WordPress.org

Make WordPress Core

Opened 7 months ago

Closed 5 months ago

#42686 closed defect (bug) (fixed)

Default selected changeset status should not be publish when current user does not have publish capability

Reported by: sayedwp Owned by: westonruter
Milestone: 4.9.3 Priority: normal
Severity: normal Version: 4.9
Component: Customize Keywords: has-patch fixed-major commit
Focuses: javascript Cc:

Description

The default state of wp.customize.state( 'selectedChangesetStatus' ) is set to publish even when the user does not have the publish capability. And its value is changed to draft if wp.customize.settings.changeset.currentUserCanPublish is false and the state changes.

This would work fine if there is no extra status added by a plugin. However if a plugin tries to add status like pending and user clicks on it, it would create issues because the selectedChangesetStatus is forced to stay draft. See issue https://github.com/xwp/wp-customize-snapshots/issues/167

Attachments (2)

42686.diff (1.8 KB) - added by sayedwp 7 months ago.
42686.2.diff (2.0 KB) - added by westonruter 5 months ago.

Download all attachments as: .zip

Change History (12)

@sayedwp
7 months ago

#1 @westonruter
7 months ago

  • Milestone changed from Awaiting Review to 4.9.2

#2 @westonruter
7 months ago

  • Keywords needs-patch added

#3 @westonruter
7 months ago

  • Keywords has-patch added; needs-patch removed
  • Owner set to westonruter
  • Status changed from new to accepted

This ticket was mentioned in Slack in #core-customize by westonruter. View the logs.


5 months ago

#5 @dd32
5 months ago

  • Milestone changed from 4.9.2 to 4.9.3

Bumping to 4.9.3 due to 4.9.2s release

This ticket was mentioned in Slack in #core by desrosj. View the logs.


5 months ago

#7 @westonruter
5 months ago

@sayedwp one tweak I have for the patch:

  • src/wp-admin/js/customize-controls.js

     
    79387938                                                } else {
    79397939                                                        saveBtn.val( api.l10n.schedule );
    79407940                                                }
    7941                                         } else {
     7941                                        } else if ( api.settings.changeset.currentUserCanPublish ) {
    79427942                                                saveBtn.val( api.l10n.publish );
    79437943                                        }
    79447944                                        closeBtn.find( '.screen-reader-text' ).text( api.l10n.cancel );

It doesn't seem to change the end result, at least with Customize Snapshots active, but it would seem that we should only be setting the saveBtn's label to publish if the user can indeed publish.

@westonruter
5 months ago

#8 @westonruter
5 months ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 42543:

Customize: Let default status for Customizer be draft if user does not have capability to publish.

Amends [41626].
Props sayedwp, westonruter.
See #30937.
Fixes #42686.

#9 @westonruter
5 months ago

  • Keywords fixed-major commit added
  • Resolution fixed deleted
  • Status changed from closed to reopened

#10 @westonruter
5 months ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 42544:

Customize: Let default status for Customizer be draft if user does not have capability to publish.

Amends [41626].
Props sayedwp, westonruter.
See #30937.
Fixes #42686 for 4.9 branch.

Note: See TracTickets for help on using tickets.