Opened 3 years ago
Last modified 11 months ago
#13972 new defect (bug)
Add new category link - capability check needed
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | Future Release |
| Component: | Administration | Version: | 3.0 |
| Severity: | minor | Keywords: | has-patch needs-testing |
| Cc: | wojtek.szkutnik@…, azizur, bpetty |
Description
/wp-admin/link-add.php
If user doesn´t have "manage_categories" capability, add new link page, will show "add new category" link and form,
it should be hidden.
Attachments (3)
Change History (10)
- Keywords needs-patch added
- Milestone changed from Unassigned to Future Release
comment:2
wojtek.szkutnik — 3 years ago
- Cc wojtek.szkutnik@… added
- Keywords has-patch needs-testing gsoc added; needs-patch removed
comment:3
wojtek.szkutnik — 3 years ago
Does this patch do the job? I was wondering whether it should be assign_terms or edit_terms?
wojtek.szkutnik — 3 years ago
comment:4
wojtek.szkutnik — 3 years ago
OK, this one should work.
- Cc bpetty added
- Keywords gsoc removed
Previous patch used the wrong taxonomy (needed to be "link_category"), and also used the wrong capability terms (used edit_terms and assign_terms when it needed to only be manage_terms for adding new link categories).
Also, patches should be built with directory context, not from single files, and since this the old patch didn't apply cleanly anyway, I've refreshed that as well.
Guess I should also note that this bug is only a problem for anyone using custom capability plugins to modify or add new roles that have the manage_links capability, but *not* the manage_categories capability. The default roles are not configured like this.
I installed and used the popular Capability Manager plugin to do this and test with.
We should probably use the taxonomy API here and utilize the caps object.