[wp-trac] [WordPress Trac] #47443: REST-API prevents users with edit_published_posts capability updating published posts
WordPress Trac
noreply at wordpress.org
Tue Feb 18 01:58:23 UTC 2020
#47443: REST-API prevents users with edit_published_posts capability updating
published posts
-------------------------------------------------+-------------------------
Reporter: derweili | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.4
Component: REST API | Version: 5.2.1
Severity: normal | Resolution:
Keywords: has-patch needs-unit-tests needs- | Focuses: rest-api
refresh |
-------------------------------------------------+-------------------------
Comment (by peterwilsoncc):
I've been turning this over in my head.
Am I correct in thinking the
`WP_REST_Posts_Controller::handle_status_param()` function is used for
both creating and updating post objects?
If that's the case, I think that's the underlying problem. For updates the
post ID needs to be included when determining the permitted statuses so
the correct meta capabilities are calculated for the individual post.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47443#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list