Capability check fails for custom post type revision edit (& map_meta_cap no good)
|Reported by:||anmari||Owned by:|
|Component:||Revisions||Keywords:||reporter-feedback has-patch dev-feedback|
Description (last modified by SergeyBiryukov)
I am using nightly build (1 day old).
Steps to reproduce:
- Register post type with capability 'event'.
- Edit custom post type till you have some revisions.
- Attempt to view a revision. One gets sent to the normal posts edit.php screen.
I looked at revision.php and managed to work out that it was failing at
if ( !current_user_can( 'read_post', $revision->ID ) || !current_user_can( 'read_post', $post->ID ) )
if ( !current_user_can( 'read_'.$post->post_type, $revision->ID ) || !current_user_can( 'read_'.$post->post_type, $post->ID ) )
but that still failed.
I commented out the check and was then able to view the revision.
I think this affects the autosave too as that was how I started looking at it.
So it looks like the problem is in the current_user_can check somehow not working out that the author or admin user is allowed to view or edit the revision ?
Ticket #14122 may be relevant (detailed discussion about meta-caps?)
I found also Ticket #14749 says it fixed something similar, but that was not a capability problem, so not relevant.
I back tested and behaviour occurs in 3.0, 3.1 and the nightly build
Change History (20)
- Component changed from Revisions to Role/Capability
- Keywords reporter-feedback added; needs-patch removed
- Summary changed from Capability check fails for custom post type revision edit to Capability check fails for custom post type revision edit (& map_meta_cap no good)
- Version changed from 3.1 to 3.3
- Component changed from Role/Capability to Revisions
- Keywords revisions-3.6 removed
- Milestone changed from Awaiting Review to 3.6
- Description modified (diff)
- Version changed from 3.2.1 to 3.0
- Keywords has-patch added
comment:18 nacin — 13 months ago
- Milestone 3.6 deleted
- Resolution set to invalid
- Status changed from new to closed