Open carlomanf opened 1 year ago
It looks like the unmerged patch for the core ticket, WordPress/wordpress-develop#3024, opened up the "Add New" page again, but it didn't open up the other admin pages that were being denied.
I also noticed that there is actually a third group of admin pages that are being denied, which is all of the "Edit Steps" pages. Again, adding edit_posts
opens these up, despite the post types not using the edit_posts
capability at all. The patch for the core ticket didn't open them up either.
Both the "Add New" and "Edit Steps" pages are demanding edit_posts
in v1.3.2 as well, so it looks like this is a long-time issue and not caused by recent commits.
- The listing page for a funnel type, in the event that it's the only funnel type the user can edit and they don't have the capability to create new funnel types
Upon closer inspection, it looks like this is indeed the subject of core ticket #22895.
- The "Add New" page for any funnel type
This one is also already reported in core ticket #16808.
I also noticed that there is actually a third group of admin pages that are being denied, which is all of the "Edit Steps" pages. Again, adding
edit_posts
opens these up, despite the post types not using theedit_posts
capability at all.
I couldn't find a core ticket for this one.
Yet again the capabilities are causing trouble. While adding a workaround solution for core ticket #52043, I noticed that the
edit_posts
capability is being demanded for some admin pages that shouldn't require it:I am yet to locate the
edit_posts
capability check that is guarding these pages, but I could verify that addingedit_posts
to the user opened the admin pages up again.The following questions will be useful to answer:
This looks similar to core ticket #22895, but may not be exactly the same because these post types use the same capability for
edit_posts
andcreate_posts
. In any case, it would also be worth trying out the workaround described in the ticket description and/or the workaround linked in this comment to see if they solve this. The workaround described in this comment is what was implemented in 9880c88 and it seemed to work well enough.