Changes between Version 1 and Version 2 of Ticket #43316, comment 71
- Timestamp:
- 04/06/2018 01:53:24 PM (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #43316, comment 71
v1 v2 10 10 Yes, deleting revisions checks the `delete_post` cap, however this is still not adequate. Nobody should be able to circumvent the audit trail, not even admins. This is a safety/security feature. I see this as a blocking regression in the API. The only way this should be possible is from a plugin (same as now for non-API). 11 11 12 If you don't want to remove the delete revision endpoint, we probably can map it toa `delete_revisions` capability that will not be mapped to any existing role and will always return false, i.e. a plugin will have to specifically assign that capability to a role.12 If you don't want to remove the delete revision endpoint, we probably can require a `delete_revisions` capability that will not be mapped to any existing role and will always return false, i.e. a plugin will have to specifically assign that capability to a role. 13 13 14 14 Created #43709 as a follow-up.