Make WordPress Core

Opened 3 years ago

Closed 10 months ago

Last modified 7 months ago

#52043 closed defect (bug) (duplicate)

Post type listings in submenus require parent menu capability

Reported by: manfcarlo's profile manfcarlo Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Posts, Post Types Keywords: has-patch
Focuses: administration Cc:

Description

If a post type is registered under a submenu, such as $args['show_in_menu'] = 'options-general.php' or $args['show_in_menu'] = 'themes.php', viewing the post type listing seems to require the capability to access the parent page.

If a user lacks the capability for the parent page but does have the capability to edit the post type, the post type appears in the admin menu, but returns a 403 error when navigated to.

This makes no sense because the user actually does have the capability to access that page, and it's an independent page with its own capabilities.

Note that even the parent menu link will be modified to point to the post type listing, rather than the normal parent page that they genuinely lack the capability for.

There appears to be handling for this equivalent scenario for options pages, but not for post type listings.

Change History (9)

#1 @SergeyBiryukov
3 years ago

  • Component changed from Administration to Posts, Post Types

This ticket was mentioned in Slack in #core by manfcarlo. View the logs.


3 years ago

#3 @paaljoachim
3 years ago

I just now noticed this trac ticket mentioned in the Core Slack channel.
"It's also quite relevant to FSE, since it will affect the new post types."

@aristath @gziolo @annezazu

This ticket was mentioned in Slack in #core by mamaduka. View the logs.


3 years ago

#5 @manfcarlo
2 years ago

Is this bug likely to be prioritised for 5.9? I don't know whether it still directly affects the new core post types, as things are moving too fast for me to keep up, but it could affect many plugins and should be fixed in any case.

#6 @manfcarlo
21 months ago

#16808 and #50252 might be related or possible duplicates.

#7 @manfcarlo
21 months ago

  • Keywords has-patch added

There's a pull request at https://github.com/WordPress/wordpress-develop/pull/3024 that appears to solve this issue.

#8 @manfcarlo
10 months ago

  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #50252.

#9 @desrosj
7 months ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.