[wp-trac] [WordPress Trac] #39839: Permissions processed differently between REST API and UI access causing 403 error
WordPress Trac
noreply at wordpress.org
Fri Feb 10 19:42:13 UTC 2017
#39839: Permissions processed differently between REST API and UI access causing
403 error
-------------------------------+------------------------------
Reporter: reldev | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: 4.7.2
Severity: normal | Resolution:
Keywords: reporter-feedback | Focuses:
-------------------------------+------------------------------
Comment (by reldev):
Replying to [comment:2 SergeyBiryukov]:
> > the meta capability of “read” (mapped from “read_post”) is never
present in the user’s capabilities in my testing, failing every request to
read a draft post via the REST API. “read” is also never present when
accessing this draft post from the UI, but processing continues as
expected.
>
> FWIW, `read` is the only basic capability available to
[source:tags/4.7.2/src/wp-
admin/includes/schema.php?marks=672,697,713,721,727#L692 all built-in user
roles], including Subscriber.
>
> The user in your testing appears to have some custom capabilities
created by plugins. Does the issue still happen on a clean install?
I'll test with a clean install this afternoon and update with the results.
Thanks!
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39839#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list