[wp-trac] [WordPress Trac] #37917: Users without the edit_private_posts capability can still create private posts
WordPress Trac
noreply at wordpress.org
Thu Sep 1 21:32:27 UTC 2016
#37917: Users without the edit_private_posts capability can still create private
posts
-------------------------------+-----------------------------
Reporter: ryan.kanner | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Posts, Post Types | Version: trunk
Severity: normal | Keywords:
Focuses: administration |
-------------------------------+-----------------------------
Currently, users without the "edit_private_posts" capability, can still
view the "Private" radio button under "Visibility". They can also save /
publish the post (depending on their capabilities) with no issue. The same
goes for pages as well with the "edit_private_pages" capability. I think
it's reasonable enough to assume that users that don't have the
"edit_private_{post_type}" capability, shouldn't be able to create posts
with a visibility of private.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37917>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list