Yoast 14.9 “You need a higher level of permission”

[nickfmc]

• [x] I've read and understood the contribution guidelines.
• [x] I've searched for any related issues and avoided creating a duplicate issue.

Please give us a description of what happened.

going from version 14.8.1 to 14.9 causes my post types to not be editable. do to custom post type registration having ‘capability_type’ => ‘customname’ , in the registration array.

How can we reproduce this behavior?

1. register a custom post type and add the argument https://developer.wordpress.org/reference/functions/register_post_type/#capability_type ‘capability_type’ => ‘customname’ in your declaration
2. try to go to the CPT menu in your admin.

Used versions

• WordPress version: 5.5.1
• Yoast SEO version: 14.9 has issue 14.8.1 is ok
• Tested with theme: custom build

[Djennez]

I'm not exactly following how this is an issue with Yoast, can you please clarify?

[nickfmc]

because If I have a Custom Capability_type in a CPT registration, then I enable Yoast version 14.9 It then messes up my permissions and does not allow me to edit/create/view that CPT in the backend. with no Yoast it's fine, with Yoast 14.8.1 it's fine. However with Yoast 14.9 as soon as I enable it then my CPT's with custom Capability types stop functioning.

[Djennez]

Ok, please provide the details / code you use to register your posttype and / or provide information that points to where the Yoast plugin is causing the problems for you. At this stage this bugreport is not very actionable.

[nickfmc]

you just need to register a CPT... add this to your functions...

`add_action('init', 'trapeze_location_post_type', 10); / Register vacancy post type /

function vacancy_post_type() {

    $labels = array(
        'name'               => _x('Availability', 'Post Type General Name', 'custom'),
        'singular_name'      => _x('Vacancy', 'Post Type Singular Name', 'custom'),
        'menu_name'          => __('Availability', 'custom'),
        'name_admin_bar'     => __('Availability', 'custom'),
        'all_items'          => __('All Availability', 'custom'),
        'add_new_item'       => __('Add New Availability', 'custom'),
        'add_new'            => __('Add New Availability', 'custom'),
        'new_item'           => __('New Availability', 'custom'),
        'edit_item'          => __('Edit Availability', 'custom'),
        'update_item'        => __('Update Availability', 'custom'),
        'view_item'          => __('View Availability', 'custom'),
        'view_items'         => __('View Availability', 'custom'),
        'search_items'       => __('Search Availability', 'custom'),
        'not_found'          => __('Not found', 'custom'),
        'not_found_in_trash' => __('Not found in Trash', 'custom'),
    );
    $args   = array(
        'label'               => __('Availability', 'custom'),
        'description'         => __('Availability', 'custom'),
        'labels'              => $labels,
        'supports'            => array('title'),
        'hierarchical'        => false,
        'public'              => true,
        'show_ui'             => true,
        'show_in_menu'        => true,
        'menu_position'       => 5,
        'show_in_admin_bar'   => true,
        'show_in_nav_menus'   => false,
        'can_export'          => true,
        'has_archive'         => false,
        'exclude_from_search' => true,
        'publicly_queryable'  => true,
        'capability_type'     => 'vacancy',
        'map_meta_cap'        => true
    );

    register_post_type('vacancy', $args);

}`

`

The important part is the 'capability_type' => 'vacancy' that's what causes the conflict. then edit add a post.... then activate yoast 14.9 and see if you can still edit/add posts for that CPT.

[Djennez]

Using that code, if I comment-out the 'capability_type' => 'vacancy', I can successfully edit the posts, if I enable that line, I can't. This is regardless of our plugin version, or even being installed. This is because my user role (admin) is not assigned those capabilities. If I grant myself those capabilities, I can successfully edit posts in that posttype, again regardless of Yoast version (or installed or not).

I suspect something with your capabilities system is going wrong, but I don't think it has to do with our plugin. I am closing this for now, but feel free to provide the necessary information that would show us where any compatibility issues with our plugin may lie.

[jcharaoui]

Hi @Djennez, we're encountering a very very similar problem with our site.

Trying to upgrade from 14.8.1 to any version causes capabilities to custom pages to malfunction.

I traced this to Yoast SEO notifications calling the Wordpress function $user->get_role_caps which in turn rebuilds the user object capabilities. I suspect this rebuilding of WP_User->allcaps is the source of some kind of race condition which prevents custom capabilities from working correctly.

[nickfmc]

thanks @jcharaoui for doing the heavy lifting on this.