Opened 8 years ago
Closed 8 years ago
#39745 closed defect (bug) (duplicate)
edit.php inaccessible when post type has no submenu
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Role/Capability | Keywords: | |
Focuses: | administration | Cc: |
Description
Problem
In the Dashboard menu, you see links to your custom post types. If you take away a role/user's 'capability' to create_posts, the 'Add New' button disappears from that post type's submenu, which is expected. But, the side-effect is that it makes edit.php?post_type=my_cpt inaccessible.
I discovered that it was due to the lack of a submenu by grepping for the error.
The error message comes from the bottom of wp-admin/includes/menu.php.
I followed that to user_can_access_admin_page()
in wp-admin/includes/plugin.php:1697
and then to get_admin_page_parent()
in wp-admin/includes/plugin.php:1509
My interpretation, from following the execution with xdebug, is that when the global $submenu
is empty, no page parent is found, and user_can_access_admin_page()
looks for the entry $_wp_menu_nopriv[$pagenow]
, but $pagenow
contains edit.php, instead of the page that was being accessed, edit.php?post_type=my_cpt .
To Reproduce
- Create custom post type 'my_cpt' with
'capability_type' => 'my_cpt', 'capabilities' => array('create_posts' => 'create_my_cpts'), 'supports' => array('author','title') //'author' is the important one for testing
- Add a role 'my_role' with caps
'edit_my_cpts' => true
and'create_my_cpts' => false
. - Add a user and give it the role 'my_role'
- Add a new my_cpt, and change it's author to the new user.
- Login to the dashboard as the new user. The menu item for my_cpt will show up, but will not have a submenu. This is because you've set 'create_my_cpts' to false, which removes the one submenu item that there would ordinarily be, 'Add New'.
- Click the menu item to view the list of my_cpts.
You are met with the dreaded "Sorry, you are not allowed to access this page."
However, if you go directly to my.wordpress.site/wp-admin/post.php?post=[post id]&action=edit you'll see that the user can still edit its my_cpt post.
Hello @jmeit, welcome to WordPress Trac!
Thanks for your report. We had a similar report in #29714 and are now tracking this issue in #22895.