Opened 5 years ago
Closed 5 years ago
#49741 closed defect (bug) (invalid)
WP_REST_Terms_Controller::create_item_permissions_check did not work as expected
Reported by: | jihaisse | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.9.8 |
Component: | REST API | Keywords: | |
Focuses: | rest-api | Cc: |
Description
Hello
I’ve created few taxonomies with CPTUI and I wanted to specify capabilities for them, so I did it like this :
<?php function notes_customize_taxonomy($args, $taxonomy_slug) { // These would already be used as default value, but providing as an example. // $taxonomy_slug parameter would be the slug of the taxonomy currently being registered. $args['capabilities'] = array( 'manage_terms' => "manage_categories", 'edit_terms' => "manage_categories", 'delete_terms' => "manage_categories", 'assign_terms' => "edit_posts", ); return $args; } add_filter('cptui_pre_register_taxonomy', 'notes_customize_taxonomy', 10, 2);
So I imagined that if a user have the permission “edit_posts” he can assign a term to a post, but not create a new one on that taxonomy.
But, in the create_item_permissions_check method, it’s not like this :
<?php if ( ( is_taxonomy_hierarchical( $this->taxonomy ) && ! current_user_can( $taxonomy_obj->cap->edit_terms ) ) || ( ! is_taxonomy_hierarchical( $this->taxonomy ) && ! current_user_can( $taxonomy_obj->cap->assign_terms ) ) )
The capablility tested is different if the taxonomy is hierarchical or not.
Why ?
Is this realy what is wanted ?
I think this is really confusing. It didn't allow us to have a user who can only assign terms without creating new ones.
Change History (1)
Note: See
TracTickets for help on using
tickets.
Hi @jihaisse!
Thanks for opening a ticket and welcome to trac! This is in fact the intentional behavior, and was adjusted this way to match the Classic Editor. You can read the details in #44096.
In this case, if you wanted that behavior, I think the best plan of action would be to subclass the
WP_REST_Terms_Controller
for your taxonomy, and specify it as therest_controller_class
when registering your taxonomy.