[wp-trac] [WordPress Trac] #44581: users without 'edit_posts' capability never get informed that their uploads succeed
WordPress Trac
noreply at wordpress.org
Fri Jul 13 15:35:47 UTC 2018
#44581: users without 'edit_posts' capability never get informed that their uploads
succeed
--------------------------+-----------------------------
Reporter: pbiron | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Media | Version:
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Steps to reproduce:
1. create a user with `upload_files` capability but **not** `edit_posts`
capability
2. login as that user
3. upload a media file
4. notice that the status of the upload stays at `Crunching...`
5. notice also that the filename/post_title eventually ends up blank
Expected behavior:
1. user gets some sort of "Success" notification (analogous to the `Edit`
link that users with `edit_posts` capability get)
I discovered this problem on a site with users whose role is basically
`Subscriber` but with `upload_files` capability. The problem is that
`/wp-admin/async-upload.php` contains:
{{{#!php
<?php
if ( ! current_user_can( 'edit_post', $id ) )
wp_die( __( 'Sorry, you are not allowed to edit this item.' ) );
}}}
My current workaround is to hook into
[[https://developer.wordpress.org/reference/hooks/user_has_cap/|user_has_cap]]
and add `edit_posts` IFF `edit_post` is being checked from `async-
upload.php` and its an attachment whose `post_author` is the current user.
This workaround is not ideal (because I don't want these users to be able
to edit the attachment), but at least they know the upload succeeded.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44581>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list