Closed alpha1 closed 3 years ago
Hi @alpha1 -- thanks for this. I recently encountered a similar though not identical bug. Can you post the code you use to filter the two capabilities in question?
Noting that this might be a subset of some more general issues that occur when coauthors_guest_author_manage_cap
is filtered.
Hi @alpha1 we are looking at this issue as part of the 3.2 release, are you able to confirm this is still an issue and the steps to reproduce?
Just chatting to @mattoperry and it might be that the issue got fixed as part of something else so wanted to make sure :)
Closing this issue as it can no longer be reproduced when adding the following snippet to the site:
add_filter( 'coauthors_guest_author_manage_cap', 'allow_editors_to_create_guest_coauthors' );
function allow_editors_to_create_guest_coauthors() {
return 'list_users';
}
I'm using
coauthors_guest_author_manage_cap
to change the capability tolist_guest_authors
My test user does not have
edit_users
,create_users
, orlist_users
. I have moved the guest authors page underneath profile using 'coauthors_guest_author_parent_page' for any user who lackslist_users
What happens then, when i visit the guest authors page, is I see the "Add New" (I believe that's from here), my limited user can see the create new user screen, and when I fill it out and hit save it sends me to admin/edit.php - with no notice, warning, or anything - but creating of this user, which I should not have permission to create, has succeeded.