[wp-trac] [WordPress Trac] #40922: Use finer-grained capabilities with `customize_changeset` post type
WordPress Trac
noreply at wordpress.org
Tue Jul 25 05:05:02 UTC 2017
#40922: Use finer-grained capabilities with `customize_changeset` post type
----------------------------------------+------------------
Reporter: dlh | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 4.9
Component: Customize | Version: 4.7
Severity: normal | Resolution:
Keywords: has-patch needs-unit-tests | Focuses:
----------------------------------------+------------------
Comment (by westonruter):
@dlh I think that `current_user_can( 'edit_post', $changeset_post_id )`
should still work, should it not? In the Customize Snapshots plugin,
[https://gist.github.com/westonruter/78e224f1f8aae32dd878fcabcaaa17c3 if
it didn't extend the post type's capabilities], then none of the changeset
posts' edit post screens would be accessible. For one thing, the links in
the post list table would not appear due to calls like `current_user_can(
'edit_post', $post->ID )` in [https://github.com/WordPress/wordpress-
develop/blob/4.8.0/src/wp-admin/includes/class-wp-posts-list-table.php
class-wp-posts-list-table.php]. Secondly, when opening a single edit post
screen due to the same call in [https://github.com/WordPress/wordpress-
develop/blob/4.8.0/src/wp-admin/post.php#L116-L117 wp-admin/post.php].
Currently listing out changesets in the WP Admin is plugin territory, but
in the future the UI may be part of core. Are all of the admin usages of
the `edit_post` meta cap wrong? Or should the changeset post type
correctly account for using these meta caps?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40922#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list