WordPress.org
Get WordPress

Make WordPress Core

Opened 14 months ago

Closed 12 months ago

#56819 closed defect (bug) (fixed)

inline-edit-post.js looks up page author name incorrectly when author no longer has edit capabilities

Reported by: olliejones's profile OllieJones Owned by: azaozz's profile azaozz
Milestone: 6.2 Priority: normal
Severity: normal Version:
Component: Quick/Bulk Edit Keywords: has-patch
Focuses: ui, javascript, administration Cc:

Description

6.1RC1 --- this isn't a regression from previous versions.

The inline edit feature on the the dashboard's All Pages panel doesn't work quite right. (It's fine on the All Posts panel.) The flaw crops up when Quick Editing a page for which the author no longer has edit privileges.

To reproduce: running logged in as Administrator or Editor:

  • Create a user with the Author role, or some other role, but not Subscriber.
  • Create (or choose an existing) page. On All Pages, with Quick Edit, set that new user as the author of that page.
  • Edit that user to change the role to Subscriber.
  • On All Pages, open Quick Edit for that page.
  • Observe that the pulldown <select> menu for choosing the author incorrectly shows a blank label rather than the author's name.

It should show the (newly deauthorized) author's name. On the All Posts panel, it does show that name.

This problem shows up on even a fresh install without plugins and the default theme.

Change History (9)

#1 @sabernhardt
14 months ago

  • Component changed from Administration to Quick/Bulk Edit
  • Focuses administration added

#2 @OllieJones
14 months ago

  • Component changed from Quick/Bulk Edit to Administration
  • Focuses administration removed

Line 308:

$(':input[name="post_author"]', editRow).prepend('<option value="' + $('.post_author', rowData).text() + '">' + $('#' + t.type + '-' + id + ' .author').text() + '</option>');

should say 

 ... $('#post-' + id + ' .author').text()  ...

instead, as those divs always have id="post-1234" even on the All Pages panel, not id="page-1234"

Last edited 14 months ago by sabernhardt (previous) (diff)

#3 @sabernhardt
14 months ago

  • Component changed from Administration to Quick/Bulk Edit
  • Focuses administration added
  • Keywords needs-patch added
  • Milestone changed from Awaiting Review to Future Release
  • Version trunk deleted

Thanks for the report!

The option is still there with the user's ID as the value, but the text is empty.

This ticket was mentioned in PR #3469 on WordPress/wordpress-develop by @iamjaydip.
14 months ago #4

  • Keywords has-patch added; needs-patch removed

Ref. Ticket https://core.trac.wordpress.org/ticket/56819
Patch added.

#5 @azaozz
14 months ago

  • Keywords needs-testing added
  • Milestone changed from Future Release to 6.2

Patch makes sense but needs testing with custom post types.

#6 @OllieJones
14 months ago

I just checked the WooCommerce All Products panel in devtools. It has the same HTML structure, in this respect, as the All Posts and All Pages panels. The posts (whether they are user-visible posts, pages, or in this case products) are shown like this.

<tbody id='the-list'>
  <tr id="post-123" class="a whole mess of classes" data-id="123>
     lots of columns about wp_posts.ID 123
  </tr>
  <tr id="post-125" class="a whole mess of classes" data-id="125>
     lots of columns about wp_posts.ID 124
  </tr>
  <tr id="post-126" class="a whole mess of classes" data-id="126>
     lots of columns about wp_posts.ID 126
  </tr>
  more rows of data
</tbody>

The code I propose to repair looks for id="page-123" or id="product-123" rather than id="post-123" on All Pages or All Products panels, when populating the author field. Testing with WooCommerce won't test the fix because its Quick Edit function doesn't present the label.inline-edit-author select dropdown for changing authors.

#7 @costdev
12 months ago

Test Report

Patch tested: PR 3469

Steps to Reproduce or Test

  1. Create a new user with the Editor role.
  2. Navigate to Pages > Add New and create a page.
  3. Navigate to Pages > All pages.
  4. Click Quick Edit for the new page.
  5. Select the new Editor user as the Author of the page.
  6. Navigate to Users > All Users.
  7. Click Edit for the Editor user and change their role to Subscriber.
  8. Navigate to Pages > All pages.
  9. 🐞 Click Quick Edit for the new page.

Expected Results

When reproducing a bug:

  • ❌ The Author <select> element should be blank.

When testing a patch to validate it works as expected:

  • ✅ The Author <select> element should show the author's name.

Environment

  • Server: Apache (Linux)
  • WordPress: 6.2-alpha-54642-src
  • Browser: Chrome 108.0.0.0
  • OS: Windows 10
  • Theme: Twenty Twenty-Three
  • Plugins: None Activated.

Actual Results

When reproducing a bug/defect:

  • ❌ Issue reproduced.

When testing the patch:

  • ✅ Issue resolved with patch.

Notes

  • I did test this with a custom post type as well. However, the original issue didn't occur.

#8 @azaozz
12 months ago

  • Keywords needs-testing removed

@OllieJones @costdev Thanks for testing!

Seems this bug is also present for hierarchical CPTs. The t.type is set to page there too, and the patch fixes it by hard-coding that to post.

#9 @azaozz
12 months ago

  • Owner set to azaozz
  • Resolution set to fixed
  • Status changed from new to closed

In 54936:

Quick edit: Fix cases where the author field is empty when the user no longer has edit capabilities.

Props: OllieJones, sabernhardt, iamjaydip, costdev.
Fixes: #56819.

Note: See TracTickets for help on using tickets.