Make WordPress Core

Opened 7 years ago

Last modified 7 years ago

#42323 assigned defect (bug)

Posts vs CPT user permissions issue

Reported by: bor0's profile bor0 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.9
Component: Posts, Post Types Keywords: has-patch needs-unit-tests needs-testing
Focuses: administration Cc:


We have the following use case:

  1. User does not have access to create new "Posts"
  2. User does have access to create new Product Submissions (CPT post type)

With these prerequisites, when the user clicks on "New Product Submission" from the list view (or the edit view), they get the No access message.

This happens because in core we check for edit.php no_priv instead of edit.php?post_type=product_submission.

Attachments (1)

42323.patch (3.6 KB) - added by bor0 7 years ago.

Download all attachments as: .zip

Change History (6)

7 years ago

This ticket was mentioned in Slack in #core by bor0. View the logs.

7 years ago

#2 @bor0
7 years ago

  • Keywords has-patch dev-feedback added

#3 @SergeyBiryukov
7 years ago

  • Component changed from Menus to Posts, Post Types
  • Focuses administration added
  • Owner set to SergeyBiryukov
  • Status changed from new to assigned

#4 @SergeyBiryukov
7 years ago

  • Owner SergeyBiryukov deleted

#5 @welcher
7 years ago

  • Keywords needs-unit-tests needs-testing added; dev-feedback removed

@bor0 thanks for the ticket and patch!

I think we need to be sure that the current unit tests pass and add one ( if not already existing ) that tests this use case exactly.

Note: See TracTickets for help on using tickets.