Opened 8 years ago
Last modified 6 days ago
#38997 assigned defect (bug)
delete_private_posts capability doesn't prevent user from deleting private posts
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Future Release | Priority: | normal |
| Severity: | normal | Version: | 4.6.1 |
| Component: | Role/Capability | Keywords: | has-patch has-unit-tests |
| Focuses: | administration | Cc: |
Description
Attempting to prevent users from deleting a published post works, but if they set a post to 'private' they can delete it even if 'delete_private_posts' capability is set to 0.
<?php global $current_user; // works $current_user->allcaps['delete_published_posts'] = 0; // doesn't work $current_user->allcaps['delete_private_posts'] = 0;
"doesn't work" means that "Trash" link appears on hover over the post in edit.php and "Move to Trash" shows up on post.php
Change History (5)
#2
@
8 years ago
- Component changed from Users to Role/Capability
- Keywords needs-patch needs-unit-tests added
- Milestone changed from Awaiting Review to Future Release
- Owner set to johnbillion
- Status changed from new to accepted
Thank you for your report, @yboris. Sorry that it's taken such a long time before anybody responded.
I'm looking into this as part of several other related fixes.
#4
@
7 weeks ago
I can reproduce the issue in version 6.7.1 as well. I’ve reviewed the codebase but couldn’t pinpoint the cause. I’ll continue investigating to find the root cause.
This ticket was mentioned in PR #8546 on WordPress/wordpress-develop by @sukhendu2002.
6 days ago
#5
- Keywords has-patch has-unit-tests added; needs-patch needs-unit-tests removed
Trac ticket: https://core.trac.wordpress.org/ticket/38997
The above "global $current_user" was a shorthand of: