WordPress.org

Make WordPress Core

Opened 5 years ago

Last modified 4 months ago

#29786 new enhancement

read_post_meta should be a meta capability

Reported by: rmccue Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Options, Meta APIs Keywords: needs-patch
Focuses: Cc:
PR Number:

Description

Right now, we have edit_post_meta, delete_post_meta, and add_post_meta. In order to be able to expose metadata publicly, we need to be able to check if we can access individual keys.

is_protected_meta only controls whether it's prefixed and should default to being protected (by default, prefixed with _). This isn't adequate to check for read permission on a key, because it's not filterable.

Change History (5)

This ticket was mentioned in Slack in #core by rmccue. View the logs.


5 years ago

#2 @rachelbaker
5 years ago

  • Keywords needs-patch added
  • Milestone changed from Awaiting Review to 4.2
  • Type changed from defect (bug) to enhancement

#3 @rachelbaker
5 years ago

  • Keywords dev-feedback added
  • Milestone changed from 4.2 to Future Release

Moving out of 4.2 milestone since this needs discussion and a patch.

#4 @rachelbaker
5 years ago

  • Milestone changed from Future Release to Awaiting Review

#5 @swissspidy
4 years ago

  • Keywords dev-feedback removed

@rmccue @rachelbaker I suppose this was asked regarding the REST API? How is this currently handled there?

Having a read_post_meta capability seems legit to me.

Note: See TracTickets for help on using tickets.