[wp-trac] [WordPress Trac] #43701: Make the "read_private” cap accessible over the REST API
WordPress Trac
noreply at wordpress.org
Sun Apr 8 17:08:47 UTC 2018
#43701: Make the "read_private” cap accessible over the REST API
--------------------------------------+------------------------------
Reporter: twoelevenjay | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: 4.9.5
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests | Focuses: rest-api
--------------------------------------+------------------------------
Changes (by soulseekah):
* keywords: => has-patch has-unit-tests
Comment:
Hey, Leon! Welcome to Trac! :)
This does seem to be a valid bug. I was able to reproduce this in the
following theoretical use-case:
1. Create a user role, called Paid Subscriber, inherits all capabilities
from Subscriber, but also gets `read_private_posts` cap.
2. Try to access a private post on the frontend. Works.
3. Try to access a private post via the REST API. Works.
4. Try to get a list of private posts via the REST API. Doesn't work.
0001-Make-the-read_private-cap-accessible-over-the-REST-A.patch, although
formatted incorrectly, solves the issue.
43701.diff includes a test for the scenario, and the 0001-Make-the-
read_private-cap-accessible-over-the-REST-A.patch fix.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43701#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list