WordPress.org

Make WordPress Core

Opened 3 years ago

Last modified 5 weeks ago

#40577 assigned enhancement

Introduce a capability for viewing the revisions of a post

Reported by: johnbillion Owned by: adamsilverstein
Milestone: 5.4 Priority: normal
Severity: normal Version: 2.6
Component: Revisions Keywords: needs-unit-tests granular-capabilities needs-patch
Focuses: administration, rest-api Cc:
PR Number:

Description

In order to view the revisions of a post, a user needs the ability to edit the post. This makes sense because it may be undesirable for users to be able to view older revisions of a post which they cannot edit.

However it may be desirable to allow certain users to view the revisions of a post which they cannot edit, for example for auditing purposes, or to allow contributors to browse the revisions of their own published post.

Attachments (1)

40577.diff (812 bytes) - added by adamsilverstein 2 years ago.

Download all attachments as: .zip

Change History (10)

#1 @Stagger Lee
3 years ago

Hi,

It could be usable when building custom classifieds, or similar. To show revisions history of one custom field, say price field.

#2 @johnbillion
2 years ago

  • Keywords granular-capabilities added

#3 @adamsilverstein
2 years ago

@johnbillion - were you thinking something like 40577.diff? I added read_revision for $revision->ID and read_revisions for $revision->post_parent. Not sure this is enough to get what you were suggesting. If so, we need some unit tests to validate the behavior.

#4 @adamsilverstein
2 years ago

  • Keywords has-patch reporter-feedback added; needs-patch removed

#5 follow-up: @johnbillion
2 years ago

  • Keywords needs-patch added; has-patch reporter-feedback removed

The required change is actually quite a lot more complex than that. I have a patch in progress.

#6 in reply to: ↑ 5 @adamsilverstein
2 years ago

Replying to johnbillion:

The required change is actually quite a lot more complex than that. I have a patch in progress.

Great! Looking forward to seeing and learning from your patch.

#7 @jrchamp
5 weeks ago

We were recently asked for this functionality, but our use case is: We want a community contributor to be able to edit a post, but we do not want them to be able to view revisions. Part of it is interface clutter, part of it is the ease of revision reversion, but part of it is also that viewing removed content is undesirable (and the administrator wants to be the only user who can).

#8 @adamsilverstein
5 weeks ago

  • Milestone changed from Future Release to 5.4
  • Owner set to adamsilverstein
  • Status changed from new to assigned

Thanks for the use case description @jrchamp - I'll mark this ticket as 5.4 and try to land it soon. @johnbillion can you share your work in progress here or describe more the approach you propose?

#9 @johnbillion
5 weeks ago

Chatted with Adam about this at WCUS. A few concerns:

  • The action buttons and links to the editing screen on the revisions listing screen need to be behind corresponding capability checks.
  • IIRC the async loaded revisions data on this screen has some capability checks involved.
  • This needs testing with users with and without various caps such as edit_posts, edit_others_posts, edit_published_posts, etc.
Note: See TracTickets for help on using tickets.