[wp-trac] [WordPress Trac] #44079: Require `manage_privacy_options` capability to edit the privacy policy page

Mon May 14 18:33:16 UTC 2018

#44079: Require `manage_privacy_options` capability to edit the privacy policy page
----------------------------+------------------------------
 Reporter:  iandunn         |      Owner:  (none)
     Type:  defect (bug)    |     Status:  assigned
 Priority:  normal          |  Milestone:  4.9.6
Component:  Administration  |    Version:  trunk
 Severity:  normal          |   Keywords:  gdpr needs-patch
  Focuses:                  |
----------------------------+------------------------------
 #44055 identified the problem that Editors are shown a link to the privacy
 guide, but can't actually view it. The solution there, in r43248, was to
 hide the link if users don't have the `manage_privacy_options` capability.

 It doesn't seem like people without that capability should be able to edit
 the privacy page in the first place, though. Preventing them from editing
 it would solve the issue in #44055, and also any other issues stemming
 from the fact that editors could edit the page. An example of that kind of
 issue would be an editor who isn't trained in privacy law or
 organizational policies making edits that don't reflect the organization's
 desires.

 Also, if someone ''is'' editing the page, then they should probably be
 able to read the guide as well, because the guide informs what edits
 should be made.

 Previous discussion:
 * ticket:44055#comment:5
 * https://wordpress.slack.com/archives/C02RQBWTW/p1526315451000694
 * https://wordpress.slack.com/archives/C02RQBWTW/p1526319469000326

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/44079>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform