[wp-trac] [WordPress Trac] #48556: Query for multiple post types not considering user permission to retrieve private posts

WordPress Trac noreply at wordpress.org
Mon Jun 7 23:37:30 UTC 2021 

#48556: Query for multiple post types not considering user permission to retrieve
private posts
-------------------------------------------------+-------------------------
 Reporter:  leogermani                           |       Owner:
                                                 |  SergeyBiryukov
     Type:  defect (bug)                         |      Status:  reopened
 Priority:  normal                               |   Milestone:  Future
                                                 |  Release
Component:  Query                                |     Version:
 Severity:  normal                               |  Resolution:
 Keywords:  has-patch has-unit-tests early       |     Focuses:
  needs-dev-note                                 |
-------------------------------------------------+-------------------------

Comment (by hellofromTonya):

 == Testing Results

 The following are the testing results using the steps provided by
 @peterwilsoncc.

 Environment:
 - OS: macOS Big Sur
 - Localhost: wp-env (Docker)
 - Browsers: Chrome, FF, and Safari

 === Query: `?trac48556=trac48556_public`

 not logged in: `A trac48556_public post` ✅

 logged in as:
 - `contributor`: `A trac48556_public post` ✅
 - `author`: `A trac48556_public post` ✅
 - `editor`: `A trac48556_public post` AND `A trac48556_public private
 post`
 - `admin`: `A trac48556_public post` AND `A trac48556_public private post`
 ✅
 - `trac48556_reader`: `A trac48556_public post` ✅
 - `trac48556_author`: `A trac48556_public post` ✅
 - `trac48556_admin`: `A trac48556_public post` ✅

 === Query: `?trac48556=trac48556_private`

 not logged in: `A trac48556_private post` ✅

 logged in as:
 - `contributor`: `A trac48556_private post` ✅
 - `author`: `A trac48556_private post` ✅
 - `editor`: `A trac48556_private post` AND `A trac48556_private private
 post` ✅
 - `admin`: `A trac48556_private post` AND `A trac48556_private private
 post` ✅
 - `trac48556_reader`: `A trac48556_private post` ✅
 - `trac48556_author`: `A trac48556_private post` ✅
 - `trac48556_admin`: `A trac48556_private post` ✅

 === Query: `?trac48556=trac48556_custom_cap`

 not logged in: `A trac48556_custom_cap post` ✅

 logged in as:
 - `contributor`: `A trac48556_custom_cap post` ✅
 - `author`: `A trac48556_custom_cap post` ✅
 - `editor`: `A trac48556_custom_cap post` ✅
 - `admin`: `A trac48556_custom_cap post` ✅
 - `trac48556_reader`: `A trac48556_custom_cap post` ✅
 - `trac48556_author`: `A trac48556_custom_cap post` ✅
 - `trac48556_admin`: `A trac48556_custom_cap post` AND `A
 trac48556_custom_cap private post` ✅

 === Query: `?trac48556=trac48556_c_priv_cap`

 not logged in: `A trac48556_c_priv_cap post` ✅

 logged in as:
 - `contributor`: `A trac48556_c_priv_cap post` ✅
 - `author`: `A trac48556_c_priv_cap post` ✅
 - `editor`: `A trac48556_c_priv_cap post ✅
 - `admin`: `A trac48556_c_priv_cap post` ✅
 - `trac48556_reader`: `A trac48556_c_priv_cap post` ✅
 - `trac48556_author`: `A trac48556_c_priv_cap post` ✅
 - `trac48556_admin`: `A trac48556_c_priv_cap post` AND `A
 trac48556_c_priv_cap private post` ✅

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/48556#comment:49>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list