Block editor Author list missing capability check

[cagdasdag]

Hello

The author dropdown in page settings is not working correctly in block editor. It doesn't check user capabilities.

Here is the steps to replicate

• Install a fresh WP
• Create a contributor user so you will have 2 user 1 admin and 1 contributor
• Create a page in Classic Editor
• You will see it is showing only admin user in Author change dropdown because contributor doesn't have edit_pages capability
• Create a page in Block Editor
• Go to author change dropdown, you will see contributor user as well.

Which looks a bug to me. We need to make sure that there is a capability check.

Screenshots;
Classic Editor:
​https://share.cleanshot.com/69vlJWcH

Block Editor:
​https://share.cleanshot.com/xyVlryhh

[sukhendu2002]

Reproduction Report

Description

This report validates whether the issue can be reproduced.

Environment

• WordPress: 6.8-alpha-59274-src
• PHP: 8.2.26
• Server: nginx/1.27.3
• Database: mysqli (Server: 8.0.40 / Client: mysqlnd 8.2.26)
• Browser: Chrome 131.0.0.0
• OS: macOS
• Theme: Twenty Twenty-Five 1.0
• MU Plugins: None activated
• Plugins:
  • Test Reports 1.2.0

Actual Results

1. ✅ Error condition occurs (reproduced).

Supplemental Artifacts

Block Editor

Classic Editor

[dilipbheda]

@cagdasdag Thanks for the report.

I've fixed the issue in the attached PR.

@sukhendu2002 Could you test it and share the report?

Thanks!

I don't think the fix is correct. In classic editor we have post_type_object->cap->edit_posts check. So we should use same capability check for consistency.