private posts are not appearing on main page for users with read_private_posts

[molecularbear]

I created a new role that is identical to the Author role except that it included the "read_private_posts" and "read_private_pages" capabilities. I expected that people who were assigned the new role would then be able to view all private posts. What happened was that the new role could view private posts via direct link (i.e., permalink), but the private entries would not appear on the main page.

I tracked the issue down to get_posts() in wp-includes/query.php. Basically, there is some code there that will get the private posts if the user has "edit_private_posts". I changed this to "read_private_posts" and seem to have gained the functionality that I was looking for; I also changed "edit_private_posts" to "read_private_posts" for good measure. I have attached a patch that describes this. Is there a reason why these are "edit_" capabilities instead of "read_"?

patch to query.php

Changing to Milestone 2.2 since that seems to be where the action is.

Err, fixing the Version.

Note that the second-to-last sentence in the description should read:

I changed this to "read_private_posts" and seem to have gained the functionality that I was looking for; I also changed "edit_private_pages" to "read_private_pages" for good measure.

There, I think I've finally debugged my bug report.

This is still an issue in 2.1.1 and the same patch still applies.

(In [4940]) Use correct capabilities checks when determining whether to show private posts. Props molecularbear. fixes #3827

This was marked to be included in 2.1.2, but the change does not appear to be in the latest source. Reopening in the hopes that the patch will make it into 2.1.3.

This was indeed only comitted to trunk.

(In [4971]) Use correct capabilities checks when determining whether to show private posts. Props molecularbear. fixes #3827