WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

#29597 closed defect (bug) (fixed)

Media Grid View bulk deletion not respecting individual delete capabilities

Reported by: skaeser Owned by: wonderboymusic
Milestone: 4.0.1 Priority: low
Severity: minor Version: 4.0
Component: Media Keywords: fixed-major
Focuses: Cc:

Description

The bulk delete functionality of the Media Grid View does not check whether the deleted items where actually deleted or not, it simply assumes they where and removes them from the list. When using individual delete capabilities on media items this results in items being removed from the list while they have not actually been deleted.

Steps to reproduce this issue:

Register a custom filter for "user_has_cap" and set the "delete_posts" and "delete_post" capability for a specific attachment to "false":

function test_individual_media_delete_capability($allcaps, $caps, $args) {
  if ( count( $args ) > 2 && ( in_array( 'delete_post', $caps ) || in_array( 'delete_posts', $caps ) ) ) {
    $post = get_post( $args[2] );
    if ( $post->ID == [EXISTING ATTACHMENT ID] && $post->post_type ==
'attachment' ) {
      $allcaps['delete_post'] = false;
      $allcaps['delete_posts'] = false;
    }
  }
  return $allcaps;
}

add_filter("user_has_cap", test_individual_media_delete_capability, 100, 3);

Now go to the Media Library (Grid View) and click "Bulk Select".

Select the attachment having the ID used in the function above and press "Delete Selected". The attachment gets removed from the list.

Reload the page and the attachment is back in place.

As the AJAX call to "admin-ajax.php" (action: delete-post) properly returns a "-1" if deletion of the post fails, the fix should only involve JavaScript. Unfortunately I am not familiar enough with the JavaScript architecture in place to create a proper fix.

Change History (9)

#1 @skaeser
6 years ago

  • Version set to 4.0

#2 @SergeyBiryukov
6 years ago

  • Milestone changed from Awaiting Review to 4.0.1

This ticket was mentioned in IRC in #wordpress-dev by nacin. View the logs.


6 years ago

#4 @nacin
6 years ago

  • Owner set to wonderboymusic
  • Priority changed from normal to low
  • Severity changed from normal to minor
  • Status changed from new to assigned

#5 @wonderboymusic
6 years ago

[29755] missed the ticket.

#6 @SergeyBiryukov
6 years ago

  • Keywords fixed-major added

#7 @tlovett1
6 years ago

Not able to reproduce in r30026.

#8 @johnbillion
6 years ago

@tlovett1: This has been fixed in trunk but the ticket remains open because we'll be adding this to the 4.0.1 release.

#9 @nacin
6 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 30409:

Media Grid: Don't attempt to delete an attachment that can't be deleted.

Merges [29755] to the 4.0 branch.

props wonderboymusic.
fixes #29597.

Note: See TracTickets for help on using tickets.