[wp-trac] [WordPress Trac] #52023: Use publish_post meta cap in core instead of publish_posts

WordPress Trac noreply at wordpress.org
Thu Dec 10 23:58:04 UTC 2020 

#52023: Use publish_post meta cap in core instead of publish_posts
-------------------------+-----------------------------
 Reporter:  manfcarlo    |      Owner:  (none)
     Type:  enhancement  |     Status:  new
 Priority:  normal       |  Milestone:  Awaiting Review
Component:  Users        |    Version:
 Severity:  normal       |   Keywords:
  Focuses:               |
-------------------------+-----------------------------
 The basic idea of the Contributor role is that people can create and edit
 drafts, but not publish them. When a user is a Contributor, in place of
 the Publish button, there is the alternate facility to save the post as
 Pending and wait until an Editor or Administrator publishes it.

 Obviously, the idea of this is to require any posts to be manually
 reviewed before they can be published.

 However, in some cases, site owners may want to automate this review
 process. In other words, let Contributors publish their own posts if those
 posts meet certain criteria.

 For example, if the only check that the site owner deems necessary is that
 the post is no more than 1,000 words, there should be no need to manually
 review every post. The system should be configurable such that the publish
 facility is available to Contributors as long as the post is 1,000 words
 or less, but is not available if the post exceeds 1,000 words.

 #21288 created a `publish_post` meta capability. Although it simply maps
 to `publish_posts` by default, plugins could potentially filter
 `map_meta_cap` and bypass `publish_posts` if certain criteria are met
 (such as, for example, the post word count.)

 The problem is that core barely ever checks the `publish_post` meta
 capability. I could only find literally one case of it in all of core. In
 all other cases, core directly accesses the `publish_posts` property on
 the post type object, making it impossible for plugins to create an
 automated review process.

 This could be very easily fixed by simply changing these checks from the
 general post type capability to the meta capability.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/52023>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list