Opened 7 years ago
Last modified 19 months ago
#40577 assigned enhancement
Introduce a capability for viewing the revisions of a post
Reported by: | johnbillion | Owned by: | adamsilverstein |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | 2.6 |
Component: | Revisions | Keywords: | needs-unit-tests granular-capabilities needs-patch |
Focuses: | administration, rest-api | Cc: |
Description
In order to view the revisions of a post, a user needs the ability to edit the post. This makes sense because it may be undesirable for users to be able to view older revisions of a post which they cannot edit.
However it may be desirable to allow certain users to view the revisions of a post which they cannot edit, for example for auditing purposes, or to allow contributors to browse the revisions of their own published post.
Attachments (1)
Change History (15)
#3
@
7 years ago
@johnbillion - were you thinking something like 40577.diff? I added read_revision
for $revision->ID
and read_revisions
for $revision->post_parent
. Not sure this is enough to get what you were suggesting. If so, we need some unit tests to validate the behavior.
#5
follow-up:
↓ 6
@
7 years ago
- Keywords needs-patch added; has-patch reporter-feedback removed
The required change is actually quite a lot more complex than that. I have a patch in progress.
#6
in reply to:
↑ 5
@
7 years ago
Replying to johnbillion:
The required change is actually quite a lot more complex than that. I have a patch in progress.
Great! Looking forward to seeing and learning from your patch.
#7
@
5 years ago
We were recently asked for this functionality, but our use case is: We want a community contributor to be able to edit a post, but we do not want them to be able to view revisions. Part of it is interface clutter, part of it is the ease of revision reversion, but part of it is also that viewing removed content is undesirable (and the administrator wants to be the only user who can).
#8
@
5 years ago
- Milestone changed from Future Release to 5.4
- Owner set to adamsilverstein
- Status changed from new to assigned
Thanks for the use case description @jrchamp - I'll mark this ticket as 5.4 and try to land it soon. @johnbillion can you share your work in progress here or describe more the approach you propose?
#9
@
5 years ago
Chatted with Adam about this at WCUS. A few concerns:
- The action buttons and links to the editing screen on the revisions listing screen need to be behind corresponding capability checks.
- IIRC the async loaded revisions data on this screen has some capability checks involved.
- This needs testing with users with and without various caps such as
edit_posts
,edit_others_posts
,edit_published_posts
, etc.
This ticket was mentioned in Slack in #core-restapi by kadamwhite. View the logs.
5 years ago
#11
@
5 years ago
- Milestone changed from 5.4 to Future Release
Pulling this out of a milestone until there's patch.
#12
follow-up:
↓ 13
@
4 years ago
Just found this issue and wanted to add that my team is looking for this exact functionality (allowing users who don't have permissions to publish items to view revision history for accountability/historical reasons). Are there any updates on when this might be added since it got taken out of the 5.4 release?
#13
in reply to:
↑ 12
@
4 years ago
Replying to charveyunm:
Just found this issue and wanted to add that my team is looking for this exact functionality (allowing users who don't have permissions to publish items to view revision history for accountability/historical reasons). Are there any updates on when this might be added since it got taken out of the 5.4 release?
Besides the noted change in the revisions.php code mentioned above - I believe altering the function wp_ajax_get_revision_diffs in ajax-actions.php would provide most of what our team needs.
something like:
if ( ! current_user_can( 'edit_post', $post->ID ) || ! current_user_can('read_revision', $post->ID) ) { wp_send_json_error(); }
Hi,
It could be usable when building custom classifieds, or similar. To show revisions history of one custom field, say price field.