WordPress.org

Make WordPress Core

Opened 22 months ago

Last modified 7 months ago

#42532 new defect (bug)

Custom post type : redirection bug after publish when cap edit_published_cpt is not set

Reported by: ajoah Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Role/Capability Keywords: reporter-feedback
Focuses: administration Cc:

Description

For a custom post type (movie for example), if user have capability publish_movies but not edit_published_movies, when he publishes a new movie, he is redirected to http://example.com/edit.php instead of
http://example.com/edit.php?post_type=movie

I make a gif to illustrate this :
https://media.giphy.com/media/xT0xeo4c4WIOKd4qFW/giphy.gif


User role capabilities :

  • edit_movies
  • edit_others_movies
  • publish_movies
  • read

Custom post type settings :

	$labels = array(
		"name" => __( "Movies", "twentyseventeen" ),
		"singular_name" => __( "Movie", "twentyseventeen" ),
	);

	$args = array(
		"label" => __( "Movies", "twentyseventeen" ),
		"labels" => $labels,
		"description" => "",
		"public" => true,
		"publicly_queryable" => true,
		"show_ui" => true,
		"show_in_rest" => false,
		"rest_base" => "",
		"has_archive" => false,
		"show_in_menu" => true,
		"exclude_from_search" => false,
		"capability_type" => "movie",
		"map_meta_cap" => true,
		"hierarchical" => false,
		"rewrite" => array( "slug" => "movie", "with_front" => true ),
		"query_var" => true,
		"supports" => array( "title", "editor", "thumbnail" ),
	);

	register_post_type( "movie", $args );

Attachments (2)

test-cap.gif (441.0 KB) - added by ajoah 22 months ago.
Illustration of the problem
with_edit_posts.gif (344.4 KB) - added by ajoah 21 months ago.
Illustration of the problem with edit_posts cap

Download all attachments as: .zip

Change History (9)

@ajoah
22 months ago

Illustration of the problem

#1 @skostadinov
21 months ago

I do not think that's a problem. Wordpress shows a message saying that you do not have the right to edit the post when you make a POST request.

#2 @helen
21 months ago

  • Keywords reporter-feedback added

Hi @ajoah - are you testing in trunk/nightlies? Does this happen in 4.8.3 or earlier?

#3 follow-up: @ajoah
21 months ago

Hi @helen, yes i have tested on 4.8.3 and 4.9-RC2-42158

@skostadinov That is what i thought at first however edit.php is not the url to edit the post published but the url which list blog posts. If the role which i have created had cap edit_posts the message would not appeared.

It is logical to redirect to this URL except that for a CPT, the query string ?post_type=movie must be added otherwise it lists blog posts (or displays an error message if the user doesn't have the capability)

Last edited 21 months ago by ajoah (previous) (diff)

@ajoah
21 months ago

Illustration of the problem with edit_posts cap

#4 @skostadinov
21 months ago

Generally, when you want to edit a post, the POST request is made to edit.php and redirects the user to the post page. In your case, the user is not allowed to make a POST request, and this does show a error.

#5 in reply to: ↑ 3 ; follow-up: @helen
21 months ago

Replying to ajoah:

Hi @helen, yes i have tested on 4.8.3 and 4.9-RC2-42158

To clarify - does this also happen in 4.8.3? It helps with triaging and identifying the issue if we know when the problem was introduced or at least first noticed.

#6 in reply to: ↑ 5 @ajoah
21 months ago

Replying to helen:

Replying to ajoah:

Hi @helen, yes i have tested on 4.8.3 and 4.9-RC2-42158

To clarify - does this also happen in 4.8.3? It helps with triaging and identifying the issue if we know when the problem was introduced or at least first noticed.

Yes it happens on 4.8.3.

#7 @pento
7 months ago

  • Version trunk deleted
Note: See TracTickets for help on using tickets.