[wp-trac] [WordPress Trac] #43709: Fix or remove the "delete revision" endpoint

WordPress Trac noreply at wordpress.org
Thu Aug 15 17:31:15 UTC 2019 

#43709: Fix or remove the "delete revision" endpoint
-------------------------------------------------+-------------------------
 Reporter:  azaozz                               |       Owner:  (none)
     Type:  defect (bug)                         |      Status:  assigned
 Priority:  normal                               |   Milestone:  5.3
Component:  REST API                             |     Version:
 Severity:  normal                               |  Resolution:
 Keywords:  has-patch has-unit-tests early       |     Focuses:  rest-api
  needs-dev-note                                 |
-------------------------------------------------+-------------------------

Comment (by dlh):

 From what I understand of this issue, I'm inclined to agree with the
 approach in [attachment:"43709.1.diff"].

 First, if it's the case that deleting revisions isn't supposed to be
 allowed without a plugin, then the fact that the change to
 `map_meta_cap()` isn't already in core strikes me as a bug, separate even
 from the REST endpoint.

 It's true that changing the mapping for revisions is a backwards-
 compatibility break. I don't have the ability to search the plugin repo
 for the potential impact of such a break.

 However, as @danielbachhuber says, the change should be graceful, and it
 would be straightforward for a plugin that wants to override the change to
 do so.

 It also repairs a flaw, in that should core ever check the `$delete_post`
 capability for a revision, the check has the potential to return `true`
 when it would be assumed to return `false`.

 Second, I agree with @kadamwhite to be disinclined to adding a new
 capability. The new capability would have to be a meta capability — see
 ticket:45423#comment:10 And as a meta capability, it would just be mapped
 to `do_not_allow` anyway to meet the requirement that no one be allowed to
 delete revisions.

 (If new capabilities for revisions are going to be pursued, perhaps that
 could begin by setting the revision `capability_type` [and providing
 backwards-compatibility] to facilitate plugins distributing all the
 different post capabilities?)

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/43709#comment:23>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list