Opened 8 years ago
Closed 7 years ago
#38130 closed defect (bug) (invalid)
Multisite bug with current_user_can() and subscriber
Reported by: | JazZ7 | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Users | Keywords: | reporter-feedback |
Focuses: | multisite | Cc: |
Description
On multisite, Subscribers have upload_files
permission but in wp-admin/includes/ajax-actions.php wp_ajax_upload_attachment()
does not work because current_user_can()
return false
on line 2018 :
<?php if ( ! current_user_can( 'upload_files' ) ) { echo wp_json_encode( array( 'success' => false, 'data' => array( 'message' => __( 'Sorry, you are not allowed to upload files.' ), 'filename' => $_FILES['async-upload']['name'], ) ) ); wp_die(); }
Thanks for your help.
Change History (5)
#3
@
8 years ago
And if you're adding the capability with your own code, could you share all the relevant code?
#4
@
8 years ago
Thanks for your support.
Here is the code that handles the subscribers upload_files
permission :
(doing this in the template for demonstration)
/wp-content/themes/my-theme/profile.php :
<?php /* Template Name: Page Profile */ $sub_role = get_role('subscriber'); $sub_role->add_cap('upload_files'); var_export($sub_role); echo "<br /><br />"; $user_ID = get_current_user_id(); $user = new WP_user($user_ID); var_export($user->caps); echo "<br /><br />"; var_export(current_user_can('upload_files')); die();
The result is :
WP_Role::__set_state(array( 'name' => 'subscriber', 'capabilities' => array ( 'read' => true, 'level_0' => true, 'upload_files' => true, ), )) array ( 'subscriber' => true, ) true
But the ajax request returns :
{'success': false, 'data':{'message': 'Sorry, you are not allowed to upload files.', 'filename': 'filename.jpg'}}
#5
@
7 years ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
- Version 4.6.1 deleted
Thanks for opening a ticket. This appears to be an issue with custom code in the theme rather than in WordPress core. Please feel free to comment further or reopen the ticket if this can be reproduced without plugins or a non-default theme installed.
I don't think this is accurate. Can you point to where you're seeing this capability applied or mapped?
schema.php
doesn't add it to user roles, and I don't see anything inmap_meta_cap()
.