[wp-hackers] Custom Post Type Capabilities

Brent Shepherd thenbrent at gmail.com
Wed Jun 2 12:58:12 UTC 2010


An update on this issue. I incorrectly said a user can edit the custom posts
of others. They can't, but it *looks* like they can because they are
presented with the edit links.

For example, a subscriber with "edit_movie" and "edit_movies" capabilities
will see edit links for "movies" posted by an admin. If they follow these
edit links, they can modify the movie post, but once they click "Update", WP
crashes.

Were you seeing this behaviour Andrew? I've tested it on three different WP
3.0 RC installs using this mock plugin: http://gist.github.com/420859 with
an admin and a subscriber.

I've followed the edit links from their beginning in _post_rows function
where it checks if a current_user_can( $post_type_object->cap->edit_post,
$post->ID ) right through to the call to map_meta_cap but have to leave it
there for now. Maybe I'm adding capabilities incorrectly - user error? But a
subscriber user without edit_others_*** capability is definitely being
served edit links when using a custom capability_type.




On Mon, May 31, 2010 at 3:12 PM, Andrew Nacin <wp at andrewnacin.com> wrote:

> No problem. Also, I can't seem to reproduce a bug involving post
> capabilities, so it is probably due to use of the different types of
> capabilities.
>
> On Sun, May 30, 2010 at 7:25 PM, Brent Shepherd <thenbrent at gmail.com>
> wrote:
>
> > Thanks for clarifying Andrew. I'll read the inline docs on map_meta_cap.
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list