[wp-trac] [WordPress Trac] #38997: delete_private_posts capability doesn't prevent user from deleting private posts
WordPress Trac
noreply at wordpress.org
Wed Nov 30 21:09:32 UTC 2016
#38997: delete_private_posts capability doesn't prevent user from deleting private
posts
----------------------------+-----------------------------
Reporter: yboris | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version: 4.6.1
Severity: normal | Keywords:
Focuses: administration |
----------------------------+-----------------------------
Attempting to prevent users from deleting a published post works, but if
they set a post to 'private' they can delete it even if
'delete_private_posts' capability is set to 0.
{{{#!php
<?php
global $current_user;
// works
$current_user->allcaps['delete_published_posts'] = 0;
// doesn't work
$current_user->allcaps['delete_private_posts'] = 0;
}}}
"doesn't work" means that "Trash" link appears on hover over the post in
edit.php and "Move to Trash" shows up on post.php
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38997>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list