[wp-trac] [WordPress Trac] #27020: Use a safer capability default when post_author == 0

WordPress Trac noreply at wordpress.org
Thu Feb 6 20:33:52 UTC 2014


#27020: Use a safer capability default when post_author == 0
------------------------------------+------------------
 Reporter:  danielbachhuber         |       Owner:
     Type:  enhancement             |      Status:  new
 Priority:  normal                  |   Milestone:  3.9
Component:  Role/Capability         |     Version:
 Severity:  normal                  |  Resolution:
 Keywords:  has-patch dev-feedback  |     Focuses:
------------------------------------+------------------
Changes (by danielbachhuber):

 * keywords:  needs-patch => has-patch dev-feedback


Comment:

 Added patch and tests for `edit_post`, `read_post`, and `delete_post`.

 Per westi's comment, `*_post_meta`falls back to `map_meta_cap( 'edit_post'
 )`, as does `edit_comment`. For the former, I don't foresee any problems
 with this change.

 For the latter, an author can view comments on Manage Comments, but not
 edit unless they have edit permissions on the post. Editors can view and
 edit. Contributors can only view.

 This behavior seems expected to me, but open to feedback and direction.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/27020#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list