Dashboard shows inaccessible links for Authors and Contributors
|Reported by:||johnbillion||Owned by:||johnbillion|
|Component:||Administration||Keywords:||has-patch commit fixed-major|
The "At a Glance" dashboard widget show "X Posts", "X Pages" and "X Comments" with links to the corresponding listing screens, but there are no capability checks in place when the links are output. This means Author level users see a link to the Pages screen that they don't have access to, and Contributors see a link to the Posts, Comments and Pages screens, none of which they have access to.
In 3.7 and earlier, if the user didn't have the capability to edit the object then the text was shown without a link.
Change History (15)
- Owner set to johnbillion
- Status changed from new to assigned