Add new category link - capability check needed

[wjm]

/wp-admin/link-add.php

If user doesn´t have "manage_categories" capability, add new link page, will show "add new category" link and form,
it should be hidden.

[nacin]

We should probably use the taxonomy API here and utilize the caps object.

[wojtek.szkutnik]

Does this patch do the job? I was wondering whether it should be assign_terms or edit_terms?

[wojtek.szkutnik]

OK, this one should work.

[bpetty]

Previous patch used the wrong taxonomy (needed to be "link_category"), and also used the wrong capability terms (used edit_terms and assign_terms when it needed to only be manage_terms for adding new link categories).

Also, patches should be built with directory context, not from single files, and since this the old patch didn't apply cleanly anyway, I've refreshed that as well.

[bpetty]

Guess I should also note that this bug is only a problem for anyone using custom capability plugins to modify or add new roles that have the manage_links capability, but *not* the manage_categories capability. The default roles are not configured like this.

I installed and used the popular Capability Manager plugin to do this and test with.

[bpetty]

Refreshed patch against latest trunk (r24432).

[SergeyBiryukov]

13972.4.patch​ also fixes tabs vs. spaces in post_categories_meta_box().

We check for edit_terms there. Should it be manage_terms too?

[bpetty]

This might be a little more confusing than I thought. For some reason wp_ajax_add_link_category() is checking for manage_categories as well, but I'm fairly certain that should also be manage_links just like the wp_ajax_delete_link() method uses, and also as determined from the default ​link_category taxonomy.

I haven't thought through the possible back compat issues that might arise from actually fixing it though, so I'm just not sure on applying this yet.

Maybe punt for now?

[grapplerulrich]

@SergeyBiryukov As the Link Manager has been deprecated, could this ticket be closed?

[SirLouen]

Last patch still in need of refresh. This has changed significantly; rather than needs-refresh I would be inclined to move it back to needs-patch and start from scratch.