Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Permission issues #41

Closed
mboynes opened this issue Sep 30, 2013 · 1 comment
Closed

Permission issues #41

mboynes opened this issue Sep 30, 2013 · 1 comment
Labels
bug Something isn't working
Milestone

Comments

@mboynes
Copy link
Contributor

mboynes commented Sep 30, 2013

Came across two permission issues today:

  1. If you have a Fieldmanager_Datasource field which refers to an object that has since been deleted, the post will not save, indicating that the user cannot edit the object.

  2. if ( ! current_user_can( 'edit_post', ... appears in a couple of places. It's possible for that to not be the capability to edit a post, if a post type has custom capabilities set. This should be loaded dynamically (see below for demo code), and a code audit should be done to ensure that all could-be-modified capabilities are loaded dynamically.

    $post_type_object = get_post_type_object( $post_type );
    if ( ! current_user_can( $post_type_object->cap->edit_post, ...

    Edit: turns out core does this mapping automatically.

@mboynes mboynes self-assigned this Sep 1, 2014
@mboynes mboynes modified the milestone: 1.0 Beta Dec 20, 2014
@mboynes mboynes removed their assignment Dec 23, 2014
@mboynes mboynes modified the milestones: 1.0.0 Beta 3, 1.0.0 RC 1 Dec 31, 2015
@mboynes
Copy link
Contributor Author

mboynes commented Feb 19, 2016

This is no longer a problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

1 participant