Opened 7 years ago
Last modified 7 years ago
#42323 assigned defect (bug)
Posts vs CPT user permissions issue
Reported by: | bor0 | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 4.9 |
Component: | Posts, Post Types | Keywords: | has-patch needs-unit-tests needs-testing |
Focuses: | administration | Cc: |
Description
We have the following use case:
- User does not have access to create new "Posts"
- User does have access to create new Product Submissions (CPT post type)
With these prerequisites, when the user clicks on "New Product Submission" from the list view (or the edit view), they get the No access message.
This happens because in core we check for edit.php
no_priv instead of edit.php?post_type=product_submission
.
Attachments (1)
Change History (6)
Note: See
TracTickets for help on using
tickets.
@bor0 thanks for the ticket and patch!
I think we need to be sure that the current unit tests pass and add one ( if not already existing ) that tests this use case exactly.