[wp-trac] [WordPress Trac] #39725: Post Type Capabilities Broken
WordPress Trac
noreply at wordpress.org
Fri Jan 27 18:50:04 UTC 2017
#39725: Post Type Capabilities Broken
--------------------------------+-----------------------------
Reporter: michael.ecklund | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Posts, Post Types | Version: 4.7.2
Severity: normal | Keywords:
Focuses: ui, administration |
--------------------------------+-----------------------------
It appears that specifying capabilities to a specific Post Type has little
to no effect. When customizing the capabilities for a specific Post Type
during registration it throws PHP errors and as far as I can tell, doesn't
appear to be working at all.
I've got a Post Type which contains private posts only. I don't want posts
to be: Created, Deleted, or Published. I thought this would be a simple
task. Apparently not.
'''When registering a Post Type ... I've specified the following:'''
{{{#!php
<?php
$args['public'] = false;
$args['publicly_queryable'] = false;
$args['show_ui'] = true;
$args['show_in_menu'] = false;
$args['query_var'] = false;
$args['rewrite'] = false;
$args['has_archive'] = false;
$args['hierarchical'] = false;
$args['exclude_from_search'] = true;
$args['map_meta_cap'] = true;
$args['capability_type'] = 'post';
}}}
'''I've tried this:'''
{{{#!php
<?php
$args['capabilities'] = array();
$args['capabilities']['edit_post'] = 'edit_post';
$args['capabilities']['read_post'] = 'do_not_allow';
$args['capabilities']['delete_post'] = 'do_not_allow';
$args['capabilities']['edit_posts'] = 'edit_posts';
$args['capabilities']['edit_others_posts'] = 'edit_others_posts';
$args['capabilities']['publish_posts'] = 'do_not_allow';
$args['capabilities']['read_private_posts'] = 'do_not_allow';
$args['capabilities']['read'] = 'do_not_allow';
$args['capabilities']['delete_posts'] = 'do_not_allow';
$args['capabilities']['delete_private_posts'] = 'do_not_allow';
$args['capabilities']['delete_published_posts'] = 'do_not_allow';
$args['capabilities']['delete_others_posts'] = 'do_not_allow';
$args['capabilities']['edit_private_posts'] = 'edit_private_posts';
$args['capabilities']['edit_published_posts'] = 'do_not_allow';
$args['capabilities']['create_posts'] = 'do_not_allow';
}}}
'''I've also tried this:'''
{{{#!php
<?php
$args['capabilities'] = array();
$args['capabilities']['read_post'] = 'do_not_allow';
$args['capabilities']['delete_post'] = 'do_not_allow';
$args['capabilities']['publish_posts'] = 'do_not_allow';
$args['capabilities']['read'] = 'do_not_allow';
$args['capabilities']['delete_posts'] = 'do_not_allow';
$args['capabilities']['delete_private_posts'] = 'do_not_allow';
$args['capabilities']['delete_published_posts'] = 'do_not_allow';
$args['capabilities']['delete_others_posts'] = 'do_not_allow';
$args['capabilities']['edit_published_posts'] = 'do_not_allow';
$args['capabilities']['create_posts'] = 'do_not_allow';
}}}
'''I've also tried this:'''
{{{#!php
<?php
$args['capabilities'] = array();
$args['capabilities']['delete_post'] = 'do_not_allow';
$args['capabilities']['publish_posts'] = 'do_not_allow';
$args['capabilities']['delete_posts'] = 'do_not_allow';
$args['capabilities']['delete_private_posts'] = 'do_not_allow';
$args['capabilities']['delete_published_posts'] = 'do_not_allow';
$args['capabilities']['delete_others_posts'] = 'do_not_allow';
$args['capabilities']['edit_published_posts'] = 'do_not_allow';
$args['capabilities']['create_posts'] = 'do_not_allow';
}}}
I've played with these one by one and it seems no matter what I specify
here, nothing seems to take effect properly.
PHP errors everywhere on `edit.php` and `post.php`
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39725>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list