[wp-trac] [WordPress Trac] #36379: Saving post can remove its hierarchical terms if user cannot 'assign_terms'

WordPress Trac noreply at wordpress.org
Wed Mar 30 22:41:12 UTC 2016


#36379: Saving post can remove its hierarchical terms if user cannot 'assign_terms'
----------------------------+-----------------------------
 Reporter:  dlh             |      Owner:
     Type:  defect (bug)    |     Status:  new
 Priority:  normal          |  Milestone:  Awaiting Review
Component:  Administration  |    Version:
 Severity:  normal          |   Keywords:
  Focuses:  administration  |
----------------------------+-----------------------------
 If a user lacks the `assign_terms` capability for a hierarchical taxonomy,
 and the user visits the edit-post screen or uses Quick Edit, the default
 UI still displays the checklist of terms for that taxonomy but with each
 input disabled.

 However, disabled checkboxes are not submitted with forms. If terms in the
 taxonomy are selected for the post and the user saves it, `0` is submitted
 instead of those terms, and the relationships are lost.

 To replicate:

 1. Create a post as an administrator, assign it categories, and save.

 2. Remove your ability to assign terms:

 {{{
 add_filter( 'register_taxonomy_args', function ( $args ) {
         $args['capabilities']['assign_terms'] = 'do_not_allow';
         return $args;
 } );
 }}}

 3. Go to the edit-post screen for your post. The category checklist
 appears with your saved terms still checked, but the inputs are disabled.

 4. Save the post. Now, only the default category is assigned.

 The attached patch is the start of one potential solution: Outputting
 hidden fields in `Walker_Category_Checklist::start_el()` to match
 disabled, checked ones. Something similar would have to happen for Quick
 Edit.

 But there are other approaches, and I might be misdiagnosing the issue, so
 I thought I would wait for more discussion before attempting to patch
 further.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/36379>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list