[wp-trac] [WordPress Trac] #47291: (Featured Image metabox) Author can't choose others images

WordPress Trac noreply at wordpress.org
Thu May 16 09:35:17 UTC 2019 

#47291: (Featured Image metabox) Author can't choose others images
--------------------------+-----------------------------
 Reporter:  meloniq       |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Media         |    Version:  trunk
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 Author (and lower) can't choose others images in the Featured Image
 metabox, selection stuck with a spinner without any additional
 information.

 **Steps to reproduce:**

  - Login as user A, and add an image to media library
  - Login as user B, and create a new post
  - Scroll to "Featured Image", and click "Set featured image" button
  - On the opened list of media files, select previously uploaded file (by
 user A)
  - In the background request to REST Media fails with status `403`, and
 user sees a Spinner infinitely without any additional information

 **Pre WP 5.0 behavior:**

 User could choose and set as Featured images uploaded by other users, also
 the one that he had only the 'view' permission.

 **Root of issue:**

 After selection of image in the modal, there is an REST request to the
 Media endpoint that should obtain additional data about the selected
 image. The request is made with a context `edit` to which current user
 have no permission (he is not an owner of the image nor the Editor to have
 permissions to edit others media).

 **Request that fails:**
  - Headers:

 {{{
 URL: http://localhost/wordpress/dev/wp-
 json/wp/v2/media/209?context=edit&_locale=user
 Method: GET
 Address: 127.0.0.1:80
 Code: 403 Forbidden
 }}}

  - Response:

 {{{
 {
   "code":"rest_forbidden_context",
   "message":"Sorry, you are not allowed to edit this post.",
   "data":
     {
       "status":403
     }
 }
 }}}


 **Suggested fix:**

 Changing context of the request made from metabox.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/47291>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list