WordPress.org

Make WordPress Core

Opened 7 months ago

Last modified 7 months ago

#42323 assigned defect (bug)

Posts vs CPT user permissions issue

Reported by: bor0 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.9
Component: Posts, Post Types Keywords: has-patch needs-unit-tests needs-testing
Focuses: administration Cc:

Description

We have the following use case:

  1. User does not have access to create new "Posts"
  2. User does have access to create new Product Submissions (CPT post type)

With these prerequisites, when the user clicks on "New Product Submission" from the list view (or the edit view), they get the No access message.

This happens because in core we check for edit.php no_priv instead of edit.php?post_type=product_submission.

Attachments (1)

42323.patch (3.6 KB) - added by bor0 7 months ago.

Download all attachments as: .zip

Change History (6)

@bor0
7 months ago

This ticket was mentioned in Slack in #core by bor0. View the logs.


7 months ago

#2 @bor0
7 months ago

  • Keywords has-patch dev-feedback added

#3 @SergeyBiryukov
7 months ago

  • Component changed from Menus to Posts, Post Types
  • Focuses administration added
  • Owner set to SergeyBiryukov
  • Status changed from new to assigned

#4 @SergeyBiryukov
7 months ago

  • Owner SergeyBiryukov deleted

#5 @welcher
7 months ago

  • Keywords needs-unit-tests needs-testing added; dev-feedback removed

@bor0 thanks for the ticket and patch!

I think we need to be sure that the current unit tests pass and add one ( if not already existing ) that tests this use case exactly.

Note: See TracTickets for help on using tickets.