Make WordPress Core

Opened 2 years ago

Last modified 2 years ago

#24153 new defect (bug)

Sticky flag gets unset if author doesn't have publish_posts permission

Reported by: archon810 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: major Version: 3.5.1
Component: Role/Capability Keywords:
Focuses: Cc:


I'm observing a bug with the sticky flag. I set up a special user with a role of "Grammar Nazi" who should only have access to editing of other people's posts, but not publishing his own.

The permissions given to this role are:

  • edit_published_posts
  • edit_others_posts
  • edit_posts
  • read
  • read_private_posts

This user works out great - he's limited to only editing errors in other authors' posts.

However, there is a bug with sticky posts. If a grammar nazi edits a stickied post, the sticky flag gets unset. As a possibly related observation, there's no Edit button on the post edit page next to the Visibility area.

This bug is worked around by adding the publish_posts permission. However, this permission is unwanted in this case as grammar nazis shouldn't be able to post their own posts. Adding publish_posts enables the Edit button next to Visibility, and saves retain the sticky bit correctly.

So, in short: the sticky bit should be retained even when users without the publish_posts permission update a post.

Change History (3)

comment:1 @archon8102 years ago

  • Cc admin@… added

comment:2 @SergeyBiryukov2 years ago

Sticky flag indeed requires both publish_posts and edit_others_posts capabilities:

Related: [8546], [8577], ticket:7457:19.

comment:3 @archon8102 years ago

Thanks for tracking down the source references and the original ticket with relevant comments. It's clear that this is a bug at this point, right?

Note: See TracTickets for help on using tickets.