WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#41356 closed defect (bug) (invalid)

permission typo in rest api

Reported by: lalop Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.8
Component: Users Keywords:
Focuses: rest-api Cc:

Description

I created a new role with delete_users capabilities.
While trying to delete an user via the rest api with this user, I get this error :
rest_user_cannot_delete

Looking in the code base I found that, the capabilities checked is delete_user instead of delete_users.

Change History (4)

#1 @johnbillion
3 years ago

  • Keywords reporter-feedback added

delete_user is a meta capability which maps to delete_users via the context (the user ID in this case).

Are you sure you're properly authenticated with a user which has permission to delete users? If you're using Multisite, you'll need to be authenticated with a Super Admin user.

#2 @johnbillion
3 years ago

  • Component changed from REST API to Users
  • Focuses docs removed

#3 @lalop
3 years ago

  • Resolution set to invalid
  • Status changed from new to closed

Sorry, I wasn't aware of the meta capability feature.
I changed the role's capabilities whithout removing the role from database, my issue comes from that but I was thinking that I found an other issue.

Thank you

#4 @johnbillion
3 years ago

  • Keywords reporter-feedback removed
  • Milestone Awaiting Review deleted

Thanks for letting us know.

Note: See TracTickets for help on using tickets.