[wp-trac] [WordPress Trac] #38303: register_meta and capabilities aren't working as expected

WordPress Trac noreply at wordpress.org
Thu Oct 13 17:15:34 UTC 2016 

#38303: register_meta and capabilities aren't working as expected
----------------------------------------------------+------------------
 Reporter:  tharsheblows                            |       Owner:
     Type:  enhancement                             |      Status:  new
 Priority:  normal                                  |   Milestone:  4.7
Component:  Role/Capability                         |     Version:  4.6
 Severity:  normal                                  |  Resolution:
 Keywords:  has-patch needs-testing has-unit-tests  |     Focuses:
----------------------------------------------------+------------------
Changes (by jeremyfelt):

 * keywords:   => has-patch needs-testing has-unit-tests
 * type:  defect (bug) => enhancement
 * milestone:  Awaiting Review => 4.7


Comment:

 Some quick history spelunking...

 We ''somewhat'' noted this during the development of #35658. From
 [https://core.trac.wordpress.org/ticket/35658#comment:10 comment 10]:

 > The filter applied for sanitization is straight forward as it is applied
 for all object types (meta types). The auth callback is only applied for
 the post object type, so does not currently fire for user, comment, or
 term. It may make sense to expand this, but it may also be an opportunity
 to revisit how authorization works around meta. /shrug

 And as "explicit" of a decision as there probably was during that period
 came from a [https://wordpress.slack.com/archives/core/p1467226955002422
 patch review in Slack] and boils down to: Add the `auth_callback` filters
 for all meta types in 4.6, leave it up to early adopters to
 `apply_filters()` on their own. Fix later.

 That's not a great long term answer and we should definitely use this
 ticket to find the right answer for applying the auth callback filters
 across all core meta types.

 [attachment:38303.diff] looks like a great start.

 I'm going to move this to 4.7 to get some attention from the REST API
 effort. It's also probably an enhancement rather than a bug.

 /cc @joehoyle @rmccue @rachelbaker @danielbachhuber

--
Ticket URL: <https://core.trac.wordpress.org/ticket/38303#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list