Don't show notice to the privacy policy guide when user cannot view the guide

[ocean90]

The privacy policy guide is only viewable if current_user_can( 'manage_privacy_options' ) but WP_Privacy_Policy_Content::notice() has no such check, leading an editor to an empty page.

[azaozz]

I'm actually not sure if editors on "single" installs should not be able to see the privacy policy guide? Generally they are trusted as much as admins (have unfiltered_html capability, etc.).

In any case, the notice should have the same capability requirement as the guide.

[azaozz]

In 43248:

Privacy: require manage_privacy_options capability for showing WP_Privacy_Policy_Content::notice().

Props ocean90.
Fixes #44055.

[azaozz]

Reopen for 4.9.6 consideration.

[iandunn]

Hmm, should editors be allowed to edit the wp_page_for_privacy_policy ? I'm guessing no, so maybe a better solution to this would be to add a map_meta_cap callback that makes current_user_can( 'edit_post', get_option( 'wp_page_for_privacy_policy' ) ) return false?

[iandunn]

I opened #44079 to track the suggestion in comment:5. If we can get that in before the RC2 deadline, then there's no need to backport r43248. Otherwise, I don't have any objection to backporting it (although I haven't reviewed it yet, so it'll still need a review and sign-off from a 2nd committer).

[iandunn]

In 43277:

Privacy: require manage_privacy_options capability for showing WP_Privacy_Policy_Content::notice().

Props ocean90.
Merges [43248] to the 4.9 branch.
Fixes #44055.

[iandunn]

Nevermind regarding comment:7, it's a good idea to leave the cap check, see ticket:44079#comment:7.

[desrosj]

Moving to the new Privacy component.