Make WordPress Core

Opened 14 years ago

Last modified 6 years ago

#13972 new defect (bug)

Add new category link - capability check needed

Reported by: wjm's profile wjm Owned by:
Milestone: Future Release Priority: normal
Severity: minor Version: 3.0
Component: Posts, Post Types Keywords: has-patch needs-testing needs-refresh
Focuses: administration Cc:

Description

/wp-admin/link-add.php

If user doesn´t have "manage_categories" capability, add new link page, will show "add new category" link and form,
it should be hidden.

Attachments (5)

add_new_link_category.patch (590 bytes) - added by wjm 14 years ago.
13972.diff (2.3 KB) - added by wojtek.szkutnik 14 years ago.
13972-2.patch (2.2 KB) - added by bpetty 12 years ago.
13972-3.patch (2.2 KB) - added by bpetty 11 years ago.
13972.4.patch (3.3 KB) - added by SergeyBiryukov 11 years ago.

Download all attachments as: .zip

Change History (20)

#1 @nacin
14 years ago

  • Keywords needs-patch added
  • Milestone changed from Unassigned to Future Release

We should probably use the taxonomy API here and utilize the caps object.

#2 @wojtek.szkutnik
14 years ago

  • Cc wojtek.szkutnik@… added
  • Keywords has-patch needs-testing gsoc added; needs-patch removed

#3 @wojtek.szkutnik
14 years ago

Does this patch do the job? I was wondering whether it should be assign_terms or edit_terms?

#4 @wojtek.szkutnik
14 years ago

OK, this one should work.

#5 @azizur
13 years ago

  • Cc azizur added

@bpetty
12 years ago

#6 @bpetty
12 years ago

  • Cc bpetty added
  • Keywords gsoc removed

Previous patch used the wrong taxonomy (needed to be "link_category"), and also used the wrong capability terms (used edit_terms and assign_terms when it needed to only be manage_terms for adding new link categories).

Also, patches should be built with directory context, not from single files, and since this the old patch didn't apply cleanly anyway, I've refreshed that as well.

#7 @bpetty
12 years ago

Guess I should also note that this bug is only a problem for anyone using custom capability plugins to modify or add new roles that have the manage_links capability, but *not* the manage_categories capability. The default roles are not configured like this.

I installed and used the popular Capability Manager plugin to do this and test with.

@bpetty
11 years ago

#8 @bpetty
11 years ago

Refreshed patch against latest trunk (r24432).

#9 @nacin
11 years ago

  • Keywords commit added
  • Milestone changed from Future Release to 3.6

#10 @SergeyBiryukov
11 years ago

13972.4.patch also fixes tabs vs. spaces in post_categories_meta_box().

We check for edit_terms there. Should it be manage_terms too?

#11 @bpetty
11 years ago

This might be a little more confusing than I thought. For some reason wp_ajax_add_link_category() is checking for manage_categories as well, but I'm fairly certain that should also be manage_links just like the wp_ajax_delete_link() method uses, and also as determined from the default link_category taxonomy.

I haven't thought through the possible back compat issues that might arise from actually fixing it though, so I'm just not sure on applying this yet.

Maybe punt for now?

#12 @nacin
11 years ago

  • Milestone changed from 3.6 to Future Release

#13 @nacin
10 years ago

  • Component changed from Administration to Posts, Post Types
  • Focuses administration added

#14 @wonderboymusic
9 years ago

  • Keywords needs-refresh added; commit removed

#15 @grapplerulrich
6 years ago

@SergeyBiryukov As the Link Manager has been deprecated, could this ticket be closed?

Note: See TracTickets for help on using tickets.