[wp-trac] [WordPress Trac] #42464: Replace `publish_posts` permission check in `wp_insert_post()`.
WordPress Trac
noreply at wordpress.org
Mon Nov 13 05:19:35 UTC 2017
#42464: Replace `publish_posts` permission check in `wp_insert_post()`.
--------------------------------------+------------------
Reporter: peterwilsoncc | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.0
Component: Role/Capability | Version: 2.7
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests | Focuses:
--------------------------------------+------------------
Changes (by peterwilsoncc):
* keywords: needs-unit-tests => has-patch has-unit-tests
Comment:
@skostadinov Thanks for your initial patch, unfortunately it's a little
more complex as we need to allow for new and updated posts and custom post
types.
In [attachment:42464.diff]:
* when updating posts, the meta capability is checked with the post ID
* for new posts, the primitive capability is checked for the post type
Various tests:
* CPTs with and without mapped meta caps, both use custom capability types
* contributor setting the post slug of a core `post` post type
* administrator attempting to set the post slug of a CPT in which they
don't have permissions (this would previously fail)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42464#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list