#44079 closed defect (bug) (fixed)
Require `manage_privacy_options` capability to edit the privacy policy page
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 4.9.6 | Priority: | normal |
| Severity: | normal | Version: | 5.1 |
| Component: | Privacy | Keywords: | gdpr has-patch needs-unit-tests commit dev-reviewed |
| Focuses: | Cc: |
Description
#44055 identified the problem that Editors are shown a link to the privacy guide, but can't actually view it. The solution there, in r43248, was to hide the link if users don't have the manage_privacy_options capability.
It doesn't seem like people without that capability should be able to edit the privacy page in the first place, though. Preventing them from editing it would solve the issue in #44055, and also any other issues stemming from the fact that editors could edit the page. An example of that kind of issue would be an editor who isn't trained in privacy law or organizational policies making edits that don't reflect the organization's desires.
Also, if someone is editing the page, then they should probably be able to read the guide as well, because the guide informs what edits should be made.
Previous discussion:
Attachments (4)
Change History (18)
#1
@
7 years ago
- Keywords has-patch 2nd-opinion needs-unit-tests needs-testing added; needs-patch removed
- Owner set to iandunn
#2
@
7 years ago
There are currently exceptions for page_for_posts and page_on_front in map_meta_cap() itself: https://github.com/WordPress/wordpress-develop/blob/e72d50370273c2741329e1a102ec90b35cf1b492/src/wp-includes/capabilities.php#L76.
I'm curious whether exceptions for wp_page_for_privacy_policy could or should go in map_meta_cap() as well?
#3
@
7 years ago
Ah, great catch, thanks!
44079.2.diff removes the filter callback and makes the modifications directly in map_meta_cap().
#4
@
7 years ago
After testing further, I'm not sure that using either map_meta_cap() itself or the map_meta_cap filter will work for this purpose.
If I'm reading correctly, because manage_privacy_options is a new meta capability, it needs to be mapped for it to be granted to anyone (by default).
Appending manage_privacy_options to the array of required $caps doesn't allow that mapping to occur — the case 'manage_privacy_options': statement in map_meta_cap() is never reached.
44079.3.diff attempts to allow manage_privacy_options to be mapped with another call to map_meta_cap(), although it's not nearly as straightforward an approach.
#5
@
7 years ago
44079.2.diff did not work for me in my testing. As a user with the manage_privacy_options capability, I was unable to edit the selected privacy policy page.
44079.3.diff works for me as expected.
This ticket was mentioned in Slack in #gdpr-compliance by iandunn. View the logs.
7 years ago
#7
@
7 years ago
- Keywords commit added; needs-testing removed
Ah, you're right. 44079.2.diff was only working in my tests b/c I was in Multisite, and has_cap() always returns true as long as $caps doesn't contain do_not_allow.
44079.4.diff restores the capability check for the notice (per Slack discussion), and iterates on the comment to make it a bit more clear.
This tested well for me in Multisite and single-site, but I'd like another committer's review before committing to trunk, to make sure we're not missing anything.
44079.diff is a first pass. Does anyone have feedback on it?