WordPress.org

Make WordPress Core

Changes between Version 1 and Version 2 of Ticket #43316, comment 71


Ignore:
Timestamp:
04/06/2018 01:53:24 PM (4 years ago)
Author:
azaozz
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #43316, comment 71

    v1 v2  
    1010Yes, deleting revisions checks the `delete_post` cap, however this is still not adequate. Nobody should be able to circumvent the audit trail, not even admins. This is a safety/security feature. I see this as a blocking regression in the API. The only way this should be possible is from a plugin (same as now for non-API).
    1111
    12 If you don't want to remove the delete revision endpoint, we probably can map it to a `delete_revisions` capability that will not be mapped to any existing role and will always return false, i.e. a plugin will have to specifically assign that capability to a role.
     12If you don't want to remove the delete revision endpoint, we probably can require a `delete_revisions` capability that will not be mapped to any existing role and will always return false, i.e. a plugin will have to specifically assign that capability to a role.
    1313
    1414Created #43709 as a follow-up.