Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UI: Add capability check to Add New button #1003

Merged
merged 1 commit into from
Sep 19, 2023
Merged

UI: Add capability check to Add New button #1003

merged 1 commit into from
Sep 19, 2023

Conversation

GaryJones
Copy link
Contributor

Description

  • Take a role like Subscriber which only has read capability.
  • Adding list_users to an account with a Subscriber role allows the Users admin menu to appear, and the Guest Authors list page to be accessed.
  • However, clicking on the Add New button won't work, as they haven't got permission to edit this post type.
  • Allowing edit_posts capability allows the Add New screen to be accessed; currently the list_authors capability is used on the handling of the guest author creation.

Fixes #1001.

Before

Button visible, but clicking through leads to a cap check failure.

Screenshot 2023-09-19 at 16 45 35 Screenshot 2023-09-19 at 16 53 53

After

Button not visible. Trying to accessing the page directly through URL manipulation will still give the cap check failure.

Screenshot 2023-09-19 at 16 46 03

@GaryJones
UI: Add capability check to Add New button
054d2f6 
Background:

- Take a role like Subscriber which only has `read` capability.
- Adding `list_users` to an account with a Subscriber role allows the Users admin menu to appear, and the Guest Authors list page to be accessed.
- However, clicking on the Add New button won't work, as they haven't got permission to edit this post type.
- Allowing `edit_posts` capability allows the Add New screen to be accessed; currently the `list_authors` capability is used on the handling of the guest author creation.
@GaryJones GaryJones added this to the 3.5.16 milestone Sep 19, 2023
@GaryJones GaryJones self-assigned this Sep 19, 2023
@GaryJones GaryJones merged commit d5cdc83 into develop Sep 19, 2023
15 checks passed
@GaryJones GaryJones deleted the fix/guest-authors-add-new-button branch September 19, 2023 15:58
@alecgeatches alecgeatches mentioned this pull request Apr 12, 2024
Merged
@alecgeatches alecgeatches modified the milestones: 3.5.16, 3.6 Apr 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@GaryJones GaryJones

Labels
Type: bug
Projects
None yet
Milestone
3.6
Development

Successfully merging this pull request may close these issues.

Issue with Add New button for guest authors being visible to read-only users
2 participants
@GaryJones @alecgeatches