WordPress.org
Get WordPress

Make WordPress Core

Opened 3 years ago

Closed 2 years ago

#56819 closed defect (bug) (fixed)

inline-edit-post.js looks up page author name incorrectly when author no longer has edit capabilities

Reported by: olliejones's profile OllieJones Owned by: azaozz's profile azaozz
Milestone: 6.2 Priority: normal
Severity: normal Version:
Component: Quick/Bulk Edit Keywords: has-patch
Focuses: ui, javascript, administration Cc:

Description

6.1RC1 --- this isn't a regression from previous versions.

The inline edit feature on the the dashboard's All Pages panel doesn't work quite right. (It's fine on the All Posts panel.) The flaw crops up when Quick Editing a page for which the author no longer has edit privileges.

To reproduce: running logged in as Administrator or Editor:

  • Create a user with the Author role, or some other role, but not Subscriber.
  • Create (or choose an existing) page. On All Pages, with Quick Edit, set that new user as the author of that page.
  • Edit that user to change the role to Subscriber.
  • On All Pages, open Quick Edit for that page.
  • Observe that the pulldown <select> menu for choosing the author incorrectly shows a blank label rather than the author's name.

It should show the (newly deauthorized) author's name. On the All Posts panel, it does show that name.

This problem shows up on even a fresh install without plugins and the default theme.

Change History (9)

#1 @sabernhardt
3 years ago

  • Component changed from Administration to Quick/Bulk Edit
  • Focuses administration added

#2 @OllieJones
3 years ago

  • Component changed from Quick/Bulk Edit to Administration
  • Focuses administration removed

Line 308:

$(':input[name="post_author"]', editRow).prepend('<option value="' + $('.post_author', rowData).text() + '">' + $('#' + t.type + '-' + id + ' .author').text() + '</option>');

should say 

 ... $('#post-' + id + ' .author').text()  ...

instead, as those divs always have id="post-1234" even on the All Pages panel, not id="page-1234"

Last edited 3 years ago by sabernhardt (previous) (diff)

#3 @sabernhardt
3 years ago

  • Component changed from Administration to Quick/Bulk Edit
  • Focuses administration added
  • Keywords needs-patch added
  • Milestone changed from Awaiting Review to Future Release
  • Version trunk deleted

Thanks for the report!

The option is still there with the user's ID as the value, but the text is empty.

This ticket was mentioned in PR #3469 on WordPress/wordpress-develop by @iamjaydip.
3 years ago #4

  • Keywords has-patch added; needs-patch removed

Ref. Ticket https://core.trac.wordpress.org/ticket/56819
Patch added.

#5 @azaozz
3 years ago

  • Keywords needs-testing added
  • Milestone changed from Future Release to 6.2

Patch makes sense but needs testing with custom post types.

#6 @OllieJones
3 years ago

I just checked the WooCommerce All Products panel in devtools. It has the same HTML structure, in this respect, as the All Posts and All Pages panels. The posts (whether they are user-visible posts, pages, or in this case products) are shown like this.

<tbody id='the-list'>
  <tr id="post-123" class="a whole mess of classes" data-id="123>
     lots of columns about wp_posts.ID 123
  </tr>
  <tr id="post-125" class="a whole mess of classes" data-id="125>
     lots of columns about wp_posts.ID 124
  </tr>
  <tr id="post-126" class="a whole mess of classes" data-id="126>
     lots of columns about wp_posts.ID 126
  </tr>
  more rows of data
</tbody>

The code I propose to repair looks for id="page-123" or id="product-123" rather than id="post-123" on All Pages or All Products panels, when populating the author field. Testing with WooCommerce won't test the fix because its Quick Edit function doesn't present the label.inline-edit-author select dropdown for changing authors.

#7 @costdev
2 years ago

Test Report

Patch tested: PR 3469

Steps to Reproduce or Test

  1. Create a new user with the Editor role.
  2. Navigate to Pages > Add New and create a page.
  3. Navigate to Pages > All pages.
  4. Click Quick Edit for the new page.
  5. Select the new Editor user as the Author of the page.
  6. Navigate to Users > All Users.
  7. Click Edit for the Editor user and change their role to Subscriber.
  8. Navigate to Pages > All pages.
  9. 🐞 Click Quick Edit for the new page.

Expected Results

When reproducing a bug:

  • ❌ The Author <select> element should be blank.

When testing a patch to validate it works as expected:

  • ✅ The Author <select> element should show the author's name.

Environment

  • Server: Apache (Linux)
  • WordPress: 6.2-alpha-54642-src
  • Browser: Chrome 108.0.0.0
  • OS: Windows 10
  • Theme: Twenty Twenty-Three
  • Plugins: None Activated.

Actual Results

When reproducing a bug/defect:

  • ❌ Issue reproduced.

When testing the patch:

  • ✅ Issue resolved with patch.

Notes

  • I did test this with a custom post type as well. However, the original issue didn't occur.

#8 @azaozz
2 years ago

  • Keywords needs-testing removed

@OllieJones @costdev Thanks for testing!

Seems this bug is also present for hierarchical CPTs. The t.type is set to page there too, and the patch fixes it by hard-coding that to post.

#9 @azaozz
2 years ago

  • Owner set to azaozz
  • Resolution set to fixed
  • Status changed from new to closed

In 54936:

Quick edit: Fix cases where the author field is empty when the user no longer has edit capabilities.

Props: OllieJones, sabernhardt, iamjaydip, costdev.
Fixes: #56819.

Note: See TracTickets for help on using tickets.