Opened 8 years ago
Closed 8 years ago
#38483 closed defect (bug) (worksforme)
REST API: (CPT) Status handling doesn't account for edit_published_posts
Reported by: | adamsilverstein | Owned by: | rachelbaker |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.7 |
Component: | REST API | Keywords: | needs-patch needs-unit-tests |
Focuses: | Cc: |
Description
Moving this ticket over from Github: https://github.com/WP-API/WP-API/issues/2050.
JakePT commented on Jan 18:
I'm trying out the API for the first time, and am enjoying it greatly, but I've run into one issue that I can't seem to get around.
The issue is a mismatch between how wp-admin handles post editing capabilities and the API does.
I have a Custom Post Type, item, and have map_meta_cap set to true, and capabilitiy_type set to array( 'item', 'items' ). I have given the Administrator role the all the capabilities, but only given Editor edit_items edit_others_items and edit_published_items.
In wp-admin it works as expected, the user can edit existing Items, even ones created by others, but cannot publish new ones (only submit them for review), and they can't delete them. This is exactly what I want.
The problem is that with the API when an Editor submits an update to an Item, if the model's status is set to publish the API always checks for current_user_can( $post_type->cap->publish_posts ), even if the post was previously published.
@adamsilverstein I cannot reproduce this locally. I think you are correct in the GH issue that the reporter's issue could be due to an unmapped
edit_others_posts
. I am going to close this ticket. We can re-open if the reporter gets back to you.