[wp-trac] [WordPress Trac] #40922: Use finer-grained capabilities with `customize_changeset` post type

WordPress Trac noreply at wordpress.org
Tue Jul 25 05:05:02 UTC 2017


#40922: Use finer-grained capabilities with `customize_changeset` post type
----------------------------------------+------------------
 Reporter:  dlh                         |       Owner:
     Type:  enhancement                 |      Status:  new
 Priority:  normal                      |   Milestone:  4.9
Component:  Customize                   |     Version:  4.7
 Severity:  normal                      |  Resolution:
 Keywords:  has-patch needs-unit-tests  |     Focuses:
----------------------------------------+------------------

Comment (by westonruter):

 @dlh I think that `current_user_can( 'edit_post', $changeset_post_id )`
 should still work, should it not? In the Customize Snapshots plugin,
 [https://gist.github.com/westonruter/78e224f1f8aae32dd878fcabcaaa17c3 if
 it didn't extend the post type's capabilities], then none of the changeset
 posts' edit post screens would be accessible. For one thing, the links in
 the post list table would not appear due to calls like `current_user_can(
 'edit_post', $post->ID )` in [https://github.com/WordPress/wordpress-
 develop/blob/4.8.0/src/wp-admin/includes/class-wp-posts-list-table.php
 class-wp-posts-list-table.php]. Secondly, when opening a single edit post
 screen due to the same call in [https://github.com/WordPress/wordpress-
 develop/blob/4.8.0/src/wp-admin/post.php#L116-L117 wp-admin/post.php].

 Currently listing out changesets in the WP Admin is plugin territory, but
 in the future the UI may be part of core. Are all of the admin usages of
 the `edit_post` meta cap wrong? Or should the changeset post type
 correctly account for using these meta caps?

--
Ticket URL: <https://core.trac.wordpress.org/ticket/40922#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list