Opened 8 years ago
Last modified 6 years ago
#38997 assigned defect (bug)
delete_private_posts capability doesn't prevent user from deleting private posts
Reported by: | yboris | Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | 4.6.1 |
Component: | Role/Capability | Keywords: | needs-patch needs-unit-tests |
Focuses: | administration | Cc: |
Description
Attempting to prevent users from deleting a published post works, but if they set a post to 'private' they can delete it even if 'delete_private_posts' capability is set to 0.
<?php global $current_user; // works $current_user->allcaps['delete_published_posts'] = 0; // doesn't work $current_user->allcaps['delete_private_posts'] = 0;
"doesn't work" means that "Trash" link appears on hover over the post in edit.php and "Move to Trash" shows up on post.php
Change History (3)
#2
@
7 years ago
- Component changed from Users to Role/Capability
- Keywords needs-patch needs-unit-tests added
- Milestone changed from Awaiting Review to Future Release
- Owner set to johnbillion
- Status changed from new to accepted
Thank you for your report, @yboris. Sorry that it's taken such a long time before anybody responded.
I'm looking into this as part of several other related fixes.
Note: See
TracTickets for help on using
tickets.
The above "global $current_user" was a shorthand of: