Make WordPress Core

Opened 14 years ago

Closed 14 years ago

#15437 closed defect (bug) (fixed)

Custom Post Type's capability_type and taxonomies used with the post type not considered when calling admin-ajax.php

Reported by: trabaria's profile trabaria Owned by: trabaria's profile trabaria
Milestone: 3.1 Priority: normal
Severity: normal Version: 3.1
Component: Administration Keywords: has-patch
Focuses: Cc:


For ajax-tag-search and get-tagcloud in admin-ajax.php, the custom post type with custom capability_type and taxonomies set to use with the post type is never considered as !current_user_can( 'edit_posts' ) is hard coded. For example, a custom post type MY_CPT with custom capability_type CPT allows users to have the capability edit_CPTs. A user who cannot edit_posts, but can edit_CPTs will see -1 when editing a MY_CPT post tags, if post_tags is in the array of taxonomies used with the post type.

Attachments (1)

15437.diff (1.7 KB) - added by nacin 14 years ago.

Download all attachments as: .zip

Change History (9)

#1 @nacin
14 years ago

  • Milestone changed from Awaiting Review to 3.1

It should go off of the taxonomy caps, I'd imagine.

14 years ago


#2 @nacin
14 years ago

  • Keywords has-patch added; capability_type post_type admin-ajax get-tagcloud ajax-tag-search removed
  • Severity changed from critical to normal


#3 @trabaria
14 years ago

  • Cc admin@… added

#4 @trabaria
14 years ago

  • Owner set to trabaria
  • Status changed from new to accepted

#5 @nacin
14 years ago

Is assign_terms the proper cap here?

trabaria, does it work?

#6 @trabaria
14 years ago

  • Resolution set to fixed
  • Status changed from accepted to closed

Yes, assign_terms is the proper cap. I have tested and am changing to fixed. Thank you, Andrew!

#7 @nacin
14 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

#8 @nacin
14 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [16771]) Use assign_terms cap for tag search and tag cloud in admin ajax. fixes #15437.

Note: See TracTickets for help on using tickets.