From 054d2f6e2b943d313f212d34b833e92c240ffafa Mon Sep 17 00:00:00 2001 From: Gary Jones Date: Tue, 19 Sep 2023 16:51:38 +0100 Subject: [PATCH] UI: Add capability check to Add New button Background: - Take a role like Subscriber which only has `read` capability. - Adding `list_users` to an account with a Subscriber role allows the Users admin menu to appear, and the Guest Authors list page to be accessed. - However, clicking on the Add New button won't work, as they haven't got permission to edit this post type. - Allowing `edit_posts` capability allows the Add New screen to be accessed; currently the `list_authors` capability is used on the handling of the guest author creation. --- php/class-coauthors-guest-authors.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/php/class-coauthors-guest-authors.php b/php/class-coauthors-guest-authors.php index 760f7f5d..5ba9047b 100644 --- a/php/class-coauthors-guest-authors.php +++ b/php/class-coauthors-guest-authors.php @@ -12,6 +12,7 @@ class CoAuthors_Guest_Authors { public $post_type = 'guest-author'; public $parent_page = 'users.php'; public $list_guest_authors_cap = 'list_users'; + public $add_guest_author_cap = 'edit_posts'; public static $cache_group = 'coauthors-plus-guest-authors'; @@ -546,11 +547,15 @@ public function view_guest_authors_list() { echo ''; echo ''; } else { - // @todo caps check for creating a new user ?>

- post_type}" ) ); ?>" class="page-title-action"> + add_guest_author_cap ) ) { + $add_new_url = admin_url( "post-new.php?post_type={$this->post_type}" ); + ?>