search

WordPress / gutenberg

The Block Editor project for WordPress and beyond. Plugin is available from the official repository.
https://wordpress.org/gutenberg/
Other
10.58k stars 4.23k forks source link

Gutenberg does not respect `manage_categories` capability for disabling tag creation #50194

Open rafaucau opened 1 year ago

rafaucau commented 1 year ago

Description

I am experiencing an issue related to user roles and permissions in the Gutenberg editor. I would like to prevent editors from creating new tags while still allowing them to use the existing tags created by the administrator.

I tried removing the manage_categories capability from the editor role, and while this does hide the categories and tags options from the Posts submenu, it does not fully prevent editors from creating new tags within the Gutenberg editor. Editors can still create new tags by typing in the tags input field in the post editor.

Step-by-step reproduction instructions

  1. Remove the manage_categories capability from a user (e.g., an editor). You can use a plugin like User Role Editor to do this.
  2. Log in to the account of the user with the modified permissions.
Before After
image image
  1. Navigate to the post editor and create a new tag by typing it in the tags input field.
  2. The new tag is created in the database, despite the user lacking the required permissions.

Screenshots, screen recording, code snippet

No response

Environment info

Please confirm that you have searched existing issues in the repo.

Yes

Please confirm that you have tested with all plugins deactivated except Gutenberg.

Yes

nekohayo commented 1 year ago

Just wanted to voice my support for this, and provide some user stories / context.

I have faced the exact same problem for years, whether when dealing with my own invited authors, or when helping other organizations clean up the ontology of their blog.

Tags are waaaaay too easy to create without enforcing structure, and it inevitably rapidly becomes a mess of epic proportions. There should be a manage_tags permission, or indeed have the Gutenberg GUI piggyback this onto the manage_categories permission (at least as a stopgap measure).

No matter how many times I tell my people to not create new tags / avoid duplicates / avoid typos, they keep doing that... and I'm stuck cleaning up the mess afterwards.

t-hamano commented 9 months ago

To be precise, this problem is not specific to Gutenberg. Even if you remove manage_categories, adding tags should still be allowed in the dashboard and classic editor.

dashboard tag