[wp-trac] [WordPress Trac] #38303: register_meta and capabilities aren't working as expected
WordPress Trac
noreply at wordpress.org
Thu Oct 13 20:46:09 UTC 2016
#38303: register_meta and capabilities aren't working as expected
----------------------------------------------------+------------------
Reporter: tharsheblows | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 4.7
Component: Role/Capability | Version: 4.6
Severity: normal | Resolution:
Keywords: has-patch needs-testing has-unit-tests | Focuses:
----------------------------------------------------+------------------
Comment (by tharsheblows):
I don't quite agree with the exact implementation the patch uses anymore,
I think we should add the capabilities to roles then update the
capabilities cases based on those.
The reason is that if someone creates a custom role which includes eg
`'edit_term_meta'` it will have unintended consequences and allow them to
always update term meta even if there is an auth_callback which disallows
it. This is a side-effect of the implementation details and there are ways
around it but I think putting the capabilities in roles is the best way
forward and is how most people would expect to use them.
I can make a patch for that tomorrow but realise there might be issues I'm
not aware of around adding new capabilities to roles, so thought I'd
mention now. (Are there?)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38303#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list