Capability check fails for custom post type revision edit — at Initial Version
|Reported by:||anmari||Owned by:|
|Severity:||minor||Keywords:||reporter-feedback has-patch dev-feedback|
|Cc:||nacin, erick@…, adamsilverstein@…|
I am using nightly build (1 day old).
Steps to reproduce:
- Register post type with capability 'event'.
- Edit custom post type till you have some revisions.
- Attempt to view a revision. One gets sent to the normal posts edit.php screen.
I looked at revision.php and managed to work out that it was failing at
if ( !current_user_can( 'read_post', $revision->ID ) || !current_user_can( 'read_post', $post->ID ) )
if ( !current_user_can( 'read_'.$post->post_type, $revision->ID ) || !current_user_can( 'read_'.$post->post_type, $post->ID ) )
but that still failed.
I commented out the check and was then able to view the revision.
I think this affects the autosave too as that was how I started looking at it.
So it looks like the problem is in the current_user_can check somehow not working out that the author or admin user is allowed to view or edit the revision ?
Ticket 14122 may be relevant :
http://core.trac.wordpress.org/ticket/14122 (detailed discussion about meta-caps?)
I found also Ticket 14749 says it fixed something similar, but that was not a capability problem, so not relevant :
I back tested and behaviour occurs in 3.0, 3.1 and the nightly build