[wp-trac] [WordPress Trac] #44079: Require `manage_privacy_options` capability to edit the privacy policy page
WordPress Trac
noreply at wordpress.org
Tue May 15 20:58:07 UTC 2018
#44079: Require `manage_privacy_options` capability to edit the privacy policy page
-------------------------------------------------+-------------------------
Reporter: iandunn | Owner: iandunn
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 4.9.6
Component: Administration | Version: trunk
Severity: normal | Resolution: fixed
Keywords: gdpr has-patch needs-unit-tests | Focuses:
commit dev-reviewed |
-------------------------------------------------+-------------------------
Comment (by iandunn):
In [changeset:"43287" 43287]:
{{{
#!CommitTicketReference repository="" revision="43287"
Privacy: Require `manage_privacy_options` to edit policy page.
A user is required to have the `manage_privacy_options` capability in
order to determine which page is set as the privacy policy (the
`wp_page_for_privacy_policy`). Given that, it doesn't make sense to allow
users without that capability to edit or delete the page.
A similar situation exists with the `page_for_posts` and `page_on_front`
options, but Editors are allowed to edit those pages. The reason that this
situation is different is because it is more likely that an administrator
will want to restrict modifications to the privacy policy, than it is that
they will want to allow modifications. Modifications to the policy often
require specialized knowledge of local laws, and can have implications for
compliance with those laws.
Props dlh, desrosj.
Merges [43286] to the 4.9 branch.
Fixes #44079.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44079#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list