[wp-trac] [WordPress Trac] #22511: Taxonomy manage screen checks for manage_terms and edit_terms, instead of just manage_terms.

WordPress Trac noreply at wordpress.org
Mon Nov 19 23:13:57 UTC 2012 

#22511: Taxonomy manage screen checks for manage_terms and edit_terms, instead of
just manage_terms.
-----------------------------+--------------------------
 Reporter:  andrewryno       |       Type:  defect (bug)
   Status:  new              |   Priority:  normal
Milestone:  Awaiting Review  |  Component:  Taxonomy
  Version:  trunk            |   Severity:  normal
 Keywords:  dev-feedback     |
-----------------------------+--------------------------
 I'm trying to set up permissions so the Contributor role can add terms but
 not edit or delete terms. I setup my taxonomy so it looks like this:
 {{{
 register_taxonomy( 'custom_taxonomy', array( 'post' ), array(
         ...
         'capabilities' => array (
                 'manage_terms' => 'edit_posts',
                 'edit_terms' => 'manage_options',
                 'delete_terms' => 'manage_options',
                 'assign_terms' => 'edit_posts'
         )
 ) );
 }}}

 However, when logged in as a contributor I get the error "You are not
 allowed to edit this item." In edit-tags.php there are two checks for
 caps, one is for manage_terms and one is for edit_terms. I don't believe
 the second one should be there, because looking at the other code it
 should be like this:

 * User with manage_terms can access the main taxonomy page
 * They can also add terms
 * There are checks in WP_Terms_List_Table to restrict showing the
 Edit/Quick Edit/Delete links for users without those capabilities
 (edit_terms/delete_terms).
 * There is even plenty of other checks on edit_terms in edit-tags.php to
 include/change the content shown to the user.. if the entire page is
 restricted for users without edit_terms, why are any of those necessary?

 Even if I'm wrong on the fact that roles with edit_terms can't add new
 terms (it's not completely clear anywhere, it seems like manage_terms
 should be enough), I still think that this page should be viewable at the
 very least considering the other code in that page and the list table.

 Recommended solution: move the edit_terms check back into case 'edit'
 (line 121 of edit-tags.php in trunk, currently) as it was before [15491].

 This was introduced in: [15441] and [15491]. Related: #14343.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/22511>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list