WordPress.org

Make WordPress Core

Opened 10 years ago

Closed 10 years ago

#12691 closed defect (bug) (fixed)

Editing a page or custom post type requires edit_posts capability

Reported by: rovo89 Owned by:
Milestone: 3.0 Priority: normal
Severity: normal Version: 3.0
Component: Posts, Post Types Keywords: has-patch
Focuses: Cc:
PR Number:

Description

In r13810 (WP 3.0-alpha), it is not possible to create a role which gives users only the capability to edit pages or custom post types, without also assigning the edit_posts capability.

To reproduce, create a role with all *_page(s) capabilities plus read, but without edit_posts (I used the "Members" plugin for that). Then create a user with this role and log in. The menu items for editing and adding new pages will be shown, but clicking "Edit" fails with "Cheatin' uh?".

Similarly, you can also create a new post type with a custom "capability_type". Even if you create all the capabilities and add them to the role, only the menu title will show up, while "Edit" and "Add new" are missing. Trying to call the edit page directly produces the same results as above.

The patch fixes these two bugs by checking for $post_type_object->edit_type_cap instead of edit_posts.

Attachments (1)

12691.diff (2.2 KB) - added by rovo89 10 years ago.

Download all attachments as: .zip

Change History (4)

@rovo89
10 years ago

#1 @rovo89
10 years ago

  • Keywords has-patch added

#2 @nacin
10 years ago

  • Milestone changed from Unassigned to 3.0

Looks okay to me.

#3 @dd32
10 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [13841]) Use $ptype_obj->edit_type_cap instead of 'edit_posts' for custom post_type menu's & edit.php access. Allows for a user to have the capability to edit a post_type irrespective of their Posts access. Props rovo89. Fixes #12691

Note: See TracTickets for help on using tickets.