[wp-trac] [WordPress Trac] #38303: register_meta and capabilities aren't working as expected

WordPress Trac noreply at wordpress.org
Mon Nov 14 09:41:29 UTC 2016


#38303: register_meta and capabilities aren't working as expected
------------------------------------------+-----------------------
 Reporter:  tharsheblows                  |       Owner:  rmccue
     Type:  defect (bug)                  |      Status:  reopened
 Priority:  normal                        |   Milestone:  4.8
Component:  Role/Capability               |     Version:  4.6
 Severity:  normal                        |  Resolution:
 Keywords:  needs-patch needs-unit-tests  |     Focuses:
------------------------------------------+-----------------------

Comment (by tharsheblows):

 I think adding extra complexity to `register_meta` which is already
 complex by necessity is a mistake. It would be best to let the functions
 be more intuitive and the `auth_callback` filter to work like a regular
 filter, ie as you said: have authoritative control over the content passed
 to it.

 One of the main reasons for putting this is in 4.7 is that currently only
 `edit_post_meta` exists in any form (`edit_comment_meta`, `edit_user_meta`
 and `edit_term_meta` don't exist at all) so there is only one break in
 backwards compatibility.

 The BC break is the undocumented edge case where someone is using the
 `auth_callback` filter to allow `edit_post_meta` but relying on a user
 needing `edit_post` to keep them from actually editing post meta. I can't
 imagine this is common. In all other cases it will work as expected. (And
 again, it is *only* `edit_post_meta` as the others don't exist.)

 I also think it's important to have `register_meta` and its
 `auth_callback` working as expected due to the introduction of the REST
 API -- that function's objective is to make it easy and safe to add meta
 to the object endpoints. There is a decent chance that a fair amount will
 be written about how to use the REST API after 4.7 is released; now is
 time to decide this although I fully appreciate it is late in the cycle.

 The discussion about primitive vs meta capabilities can wait, these would
 be straightforward to change later.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/38303#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list