id summary reporter owner description type status priority milestone component version severity resolution keywords cc focuses 50123 Roles & Caps: give anonymous users the `read_post` meta cap for public posts. peterwilsoncc "The meta capability `read_post` is used to determine if a user is permitted to read a post. For public posts (ie, both a public post type and public post status), it returns the `$post_type->cap->read` as the required primitive capability. As logged out users do not have any primitive capabilities, this causes `current_user_can( 'read_post', $post_id )` to return a false negative for logged out users wishing to read a public post. **Approach one:** For public posts the `read_post` meta capability returns an empty array of primitives. **Approach two:** Logged out users are given the `$post_type->cap->read` capability for public post types. **Approach three:** WP gives logged out users the `read` primitive capability, if a developer uses an alternative primitive for public custom post types, then the developer is responsible for ensuring anonymous users have the capability. **Notes:** * ~~Private multisite sites should not allow logged out users to see such posts~~ ''Edit: removed as it's not a core feature of Multisite'' * Many, many unit tests will be required " defect (bug) new normal Awaiting Review Role/Capability normal needs-patch needs-unit-tests