`lasso_user_can()` returns false in WP 4.2.3 when is an admin user

[bearded-avenger]

We can't just change this without testing. The reason it was edit_posts is because it was failing with edit_post. I'd like to leave as is until we can fully test it.

[bearded-avenger]

edit_post is for single, edit_posts is for blanket across the board. the caps change when we're on a single. edit_post requires a post_id. it just results in php warnings so the logic just needs to be fully vetted (which I thought I already did)

[michaelbeil]

I just sent a different PR (#103) to stay with our git flow is all. User is not able to save posts with Lasso 0.9.6 and WP 4.2.3. I am all for greater testing.

[Shelob9]

I agree. It's a massive change with like 400 implications, needs situational unit tests.

[bearded-avenger]

that is ONE user correct?

[michaelbeil]

Yea, and myself too.

[Shelob9]

I confirmed issue as well.

[bearded-avenger]

that guy has all kinds of cloudflare junk going on. its not a widespread issue. I've never encountered not being able to save a post as admin

[bearded-avenger]

I agree @Shelob9 unit tests for this would help

[michaelbeil]

It is true that he has all kinds of crapola, however, this has been replicable on both our setups. Does this happen for you on the latest WP @bearded-avengeR?

[bearded-avenger]

if users were not able to save a post as admin our support would just be going crazy

[bearded-avenger]

unless something changed with caps in 4.2.3

[bearded-avenger]

sure as shit, something changed in 4.2.3. awesome. LMAO

[bearded-avenger]

so much for a SECURITY release LOLOLOL

[michaelbeil]

Yea, unless many have not updated. Still does not answer my question, heh. And yes, there was a friggin change. This was not that great of an iteration for devs as it was supposed to be security related. https://core.trac.wordpress.org/milestone/4.2.3 and https://codex.wordpress.org/Version_4.2.3 ~~> wp-includes/capabilities.php.

[bearded-avenger]

thanks @michaelbeil

[bearded-avenger]

no wonder devs are going ape shit this is crap

[michaelbeil]

YAH sure you betcha der hey down in the mountains bearder feller.

[bearded-avenger]

LMAO

[michaelbeil]

Seriously. The entire shortcode API got lambasted.

[bearded-avenger]

yeah that's sep I'm more concerned with what's changed with caps that has pretty far reaching effects that a lot of people won't even notice with their plugins for some time. I'm eager to a diff on wp-capabilities now

[michaelbeil]

Yea, it was a wrong way of doing things for sure, re shortcodes. Bummer that it was done and over with in literally 30 hours without informing devs.

You are right on the caps stuff.

[bearded-avenger]

just lost a bit more faith in wordpress

[bearded-avenger]

i'll look more tomorrow but in my 2 min of diffing it seems like if no post object it now passes do_not_allow https://github.com/WordPress/WordPress/commit/fe5a844be57adecb3f7b74bfcd1d8b8f153eedc4

[michaelbeil]

yea, i think that was the response we were getting back from our internal api via json as well

[bearded-avenger]

well thanks for being on top of it guys I appreciate it. I've been out of the loop the past couple of weeks

[michaelbeil]

fyi, that commit is on 4.3-beta3-33357.

[bearded-avenger]

yeah you're right I was just looking back on the history of changes to that file https://github.com/WordPress/WordPress/commits/fe5a844be57adecb3f7b74bfcd1d8b8f153eedc4/wp-includes/capabilities.php

[bearded-avenger]

https://core.trac.wordpress.org/ticket/33154

[michaelbeil]

There she blows.

[bearded-avenger]

this broke role restrictions. a contributor can now edit other users posts. :( I was afraid that this would happen with this change.

[bearded-avenger]

I'm not going to be able to get to this until at least Friday.