Make WordPress Core

Opened 7 years ago

Closed 7 years ago

#42686 closed defect (bug) (fixed)

Default selected changeset status should not be publish when current user does not have publish capability

Reported by: sayedwp's profile sayedwp Owned by: westonruter's profile westonruter
Milestone: 4.9.3 Priority: normal
Severity: normal Version: 4.9
Component: Customize Keywords: has-patch fixed-major commit
Focuses: javascript Cc:

Description

The default state of wp.customize.state( 'selectedChangesetStatus' ) is set to publish even when the user does not have the publish capability. And its value is changed to draft if wp.customize.settings.changeset.currentUserCanPublish is false and the state changes.

This would work fine if there is no extra status added by a plugin. However if a plugin tries to add status like pending and user clicks on it, it would create issues because the selectedChangesetStatus is forced to stay draft. See issue https://github.com/xwp/wp-customize-snapshots/issues/167

Attachments (2)

42686.diff (1.8 KB) - added by sayedwp 7 years ago.
42686.2.diff (2.0 KB) - added by westonruter 7 years ago.

Download all attachments as: .zip

Change History (12)

@sayedwp
7 years ago

#1 @westonruter
7 years ago

  • Milestone changed from Awaiting Review to 4.9.2

#2 @westonruter
7 years ago

  • Keywords needs-patch added

#3 @westonruter
7 years ago

  • Keywords has-patch added; needs-patch removed
  • Owner set to westonruter
  • Status changed from new to accepted

This ticket was mentioned in Slack in #core-customize by westonruter. View the logs.


7 years ago

#5 @dd32
7 years ago

  • Milestone changed from 4.9.2 to 4.9.3

Bumping to 4.9.3 due to 4.9.2s release

This ticket was mentioned in Slack in #core by desrosj. View the logs.


7 years ago

#7 @westonruter
7 years ago

@sayedwp one tweak I have for the patch:

  • src/wp-admin/js/customize-controls.js

     
    79387938                                                } else {
    79397939                                                        saveBtn.val( api.l10n.schedule );
    79407940                                                }
    7941                                         } else {
     7941                                        } else if ( api.settings.changeset.currentUserCanPublish ) {
    79427942                                                saveBtn.val( api.l10n.publish );
    79437943                                        }
    79447944                                        closeBtn.find( '.screen-reader-text' ).text( api.l10n.cancel );

It doesn't seem to change the end result, at least with Customize Snapshots active, but it would seem that we should only be setting the saveBtn's label to publish if the user can indeed publish.

@westonruter
7 years ago

#8 @westonruter
7 years ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 42543:

Customize: Let default status for Customizer be draft if user does not have capability to publish.

Amends [41626].
Props sayedwp, westonruter.
See #30937.
Fixes #42686.

#9 @westonruter
7 years ago

  • Keywords fixed-major commit added
  • Resolution fixed deleted
  • Status changed from closed to reopened

#10 @westonruter
7 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 42544:

Customize: Let default status for Customizer be draft if user does not have capability to publish.

Amends [41626].
Props sayedwp, westonruter.
See #30937.
Fixes #42686 for 4.9 branch.

Note: See TracTickets for help on using tickets.