[wp-trac] [WordPress Trac] #47443: REST-API prevents users with edit_published_posts capability updating published posts
WordPress Trac
noreply at wordpress.org
Thu Feb 20 00:03:20 UTC 2020
#47443: REST-API prevents users with edit_published_posts capability updating
published posts
-------------------------------------------------+-------------------------
Reporter: derweili | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.5
Component: REST API | Version: 5.2.1
Severity: normal | Resolution:
Keywords: has-patch needs-unit-tests needs- | Focuses: rest-api
refresh |
-------------------------------------------------+-------------------------
Changes (by TimothyBlynJacobs):
* milestone: 5.4 => 5.5
Comment:
> Am I correct in thinking the
WP_REST_Posts_Controller::handle_status_param() function is used for both
creating and updating post objects?
That's correct.
> If that's the case, I think that's the underlying problem. For updates
the post ID needs to be included when determining the permitted statuses
so the correct meta capabilities are calculated for the individual post.
So when we are editing an existing post, we'd use `current_user_can(
'publish_post', $id )`?
----
Given the complexity of this, going to punt to 5.5 for now.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47443#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list