ?>" class="button button-primary uninstall" onclick="return confirmDialog();">
 						<?php esc_html_e( 'Disconnect', 'facebook-for-woocommerce' ); ?>
 					</a>
+					<script>
+						function confirmDialog() {
+							return confirm( 'Are you sure you want to disconnect from Facebook?' );
+						}
+					</script>
 
 				<?php else : ?>
 

includes/Handlers/Connection.php

@@ -381,13 +381,22 @@ public function handle_disconnect() {
 			wp_die( esc_html__( 'You do not have permission to uninstall Facebook Business Extension.', 'facebook-for-woocommerce' ) );
 		}
 		try {
-			$response = facebook_for_woocommerce()->get_api()->get_user();
-			$id       = $response->get_id();
-			if ( null !== $id ) {
-				$response = facebook_for_woocommerce()->get_api()->delete_user_permission( (string) $id , 'manage_business_extension' );
+			$external_business_id = $this->get_external_business_id();
+			if ( null != $external_business_id ) {
+				$response = facebook_for_woocommerce()->get_api()->delete_mbe_connection((string) $external_business_id );
 				facebook_for_woocommerce()->get_message_handler()->add_message( __( 'Disconnection successful.', 'facebook-for-woocommerce' ) );
+
+				$body = wp_remote_retrieve_body( $response );
+				$body = json_decode( $body, true );
+				if ( ! is_array( $body ) || empty( $body['data'] ) || 200 !== (int) wp_remote_retrieve_response_code( $response ) ) {
+					facebook_for_woocommerce()->log( 'Failed to disconnect' );
+					facebook_for_woocommerce()->log( print_r( $body, true ) );
+					throw new ApiException(
+						sprintf(wp_remote_retrieve_response_message( $response ))
+					);
+				}
 			} else {
-				facebook_for_woocommerce()->log( 'User id not found for the disconnection procedure, connection will be reset.' );
+				facebook_for_woocommerce()->log( 'External business id not found for the disconnection procedure, connection will be reset.' );
 			}
 		} catch ( ApiException $exception ) {
 			facebook_for_woocommerce()->log( sprintf( 'An error occurred during disconnection: %s.', $exception->getMessage() ) );
@@ -592,20 +601,6 @@ public function get_commerce_connect_url() {
 	}
 
 
-	/**
-	 * Gets the URL to manage the connection.
-	 *
-	 * @since 2.0.0
-	 *
-	 * @return string
-	 */
-	public function get_manage_url() {
-		$app_id      = $this->get_client_id();
-		$business_id = $this->get_external_business_id();
-		return "https://www.facebook.com/facebook_business_extension?app_id={$app_id}&external_business_id={$business_id}";
-	}
-
-
 	/**
 	 * Gets the URL for disconnecting.
 	 *

tests/Unit/ApiTest.php

@@ -167,18 +167,18 @@ public function test_get_user_returns_user_information_request() {
 	}
 
 	/**
-	 * Tests delete user permission performs a request to delete user permission.
+	 * Tests delete mbe request performs a request to delete facebook connection.
 	 *
 	 * @return void
 	 * @throws ApiException In case of failed request.
 	 */
-	public function test_delete_user_permission_deletes_user_permission_request() {
-		$user_id    = '111189594891749';
-		$permission = 'manage_business_extension';
+	public function test_delete_mbe_connection_deletes_mbe_request() {
+		$external_business_id = 'wordpress-facebook-62c3f1add134a';
 
-		$response = function( $result, $parsed_args, $url ) use ( $user_id, $permission ) {
+		$response = function( $result, $parsed_args, $url ) use ( $external_business_id ) {
 			$this->assertEquals( 'DELETE', $parsed_args['method'] );
-			$this->assertEquals( "{$this->endpoint}{$this->version}/{$user_id}/permissions/{$permission}", $url );
+			$this->assertEquals( "{$this->endpoint}{$this->version}/fbe_business/fbe_installs", $url );
+			$this->assertEquals( '{"fbe_external_business_id":"wordpress-facebook-62c3f1add134a"}', $parsed_args['body'] );
 			return [
 				'body'     => '{"success":true}',
 				'response' => [
@@ -189,7 +189,7 @@ public function test_delete_user_permission_deletes_user_permission_request() {
 		};
 		add_filter( 'pre_http_request', $response, 10, 3 );
 
-		$response = $this->api->delete_user_permission( $user_id, $permission );
+		$response = $this->api->delete_mbe_connection( $external_business_id );
 
 		$this->assertTrue( $response->success );
 	}