WordPress.org

Make WordPress Core

#42686 closed defect (bug) (fixed)

Default selected changeset status should not be publish when current user does not have publish capability

Reported by: sayedwp Owned by: westonruter
Milestone: 4.9.3 Priority: normal
Severity: normal Version: 4.9
Component: Customize Keywords: has-patch fixed-major commit
Focuses: javascript Cc:

Description

The default state of wp.customize.state( 'selectedChangesetStatus' ) is set to publish even when the user does not have the publish capability. And its value is changed to draft if wp.customize.settings.changeset.currentUserCanPublish is false and the state changes.

This would work fine if there is no extra status added by a plugin. However if a plugin tries to add status like pending and user clicks on it, it would create issues because the selectedChangesetStatus is forced to stay draft. See issue https://github.com/xwp/wp-customize-snapshots/issues/167

Attachments (2)

42686.diff (1.8 KB) - added by sayedwp 21 months ago.
42686.2.diff (2.0 KB) - added by westonruter 19 months ago.

Download all attachments as: .zip

Change History (12)

@sayedwp
21 months ago

#1 @westonruter
21 months ago

  • Milestone changed from Awaiting Review to 4.9.2

#2 @westonruter
21 months ago

  • Keywords needs-patch added

#3 @westonruter
21 months ago

  • Keywords has-patch added; needs-patch removed
  • Owner set to westonruter
  • Status changed from new to accepted

This ticket was mentioned in Slack in #core-customize by westonruter. View the logs.


19 months ago

#5 @dd32
19 months ago

  • Milestone changed from 4.9.2 to 4.9.3

Bumping to 4.9.3 due to 4.9.2s release

This ticket was mentioned in Slack in #core by desrosj. View the logs.


19 months ago

#7 @westonruter
19 months ago

@sayedwp one tweak I have for the patch:

  • src/wp-admin/js/customize-controls.js

     
    79387938                                                } else {
    79397939                                                        saveBtn.val( api.l10n.schedule );
    79407940                                                }
    7941                                         } else {
     7941                                        } else if ( api.settings.changeset.currentUserCanPublish ) {
    79427942                                                saveBtn.val( api.l10n.publish );
    79437943                                        }
    79447944                                        closeBtn.find( '.screen-reader-text' ).text( api.l10n.cancel );

It doesn't seem to change the end result, at least with Customize Snapshots active, but it would seem that we should only be setting the saveBtn's label to publish if the user can indeed publish.

#8 @westonruter
19 months ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 42543:

Customize: Let default status for Customizer be draft if user does not have capability to publish.

Amends [41626].
Props sayedwp, westonruter.
See #30937.
Fixes #42686.

#9 @westonruter
19 months ago

  • Keywords fixed-major commit added
  • Resolution fixed deleted
  • Status changed from closed to reopened

#10 @westonruter
19 months ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 42544:

Customize: Let default status for Customizer be draft if user does not have capability to publish.

Amends [41626].
Props sayedwp, westonruter.
See #30937.
Fixes #42686 for 4.9 branch.

Note: See TracTickets for help on using tickets.