WordPress.org

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #47443, comment 11


Ignore:
Timestamp:
01/24/2020 10:28:51 PM (20 months ago)
Author:
apieschel
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #47443, comment 11

    initial v1  
    1 Nevermind, thinking it over again, since "future" means "to be published in the future" it doesn't really make sense to have different permissions for the "publish" and "future" cases. The original edit to ''wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php'' is better. Added a new patch that reverts the change to this file but keeps my new unit test.
     1Nevermind, thinking it over again, since "future" means "to be published in the future" it doesn't really make sense to have different permissions for the "publish" and "future" cases. The original edit to ''wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php'' is better. Added a new patch that reverts the change to this file, but keeps my new unit test.
    22
    33But is it a problem that the patch would allow a user to publish posts via the Rest API, even if they only had the "edit_published_posts" capability? This seems tricky. If it's not a problem, then I could simply edit the unit test (test_create_post_publish_without_permission) that's failing. It would pass if I removed the "edit_published_posts" capability in addition to the "publish_posts" capability. What is the best practice for adjusting previous unit tests in a case like this?