Make WordPress Core

Opened 7 years ago

Last modified 6 years ago

#42532 new defect (bug)

Custom post type : redirection bug after publish when cap edit_published_cpt is not set

Reported by: ajoah's profile ajoah Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Role/Capability Keywords: reporter-feedback
Focuses: administration Cc:

Description

For a custom post type (movie for example), if user have capability publish_movies but not edit_published_movies, when he publishes a new movie, he is redirected to http://example.com/edit.php instead of
http://example.com/edit.php?post_type=movie

I make a gif to illustrate this :
https://media.giphy.com/media/xT0xeo4c4WIOKd4qFW/giphy.gif


User role capabilities :

  • edit_movies
  • edit_others_movies
  • publish_movies
  • read

Custom post type settings :

	$labels = array(
		"name" => __( "Movies", "twentyseventeen" ),
		"singular_name" => __( "Movie", "twentyseventeen" ),
	);

	$args = array(
		"label" => __( "Movies", "twentyseventeen" ),
		"labels" => $labels,
		"description" => "",
		"public" => true,
		"publicly_queryable" => true,
		"show_ui" => true,
		"show_in_rest" => false,
		"rest_base" => "",
		"has_archive" => false,
		"show_in_menu" => true,
		"exclude_from_search" => false,
		"capability_type" => "movie",
		"map_meta_cap" => true,
		"hierarchical" => false,
		"rewrite" => array( "slug" => "movie", "with_front" => true ),
		"query_var" => true,
		"supports" => array( "title", "editor", "thumbnail" ),
	);

	register_post_type( "movie", $args );

Attachments (2)

test-cap.gif (441.0 KB) - added by ajoah 7 years ago.
Illustration of the problem
with_edit_posts.gif (344.4 KB) - added by ajoah 7 years ago.
Illustration of the problem with edit_posts cap

Download all attachments as: .zip

Change History (9)

@ajoah
7 years ago

Illustration of the problem

#1 @skostadinov
7 years ago

I do not think that's a problem. Wordpress shows a message saying that you do not have the right to edit the post when you make a POST request.

#2 @helen
7 years ago

  • Keywords reporter-feedback added

Hi @ajoah - are you testing in trunk/nightlies? Does this happen in 4.8.3 or earlier?

#3 follow-up: @ajoah
7 years ago

Hi @helen, yes i have tested on 4.8.3 and 4.9-RC2-42158

@skostadinov That is what i thought at first however edit.php is not the url to edit the post published but the url which list blog posts. If the role which i have created had cap edit_posts the message would not appeared.

It is logical to redirect to this URL except that for a CPT, the query string ?post_type=movie must be added otherwise it lists blog posts (or displays an error message if the user doesn't have the capability)

Last edited 7 years ago by ajoah (previous) (diff)

@ajoah
7 years ago

Illustration of the problem with edit_posts cap

#4 @skostadinov
7 years ago

Generally, when you want to edit a post, the POST request is made to edit.php and redirects the user to the post page. In your case, the user is not allowed to make a POST request, and this does show a error.

#5 in reply to: ↑ 3 ; follow-up: @helen
7 years ago

Replying to ajoah:

Hi @helen, yes i have tested on 4.8.3 and 4.9-RC2-42158

To clarify - does this also happen in 4.8.3? It helps with triaging and identifying the issue if we know when the problem was introduced or at least first noticed.

#6 in reply to: ↑ 5 @ajoah
7 years ago

Replying to helen:

Replying to ajoah:

Hi @helen, yes i have tested on 4.8.3 and 4.9-RC2-42158

To clarify - does this also happen in 4.8.3? It helps with triaging and identifying the issue if we know when the problem was introduced or at least first noticed.

Yes it happens on 4.8.3.

#7 @pento
6 years ago

  • Version trunk deleted
Note: See TracTickets for help on using tickets.